diff --git a/Base/home/anon/.config/SystemServer.ini b/Base/home/anon/.config/SystemServer.ini index 6099e3d501..874d08342e 100644 --- a/Base/home/anon/.config/SystemServer.ini +++ b/Base/home/anon/.config/SystemServer.ini @@ -1,9 +1,9 @@ [ConfigServer] -Socket=/tmp/user/%uid/portal/config +Socket=/tmp/session/%sid/portal/config SocketPermissions=600 [RequestServer] -Socket=/tmp/user/%uid/portal/request +Socket=/tmp/session/%sid/portal/request SocketPermissions=600 Lazy=true Priority=low @@ -12,7 +12,7 @@ MultiInstance=true AcceptSocketConnections=true [WebContent] -Socket=/tmp/user/%uid/portal/webcontent +Socket=/tmp/session/%sid/portal/webcontent SocketPermissions=600 Lazy=true SystemModes=graphical @@ -20,7 +20,7 @@ MultiInstance=true AcceptSocketConnections=true [WebSocket] -Socket=/tmp/user/%uid/portal/websocket +Socket=/tmp/session/%sid/portal/websocket SocketPermissions=600 Lazy=true Priority=low @@ -29,7 +29,7 @@ MultiInstance=true AcceptSocketConnections=true [FileSystemAccessServer] -Socket=/tmp/user/%uid/portal/filesystemaccess +Socket=/tmp/session/%sid/portal/filesystemaccess SocketPermissions=660 Lazy=true Priority=low @@ -38,7 +38,7 @@ MultiInstance=true AcceptSocketConnections=true [ImageDecoder] -Socket=/tmp/user/%uid/portal/image +Socket=/tmp/session/%sid/portal/image SocketPermissions=600 Lazy=true SystemModes=graphical @@ -46,46 +46,46 @@ MultiInstance=true AcceptSocketConnections=true [NotificationServer] -Socket=/tmp/user/%uid/portal/notify +Socket=/tmp/session/%sid/portal/notify SocketPermissions=600 Lazy=true Priority=low KeepAlive=true [InspectorServer] -Socket=/tmp/user/%uid/portal/inspector,/tmp/user/%uid/portal/inspectables +Socket=/tmp/session/%sid/portal/inspector,/tmp/session/%sid/portal/inspectables SocketPermissions=600,666 KeepAlive=true [AudioServer] -Socket=/tmp/user/%uid/portal/audio +Socket=/tmp/session/%sid/portal/audio Priority=high KeepAlive=true SystemModes=text,graphical [CppLanguageServer] -Socket=/tmp/user/%uid/portal/language/cpp +Socket=/tmp/session/%sid/portal/language/cpp SocketPermissions=600 Lazy=true MultiInstance=true AcceptSocketConnections=true [ShellLanguageServer] -Socket=/tmp/user/%uid/portal/language/shell +Socket=/tmp/session/%sid/portal/language/shell SocketPermissions=600 Lazy=true MultiInstance=true AcceptSocketConnections=true [SQLServer] -Socket=/tmp/user/%uid/portal/sql +Socket=/tmp/session/%sid/portal/sql SocketPermissions=600 Priority=low Lazy=true KeepAlive=true [LaunchServer] -Socket=/tmp/user/%uid/portal/launch +Socket=/tmp/session/%sid/portal/launch SocketPermissions=600 Lazy=true SystemModes=text,graphical @@ -126,4 +126,3 @@ KeepAlive=true [Terminal] WorkingDirectory=/home/anon - diff --git a/Userland/Applets/Audio/main.cpp b/Userland/Applets/Audio/main.cpp index 10a7b674f1..d5b0b41478 100644 --- a/Userland/Applets/Audio/main.cpp +++ b/Userland/Applets/Audio/main.cpp @@ -237,12 +237,13 @@ private: ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio recvfd sendfd rpath wpath cpath unix thread")); + TRY(Core::System::pledge("stdio recvfd sendfd rpath wpath cpath unix thread proc")); auto app = TRY(GUI::Application::try_create(arguments)); Config::pledge_domain("AudioApplet"); - TRY(Core::System::unveil("/tmp/user/%uid/portal/audio", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/audio", "rw")); TRY(Core::System::unveil("/res", "r")); + TRY(Core::System::unveil("/proc/all", "r")); TRY(Core::System::unveil(nullptr, nullptr)); auto window = TRY(GUI::Window::try_create()); diff --git a/Userland/Applets/ClipboardHistory/main.cpp