The clipboard service hasn't been ported to user-based portals with
others services as it is needed at `GUI::Application` creation and thus
before the first login, as the `LoginServer` needs one.
This problem as been solved thanks to session-based portals, a clipboard
portal is now created at boot for the "login" session and another for
each "user" session.
With a user-based portal, the "login" portal would have needed to be
created for the `root` user, exposing us to security issues. It now, can
be owned by the `window` user.
This commit does three things atomically:
- switch over Core::Account+SystemServer+LoginServer to sid based socket
names.
- change socket names with %uid to %sid.
- add/update necessary pledges and unveils.
Userland: Switch over servers to sid based sockets
Userland: Properly pledge and unveil for sid based sockets
We have a high random failure rate on Shell tests, even with two of them
already manually disabled for being flaky. For now, let's skip them in
automated/CI testing so that "real" failures are more obvious.
Two of the tests have early-exits to disable them, which I wanted to
remove, but that makes `Meta/lint-shell-scripts.sh` very cross, so I'll
leave them.
This patch allows to insert "%uid" in `IPC_CLIENT_CONNECTION`
declaration and in SystemServer's ini files. This pattern is replaced
then replaced by the UID of the owner of the service. It opens a path
for seamlessly managed, per-user portal.
The `/tmp/user` directory is owned by root, this solution prevents
malicious users to interfere with other users' portals.
This commit also moves `launch`'s portal in the user directory.
Various changes are needed to support this:
- The directory is created by Core::Account on login (and located in
/tmp).
- Service's sockets are now deleted on exit (to allow re-creation)
- SystemServer needs to handle SIGTERM to correctly destroy services.
This also starts making use of the fact we match on any part of the URL
to block on-site trackers such as the ones provided by Ezoic:
```
/greenoaks.gif?
/imp.gif?
/cmbdv2.js
/ezcl.webp?
```
This also promotes some subdomains to the eTLD+1 as I saw other
subdomains being used for these.
This resource graph applet shows incoming network traffic graphically,
and the tooltip shows both TX and RX. The data of all adapters is
combined. The scale of the applet auto-adapts to the shown traffic load.
Co-authored-by: bgianfo <bgianf@serenityos.org>
Having files in Base's user `.config` folder means that every time the
Serenity image is built, all user settings in that file are thrown away.
So, let's not do that! :^)
Modified the default value for the homepage url to match what was in
Browser.ini, so there is no visible change.
