Various changes are needed to support this:
- The directory is created by Core::Account on login (and located in
/tmp).
- Service's sockets are now deleted on exit (to allow re-creation)
- SystemServer needs to handle SIGTERM to correctly destroy services.
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).
No functional changes.
SystemServer now invokes services with the same uid as the process that
made the request.
This allows the superuser to have a normal GUI workflow. For example,
read and write its own files in TextEditor.
New propagated errors comes from an endgrent call, and all chown+chmod
calls all over the file. For the two last functions, custom C++ wrappers
were used.
Those wrappers were discarding `ENOENT` errors and naively crashing on
other errors, this change introduced in 76e12a48 was used to prevent a
crash if a mouse wasn't detected. There are no reasons to discard and to
not propagate other errors.
Previously, the device wasn't being created.
The new numbers correspond to those in the FullDevice (which is also
a Linux's full device number).
Also, I've tweaked the permissions to give everyone read-write access
to it.
As the framebuffer devices are gone by now, searching for them makes no
sense, so instead, let's remove this check now. If the user requested to
boot into text mode, he probably knows what he is doing and we should
not try to warn him about this.
SystemServer had safety fallbacks to boot into text mode if the user
errorneously specified graphical mode but no video hardware was present.
As it's now possible to do exactly this intentionally, we should allow
it. This would of course make WindowServer fall over and die if
configured improperly, but if you're messing with the kernel command
line in strange ways, you should be able to fix that.
I've attempted to handle the errors gracefully where it was clear how to
do so, and simple, but a lot of this was just adding
`release_value_but_fixme_should_propagate_errors()` in places.
We first create the /dev/devctl based on the information from the SysFS.
Then, we create block devices and character devices based on the events
we read from that device.
Add them in `<Kernel/API/Device.h>` and use these to provides
`{makedev,major,minor}` in `<sys/sysmacros.h>`. It aims to be more in
line with other Unix implementations and avoid code duplication in user
land.
This file refers to the controlling terminal associated with the current
process. It's specified by POSIX, and is used by ports like openssh to
interface with the terminal even if the standard input/output is
redirected to somewhere else.
Our implementation leverages ProcFS's existing facilities to create
process-specific symbolic links. In our setup, `/dev/tty` is a symbolic
link to `/proc/self/tty`, which itself is a symlink to the appropriate
`/dev/pts` entry. If no TTY is attached, `/dev/tty` is left dangling.
Previously, Virtio console ports would not show up in `/sys/dev/char/`.
Also adds support to `SystemServer` to create more than one console
port device in `/dev/` in the multiport case.
'bootmode' now only controls which set of services are started by
SystemServer, so it is more appropriate to rename it to system_mode, and
no longer validate it in the Kernel.
We are no longer have a separate Inode object class for the pts
directory. With a small exception to this, all chmod and chown code
is now at one place.
It's now possible to create any name of a sub-directory in the
filesystem.
While traversing in both /sys/dev/char and /sys/dev/block, SystemServer
populates the DevFS (mounted normally in /dev) with the corresponding
device nodes.
This is a very crude implementation of populating DevFS device nodes,
before we have a full-fledged udev-like daemon to take care of this
task. Also, we don't populate DiskPartition device nodes yet, because
that requires more sophisticated mechanism to figure out which
DiskPartition is related to which StorageDevice.
Don't create these device nodes in the Kernel, so we essentially enforce
userspace (SystemServer) to take control of this operation and to decide
how to create these device nodes.
This makes the DevFS to resemble linux devtmpfs, and allows us to remove
a bunch of unneeded overriding implementations of device name creation
in the Kernel.
Instead of neatly searching for all framebuffer device nodes and
changing ownership of them, let's generalize this function so we can
apply the same pattern on tty nodes.
WindowServer was not able to utilize any other framebuffer device in the
/dev directory due to wrong group ownership of other framebuffer
devices. Therefore we need to ensure that when SystemServer starts,
it checks all directory entries in /dev, searching for framebuffer
devices, and then apply the correct ownership for them.
I use the `configure-components` functionality locally during
development. There are a few services (SpiceAgent) which aren't marked
as required components, and hence aren't built in all configurations,
but we still try to launch them in all configurations.
Instead of letting the forked SystemServer process crash, lets
gracefully handle the situation of a missing binary and provide a
message to the user.
As we removed the support of VBE modesetting that was done by GRUB early
on boot, we need to determine if we can modeset the resolution with our
drivers, and if not, we should enable text mode and ensure that
SystemServer knows about it too.
Also, SystemServer should first check if there's a framebuffer device
node, which is an indication that text mode was not even if it was
requested. Then, if it doesn't find it, it should check what boot_mode
argument the user specified (in case it's self-test). This way if we
try to use bochs-display device (which is not VGA compatible) and
request a text mode, it will not honor the request and will continue
with graphical mode.
Also try to print critical messages with mininum memory allocations
possible.
In LibVT, We make the implementation flexible for kernel-specific
methods that are implemented in ConsoleImpl class.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
SystemServer only allowed a single socket to be created for a service
before this. Now, SystemServer will allow any amount of sockets. The
sockets can be defined like so:
[SomeService]
Socket=/tmp/portal/socket1,/tmp/portal/socket2,/tmp/portal/socket3
SocketPermissions=660,600
The last item in SocketPermissions is applied to the remainder of the
sockets in the Socket= line, so multiple sockets can have the same
permissions without having to repeat them.
Defining multiple sockets is not allowed for socket-activated services
at the moment, and wouldn't make much sense anyway.
This patch also makes socket takeovers more robust by removing the
assumption that the socket will always be passed in fd 3. Now, the
SOCKET_TAKEOVER environment variable carries information about which
endpoint corresponds to which socket, like so:
SOCKET_TAKEOVER=/tmp/portal/socket1:3 /tmp/portal/socket2:4
and LocalServer/LocalService will parse this automatically and select
the correct one. The old behavior of getting the default socket is
preserved so long as the service only requests a single socket in
SystemServer.ini.
According to the Single UNIX Specification, Version 2 that's where
those macros should be defined. This fixes the libiconv port.
This also fixes some (but not all) build errors for the diffutils and nano ports.
Most coredumps contain large amounts of consecutive null bytes and as
such are a prime candidate for compression.
This commit makes CrashDaemon compress files once the kernel finishes
emitting them, as well as adds the functionality needed in LibCoreDump
to then parse them.
This is basically just for consistency, it's quite strange to see
multiple AK container types next to each other, some with and some
without the namespace prefix - we're 'using AK::Foo;' a lot and should
leverage that. :^)
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)
Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.
We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
This API was a mostly gratuitous deviation from POSIX that gave up some
portability in exchange for avoiding the occasional strlen().
I don't think that was actually achieving anything valuable, so let's
just chill out and have the same open() API as everyone else. :^)