b/Userland/Applets/ClipboardHistory/main.cpp index 0902ccb8c2..913f203eca 100644 --- a/Userland/Applets/ClipboardHistory/main.cpp +++ b/Userland/Applets/ClipboardHistory/main.cpp @@ -17,7 +17,7 @@ ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio recvfd sendfd rpath unix")); + TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc")); auto app = TRY(GUI::Application::try_create(arguments)); Config::pledge_domain("ClipboardHistory"); diff --git a/Userland/Applets/Network/main.cpp b/Userland/Applets/Network/main.cpp index f26d2af880..fc2b0f9465 100644 --- a/Userland/Applets/Network/main.cpp +++ b/Userland/Applets/Network/main.cpp @@ -166,8 +166,8 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc exec")); auto app = TRY(GUI::Application::try_create(arguments)); + TRY(Core::System::unveil("/tmp/session/%sid/portal/notify", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/notify", "rw")); TRY(Core::System::unveil("/proc/net/adapters", "r")); TRY(Core::System::unveil("/bin/SystemMonitor", "x")); TRY(Core::System::unveil(nullptr, nullptr)); diff --git a/Userland/Applications/3DFileViewer/main.cpp b/Userland/Applications/3DFileViewer/main.cpp index 0185927ea5..1b77bd6107 100644 --- a/Userland/Applications/3DFileViewer/main.cpp +++ b/Userland/Applications/3DFileViewer/main.cpp @@ -358,9 +358,9 @@ ErrorOr serenity_main(Main::Arguments arguments) { auto app = TRY(GUI::Application::try_create(arguments)); - TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix prot_exec")); + TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix prot_exec proc")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/home/anon/Documents/3D Models", "r")); TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/usr/lib", "r")); diff --git a/Userland/Applications/Browser/main.cpp b/Userland/Applications/Browser/main.cpp index 611e8bd9f0..5168b37785 100644 --- a/Userland/Applications/Browser/main.cpp +++ b/Userland/Applications/Browser/main.cpp @@ -80,14 +80,16 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_scheme(Core::StandardPaths::downloads_directory()))); TRY(Desktop::Launcher::seal_allowlist()); + TRY(Core::System::unveil("/proc/all", "r")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/request", "rw")); TRY(Core::System::unveil("/home", "rwc")); TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/etc/passwd", "r")); TRY(Core::System::unveil("/etc/timezone", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/request", "rw")); TRY(Core::System::unveil("/bin/BrowserSettings", "x")); TRY(Core::System::unveil(nullptr, nullptr)); diff --git a/Userland/Applications/Help/main.cpp b/Userland/Applications/Help/main.cpp index fbf4f83c54..20ca37a36c 100644 --- a/Userland/Applications/Help/main.cpp +++ b/Userland/Applications/Help/main.cpp @@ -28,14 +28,15 @@ static String parse_input(StringView input) ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio recvfd sendfd rpath unix")); + TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc")); auto app = TRY(GUI::Application::try_create(arguments)); + TRY(Core::System::unveil("/proc/all", "r")); TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/usr/share/man", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); String start_page; diff --git a/Userland/Applications/HexEditor/main.cpp b/Userland/Applications/HexEditor/main.cpp index 5dbf1e1c89..a1b71b02a9 100644 --- a/Userland/Applications/HexEditor/main.cpp +++ b/Userland/Applications/HexEditor/main.cpp @@ -20,7 +20,7 @@ ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread")); + TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread proc")); auto app = TRY(GUI::Application::try_create(arguments)); @@ -43,8 +43,8 @@ ErrorOr serenity_main(Main::Arguments arguments) return GUI::Window::CloseRequestDecision::StayOpen; }; + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); hex_editor_widget->initialize_menubar(*window); diff --git a/Userland/Applications/Magnifier/main.cpp b/Userland/Applications/Magnifier/main.cpp index eae5a156a0..bc0b67dd85 100644 --- a/Userland/Applications/Magnifier/main.cpp +++ b/Userland/Applications/Magnifier/main.cpp @@ -37,11 +37,11 @@ static ErrorOr dump_bitmap(RefPtr bitmap, AK::StringVie ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio cpath rpath recvfd sendfd unix")); + TRY(Core::System::pledge("stdio cpath rpath recvfd sendfd unix proc")); auto app = TRY(GUI::Application::try_create(arguments)); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); auto app_icon = GUI::Icon::default_icon("app-magnifier"sv); diff --git a/Userland/Applications/Mail/main.cpp b/Userland/Applications/Mail/main.cpp index a14e2629c3..a563676a82 100644 --- a/Userland/Applications/Mail/main.cpp +++ b/Userland/Applications/Mail/main.cpp @@ -18,17 +18,18 @@ ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio recvfd sendfd rpath unix inet")); + TRY(Core::System::pledge("stdio recvfd sendfd rpath unix inet proc")); auto app = TRY(GUI::Application::try_create(arguments)); Config::pledge_domain("Mail"); + TRY(Core::System::unveil("/proc/all", "r")); TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/etc", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw")); TRY(Core::System::unveil("/tmp/portal/lookup", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_scheme("/bin/MailSettings"))); diff --git a/Userland/Applications/PDFViewer/main.cpp b/Userland/Applications/PDFViewer/main.cpp index 67f9dda8dc..deb25f7934 100644 --- a/Userland/Applications/PDFViewer/main.cpp +++ b/Userland/Applications/PDFViewer/main.cpp @@ -32,10 +32,10 @@ ErrorOr serenity_main(Main::Arguments arguments) window->set_title("PDF Viewer"); window->resize(640, 400); - TRY(Core::System::pledge("stdio recvfd sendfd rpath unix")); + TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); auto pdf_viewer_widget = TRY(window->try_set_main_widget()); diff --git a/Userland/Applications/PixelPaint/main.cpp b/Userland/Applications/PixelPaint/main.cpp index bb73e1e4a8..f7669143f8 100644 --- a/Userland/Applications/PixelPaint/main.cpp +++ b/Userland/Applications/PixelPaint/main.cpp @@ -21,7 +21,7 @@ ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix wpath cpath")); + TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix wpath cpath proc")); auto app = TRY(GUI::Application::try_create(arguments)); Config::pledge_domain("PixelPaint"); @@ -31,10 +31,11 @@ ErrorOr serenity_main(Main::Arguments arguments) args_parser.add_positional_argument(image_file, "Image file to open", "path", Core::ArgsParser::Required::No); args_parser.parse(arguments); + TRY(Core::System::unveil("/proc/all", "r")); TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/tmp/portal/clipboard", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw")); TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r")); TRY(Core::System::unveil(nullptr, nullptr)); diff --git a/Userland/Applications/Spreadsheet/main.cpp b/Userland/Applications/Spreadsheet/main.cpp index 7b523f1aed..9d40dc9117 100644 --- a/Userland/Applications/Spreadsheet/main.cpp +++ b/Userland/Applications/Spreadsheet/main.cpp @@ -26,7 +26,7 @@ ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread")); + TRY(Core::System::pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread proc")); auto app = TRY(GUI::Application::try_create(arguments)); @@ -44,7 +44,7 @@ ErrorOr serenity_main(Main::Arguments arguments) } } - TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw")); // For writing temporary files when exporting. TRY(Core::System::unveil("/tmp", "crw")); TRY(Core::System::unveil("/etc", "r")); diff --git a/Userland/Applications/Terminal/main.cpp b/Userland/Applications/Terminal/main.cpp index d6b147652a..925a07a8db 100644 --- a/Userland/Applications/Terminal/main.cpp +++ b/Userland/Applications/Terminal/main.cpp @@ -422,6 +422,7 @@ ErrorOr serenity_main(Main::Arguments arguments) return GUI::Window::CloseRequestDecision::StayOpen; }; + TRY(Core::System::unveil("/proc/all", "r")); TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/bin", "r")); TRY(Core::System::unveil("/proc", "r")); @@ -429,8 +430,8 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Core::System::unveil("/bin/TerminalSettings", "x")); TRY(Core::System::unveil("/bin/utmpupdate", "x")); TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/config", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/config", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); auto modified_state_check_timer = Core::Timer::create_repeating(500, [&] { diff --git a/Userland/Applications/TextEditor/main.cpp b/Userland/Applications/TextEditor/main.cpp index e1f4e73ace..0bd82d9d1e 100644 --- a/Userland/Applications/TextEditor/main.cpp +++ b/Userland/Applications/TextEditor/main.cpp @@ -18,7 +18,7 @@ using namespace TextEditor; ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix")); + TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix proc")); auto app = TRY(GUI::Application::try_create(arguments)); @@ -31,10 +31,11 @@ ErrorOr serenity_main(Main::Arguments arguments) parser.add_positional_argument(file_to_edit, "File to edit, with optional starting line and column number", "file[:line[:column]]", Core::ArgsParser::Required::No); parser.parse(arguments); + TRY(Core::System::unveil("/proc/all", "r")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); auto app_icon = GUI::Icon::default_icon("app-text-editor"sv); diff --git a/Userland/Applications/ThemeEditor/main.cpp b/Userland/Applications/ThemeEditor/main.cpp index 87051fa308..0430bd8adc 100644 --- a/Userland/Applications/ThemeEditor/main.cpp +++ b/Userland/Applications/ThemeEditor/main.cpp @@ -38,8 +38,8 @@ ErrorOr serenity_main(Main::Arguments arguments) if (!file_to_edit.is_empty()) path = Core::File::absolute_path(file_to_edit); - TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); + TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix proc")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil(nullptr, nullptr)); diff --git a/Userland/Applications/Welcome/main.cpp b/Userland/Applications/Welcome/main.cpp index d96e75d67a..4598b0e102 100644 --- a/Userland/Applications/Welcome/main.cpp +++ b/Userland/Applications/Welcome/main.cpp @@ -19,10 +19,11 @@ ErrorOr serenity_main(Main::Arguments arguments) Config::pledge_domain("SystemServer"); + TRY(Core::System::unveil("/proc/all", "r")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/home", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw")); TRY(Core::System::unveil("/bin/Help", "x")); TRY(Core::System::unveil(nullptr, nullptr)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-welcome"sv)); diff --git