Instead, allow userspace to decide on the coredump directory path. By
default, SystemServer sets it to the /tmp/coredump directory, but users
can now change this by writing a new path to the sysfs node at
/sys/kernel/variables/coredump_directory, and also to read this node to
check where coredumps are currently generated at.
Otherwise, we end up propagating those dependencies into targets that
link against that library, which creates unnecessary link-time
dependencies.
Also included are changes to readd now missing dependencies to tools
that actually need them.
In theory our peer process could die between the call to getsockopt()
and Core::system::stat() and another process could end up with the same
PID which would result in us incorrectly launching the service as
another user (e.g. root).
For SystemServer, we simply ensure that the /dev mount is now mounted
with MS_NOREGULAR flag to ensure only non-regular files are created,
thus, achieving what DevTmpFS provided in its implementation, but in a
much more sane and clean way than how DevTmpFS did that.
For other userland applications, we simply make them being aware of this
flag so they can show an indication about this flag being used to the
user.
In case of failure when trying to read the system_mode global node, just
use as a default the text mode, so we have bootable system with degraded
functionality.
This commit does three things atomically:
- switch over Core::Account+SystemServer+LoginServer to sid based socket
names.
- change socket names with %uid to %sid.
- add/update necessary pledges and unveils.
Userland: Switch over servers to sid based sockets
Userland: Properly pledge and unveil for sid based sockets
Because HID devices are not always present in quantities of one per type
it is more elegant and correct to put the representative device nodes in
subdirectories for each HID device type.
This patch allows to insert "%uid" in `IPC_CLIENT_CONNECTION`
declaration and in SystemServer's ini files. This pattern is replaced
then replaced by the UID of the owner of the service. It opens a path
for seamlessly managed, per-user portal.
Various changes are needed to support this:
- The directory is created by Core::Account on login (and located in
/tmp).
- Service's sockets are now deleted on exit (to allow re-creation)
- SystemServer needs to handle SIGTERM to correctly destroy services.
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).
No functional changes.
SystemServer now invokes services with the same uid as the process that
made the request.
This allows the superuser to have a normal GUI workflow. For example,
read and write its own files in TextEditor.
New propagated errors comes from an endgrent call, and all chown+chmod
calls all over the file. For the two last functions, custom C++ wrappers
were used.
Those wrappers were discarding `ENOENT` errors and naively crashing on
other errors, this change introduced in 76e12a48 was used to prevent a
crash if a mouse wasn't detected. There are no reasons to discard and to
not propagate other errors.
Previously, the device wasn't being created.
The new numbers correspond to those in the FullDevice (which is also
a Linux's full device number).
Also, I've tweaked the permissions to give everyone read-write access
to it.
As the framebuffer devices are gone by now, searching for them makes no
sense, so instead, let's remove this check now. If the user requested to
boot into text mode, he probably knows what he is doing and we should
not try to warn him about this.
SystemServer had safety fallbacks to boot into text mode if the user
errorneously specified graphical mode but no video hardware was present.
As it's now possible to do exactly this intentionally, we should allow
it. This would of course make WindowServer fall over and die if
configured improperly, but if you're messing with the kernel command
line in strange ways, you should be able to fix that.
I've attempted to handle the errors gracefully where it was clear how to
do so, and simple, but a lot of this was just adding
`release_value_but_fixme_should_propagate_errors()` in places.
We first create the /dev/devctl based on the information from the SysFS.
Then, we create block devices and character devices based on the events
we read from that device.
Add them in `<Kernel/API/Device.h>` and use these to provides
`{makedev,major,minor}` in `<sys/sysmacros.h>`. It aims to be more in
line with other Unix implementations and avoid code duplication in user
land.
This file refers to the controlling terminal associated with the current
process. It's specified by POSIX, and is used by ports like openssh to
interface with the terminal even if the standard input/output is
redirected to somewhere else.
Our implementation leverages ProcFS's existing facilities to create
process-specific symbolic links. In our setup, `/dev/tty` is a symbolic
link to `/proc/self/tty`, which itself is a symlink to the appropriate
`/dev/pts` entry. If no TTY is attached, `/dev/tty` is left dangling.
Previously, Virtio console ports would not show up in `/sys/dev/char/`.
Also adds support to `SystemServer` to create more than one console
port device in `/dev/` in the multiport case.
'bootmode' now only controls which set of services are started by
SystemServer, so it is more appropriate to rename it to system_mode, and
no longer validate it in the Kernel.