a/Userland/Demos/Eyes/main.cpp b/Userland/Demos/Eyes/main.cpp index 4f4e9c1de0..c7e183cc89 100644 --- a/Userland/Demos/Eyes/main.cpp +++ b/Userland/Demos/Eyes/main.cpp @@ -36,12 +36,12 @@ ErrorOr serenity_main(Main::Arguments arguments) args_parser.add_option(hide_window_frame, "Hide window frame", "hide-window", 'h'); args_parser.parse(arguments); - TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread")); + TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread proc")); auto app = TRY(GUI::Application::try_create(arguments)); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); if ((grid_rows > 0) ^ (grid_columns > 0)) { diff --git a/Userland/Demos/WidgetGallery/main.cpp b/Userland/Demos/WidgetGallery/main.cpp index 7c7681ec86..0c0bb64cd1 100644 --- a/Userland/Demos/WidgetGallery/main.cpp +++ b/Userland/Demos/WidgetGallery/main.cpp @@ -14,11 +14,11 @@ ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio recvfd sendfd rpath unix thread")); + TRY(Core::System::pledge("stdio recvfd sendfd rpath unix thread proc")); auto app = TRY(GUI::Application::try_create(arguments, Core::EventLoop::MakeInspectable::Yes)); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r")); TRY(Core::System::unveil(nullptr, nullptr)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-widget-gallery"sv)); diff --git a/Userland/DevTools/HackStudio/LanguageClients/ConnectionsToServer.h b/Userland/DevTools/HackStudio/LanguageClients/ConnectionsToServer.h index a32aa84747..efdbf9d5d8 100644 --- a/Userland/DevTools/HackStudio/LanguageClients/ConnectionsToServer.h +++ b/Userland/DevTools/HackStudio/LanguageClients/ConnectionsToServer.h @@ -15,7 +15,7 @@ #define LANGUAGE_CLIENT(language_name_, socket_name) \ namespace language_name_ { \ class ConnectionToServer final : public HackStudio::ConnectionToServer { \ - IPC_CLIENT_CONNECTION(ConnectionToServer, "/tmp/user/%uid/portal/language/" socket_name) \ + IPC_CLIENT_CONNECTION(ConnectionToServer, "/tmp/session/%sid/portal/language/" socket_name) \ public: \ static char const* language_name() { return #language_name_; } \ \ diff --git a/Userland/DevTools/Inspector/InspectorServerClient.h b/Userland/DevTools/Inspector/InspectorServerClient.h index db2e9d994b..a67148117a 100644 --- a/Userland/DevTools/Inspector/InspectorServerClient.h +++ b/Userland/DevTools/Inspector/InspectorServerClient.h @@ -15,7 +15,7 @@ namespace Inspector { class InspectorServerClient final : public IPC::ConnectionToServer , public InspectorClientEndpoint { - IPC_CLIENT_CONNECTION(InspectorServerClient, "/tmp/user/%uid/portal/inspector"sv) + IPC_CLIENT_CONNECTION(InspectorServerClient, "/tmp/session/%sid/portal/inspector"sv) public: virtual ~InspectorServerClient() override = default; diff --git a/Userland/Games/2048/main.cpp b/Userland/Games/2048/main.cpp index c248af6b5d..50678843c4 100644 --- a/Userland/Games/2048/main.cpp +++ b/Userland/Games/2048/main.cpp @@ -28,7 +28,7 @@ ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio rpath recvfd sendfd unix")); + TRY(Core::System::pledge("stdio rpath recvfd sendfd unix proc")); srand(time(nullptr)); @@ -44,8 +44,8 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Core::System::pledge("stdio rpath recvfd sendfd")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); size_t board_size = Config::read_i32("2048"sv, ""sv, "board_size"sv, 4); diff --git a/Userland/Games/Chess/main.cpp b/Userland/Games/Chess/main.cpp index 8d58b3f187..d2ecb26b90 100644 --- a/Userland/Games/Chess/main.cpp +++ b/Userland/Games/Chess/main.cpp @@ -36,11 +36,11 @@ ErrorOr serenity_main(Main::Arguments arguments) auto window = TRY(GUI::Window::try_create()); auto widget = TRY(window->try_set_main_widget()); + TRY(Core::System::unveil("/proc/all", "r")); TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/bin/ChessEngine", "x")); - TRY(Core::System::unveil("/etc/passwd", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); auto size = Config::read_i32("Chess"sv, "Display"sv, "size"sv, 512); diff --git a/Userland/Games/FlappyBug/main.cpp b/Userland/Games/FlappyBug/main.cpp index 377f45493c..1753c28d79 100644 --- a/Userland/Games/FlappyBug/main.cpp +++ b/Userland/Games/FlappyBug/main.cpp @@ -28,10 +28,10 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/FlappyBug.md") })); TRY(Desktop::Launcher::seal_allowlist()); - TRY(Core::System::pledge("stdio rpath recvfd sendfd")); + TRY(Core::System::pledge("stdio rpath recvfd sendfd proc")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); u32 high_score = Config::read_i32("FlappyBug"sv, "Game"sv, "HighScore"sv, 0); diff --git a/Userland/Games/GameOfLife/main.cpp b/Userland/Games/GameOfLife/main.cpp index 90ba811510..83ee6019e0 100644 --- a/Userland/Games/GameOfLife/main.cpp +++ b/Userland/Games/GameOfLife/main.cpp @@ -34,10 +34,10 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/GameOfLife.md") })); TRY(Desktop::Launcher::seal_allowlist()); - TRY(Core::System::pledge("stdio rpath recvfd sendfd")); + TRY(Core::System::pledge("stdio rpath recvfd sendfd proc")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-gameoflife"sv)); diff --git a/Userland/Games/Hearts/main.cpp b/Userland/Games/Hearts/main.cpp index 95a818fad1..59787de4a6 100644 --- a/Userland/Games/Hearts/main.cpp +++ b/Userland/Games/Hearts/main.cpp @@ -40,10 +40,10 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Hearts.md") })); TRY(Desktop::Launcher::seal_allowlist()); - TRY(Core::System::pledge("stdio recvfd sendfd rpath")); + TRY(Core::System::pledge("stdio recvfd sendfd rpath proc")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); auto window = TRY(GUI::Window::try_create()); diff --git a/Userland/Games/MasterWord/main.cpp b/Userland/Games/MasterWord/main.cpp index ea279093de..32dc6347d2 100644 --- a/Userland/Games/MasterWord/main.cpp +++ b/Userland/Games/MasterWord/main.cpp @@ -30,10 +30,10 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/MasterWord.md") })); TRY(Desktop::Launcher::seal_allowlist()); - TRY(Core::System::pledge("stdio rpath recvfd sendfd")); + TRY(Core::System::pledge("stdio rpath recvfd sendfd proc")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-masterword"sv)); diff --git a/Userland/Games/Minesweeper/main.cpp b/Userland/Games/Minesweeper/main.cpp index ad066e347e..b08805ab65 100644 --- a/Userland/Games/Minesweeper/main.cpp +++ b/Userland/Games/Minesweeper/main.cpp @@ -36,10 +36,10 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Minesweeper.md") })); TRY(Desktop::Launcher::seal_allowlist()); - TRY(Core::System::pledge("stdio rpath recvfd sendfd")); + TRY(Core::System::pledge("stdio rpath recvfd sendfd proc")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-minesweeper"sv)); diff --git a/Userland/Games/Snake/main.cpp b/Userland/Games/Snake/main.cpp index 9e0ece2679..0fe09541f5 100644 --- a/Userland/Games/Snake/main.cpp +++ b/Userland/Games/Snake/main.cpp @@ -31,10 +31,10 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Desktop::Launcher::add_allowed_handler_with_only_specific_urls("/bin/Help", { URL::create_with_file_scheme("/usr/share/man/man6/Snake.md") })); TRY(Desktop::Launcher::seal_allowlist()); - TRY(Core::System::pledge("stdio rpath recvfd sendfd")); + TRY(Core::System::pledge("stdio rpath recvfd sendfd proc")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw")); TRY(Core::System::unveil("/res", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-snake"sv)); diff --git a/Userland/Libraries/LibAudio/ConnectionToServer.h b/Userland/Libraries/LibAudio/ConnectionToServer.h index 5ed42450fa..7abd516aa5 100644 --- a/Userland/Libraries/LibAudio/ConnectionToServer.h +++ b/Userland/Libraries/LibAudio/ConnectionToServer.h @@ -26,7 +26,7 @@ namespace Audio { class ConnectionToServer final : public IPC::ConnectionToServer , public AudioClientEndpoint { - IPC_CLIENT_CONNECTION(ConnectionToServer, "/tmp/user/%uid/portal/audio"sv) + IPC_CLIENT_CONNECTION(ConnectionToServer, "/tmp/session/%sid/portal/audio"sv) public: virtual ~ConnectionToServer() override; diff --git a/Userland/Libraries/LibConfig/Client.h b/Userland/Libraries/LibConfig/Client.h index ff1c2d5207..1ab9e52ad1 100644 --- a/Userland/Libraries/LibConfig/Client.h +++ b/Userland/Libraries/LibConfig/Client.h @@ -18,7 +18,7 @@ namespace Config { class Client final : public IPC::ConnectionToServer , public ConfigClientEndpoint { - IPC_CLIENT_CONNECTION(Client, "/tmp/user/%uid/portal/config"sv) + IPC_CLIENT_CONNECTION(Client, "/tmp/session/%sid/portal/config"sv) public: void pledge_domains(Vector const&); diff --git a/Userland/Libraries/LibCore/Account.cpp b/Userland/Libraries/LibCore/Account.cpp index 4958f5bb2d..a88e63b5bd 100644 --- a/Userland/Libraries/LibCore/Account.cpp +++ b/Userland/Libraries/LibCore/Account.cpp @@ -68,15 +68,6 @@ ErrorOr Account::from_passwd(passwd const& pwd, spwd const& spwd) return account; } -String Account::parse_path_with_uid(StringView general_path, Optional uid) -{ - if (general_path.contains("%uid"sv)) { - auto const final_uid = uid.has_value() ? uid.value() : getuid(); - return general_path.replace("%uid"sv, String::number(final_uid), ReplaceMode::All); - } - return general_path; -} - ErrorOr Account::self([[maybe_unused]] Read options) { Vector extra_gids = TRY(Core::System::getgroups()); @@ -149,14 +140,6 @@ bool Account::authenticate(SecretString const& password) const return hash != nullptr && AK::timing_safe_compare(hash, m_password_hash.characters(), m_password_hash.length()); } -ErrorOr Account::create_user_temporary_directory_if_needed() const -{ - auto const temporary_directory = String::formatted("/tmp/user/{}", m_uid); - auto directory = TRY(Core::Directory::create(temporary_directory, Core::Directory::CreateDirectories::Yes)); - TRY(directory.chown(m_uid, m_gid)); - return {}; -} - ErrorOr Account::login() const { TRY(Core::System::setgroups(m_extra_gids)); diff --git a/Userland/Libraries/LibCore/Account.h b/Userland/Libraries/LibCore/Account.h index 54b432e4d5..9141282c58 100644 --- a/Userland/Libraries/LibCore/Account.h +++ b/Userland/Libraries/LibCore/Account.h @@ -32,7 +32,6 @@ public: PasswdOnly }; - static String parse_path_with_uid(StringView general_path, Optional force_uid = {}); static ErrorOr self(Read options = Read::All); static ErrorOr from_name(StringView username, Read options = Read::All); static ErrorOr from_uid(uid_t uid, Read options = Read::All); @@ -40,8 +39,6 @@ public: bool authenticate(SecretString const& password) const; ErrorOr login() const; - ErrorOr create_user_temporary_directory_if_needed() const; - String username() const { return m_username; } String password_hash() const { return m_password_hash; } diff --git a/Userland/Libraries/LibCore/EventLoop.cpp b/Userland/Libraries/LibCore/EventLoop.cpp index a7f7198622..60e5c96aeb 100644 --- a/Userland/Libraries/LibCore/EventLoop.cpp +++ b/Userland/Libraries/LibCore/EventLoop.cpp @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -361,7 +362,12 @@ EventLoop::~EventLoop() bool connect_to_inspector_server() { #ifdef __serenity__ - auto inspector_server_path = Account::parse_path_with_uid("/tmp/user/%uid/portal/inspectables"sv); + auto maybe_path = SessionManagement::parse_path_with_sid("/tmp/session/%sid/portal/inspectables"sv); + if (maybe_path.is_error()) { + dbgln("connect_to_inspector_server: {}", maybe_path.error()); + return false; + } + auto inspector_server_path = maybe_path.value(); auto maybe_socket = Stream::LocalSocket::connect(inspector_server_path); if (maybe_socket.is_error()) { dbgln("connect_to_inspector_server: Failed to connect: {}", maybe_socket.error()); diff --git a/Userland/Libraries/LibCore/LocalServer.cpp b/Userland/Libraries/LibCore/LocalServer.cpp index c37547c704..d246e2c8db 100644 --- a/Userland/Libraries/LibCore/LocalServer.cpp +++ b/Userland/Libraries/LibCore/LocalServer.cpp @@ -4,9 +4,9 @@ * SPDX-License-Identifier: BSD-2-Clause */ -#include #include #include +#include #include #include #include @@ -38,7 +38,7 @@ ErrorOr LocalServer::take_over_from_system_server(String const& socket_pat if (m_listening) return Error::from_string_literal("Core::LocalServer: Can't perform socket takeover when already listening"); - auto const parsed_path = Core::Account::parse_path_with_uid(socket_path); + auto const parsed_path = TRY(Core::SessionManagement::parse_path_with_sid(socket_path)); auto socket = TRY(take_over_socket_from_system_server(parsed_path)); m_fd = TRY(socket->release_fd()); diff --git a/Userland/Libraries/LibCore/System.cpp b/Userland/Libraries/LibCore/System.cpp index b89e34c48b..c156d14daa 100644 --- a/Userland/Libraries/LibCore/System.cpp +++ b/Userland/Libraries/LibCore/System.cpp @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -82,7 +83,7 @@ ErrorOr pledge(StringView promises, StringView execpromises) ErrorOr unveil(StringView path, StringView permissions) { - auto const parsed_path = Core::Account::parse_path_with_uid(path); + auto const parsed_path = TRY(Core::SessionManagement::parse_path_with_sid(path)); Syscall::SC_unveil_params params { { parsed_path.characters(), parsed_path.length() }, diff --git a/Userland/Libraries/LibDesktop/Launcher.cpp b/Userland/Libraries/LibDesktop/Launcher.cpp index 724e118e92..3f83b58112 100644 --- a/Userland/Libraries/LibDesktop/Launcher.cpp +++ b/Userland/Libraries/LibDesktop/Launcher.cpp @@ -36,7 +36,7 @@ auto Launcher::Details::from_details_str(String const& details_str) -> NonnullRe class ConnectionToLaunchServer final : public IPC::ConnectionToServer , public LaunchClientEndpoint { - IPC_CLIENT_CONNECTION(ConnectionToLaunchServer, "/tmp/user/%uid/portal/launch"sv) + IPC_CLIENT_CONNECTION(ConnectionToLaunchServer, "/tmp/session/%sid/portal/launch"sv) private: ConnectionToLaunchServer(NonnullOwnPtr socket) : IPC::ConnectionToServer(*this, move(socket)) diff --git a/Userland/Libraries/LibFileSystemAccessClient/Client.h b/Userland/Libraries/LibFileSystemAccessClient/Client.h index c62e51e453..8525c106f7 100644 --- a/Userland/Libraries/LibFileSystemAccessClient/Client.h +++ b/Userland/Libraries/LibFileSystemAccessClient/Client.h @@ -23,7 +23,7 @@ using Result = ErrorOr>; class Client final : public IPC::ConnectionToServer , public FileSystemAccessClientEndpoint { - IPC_CLIENT_CONNECTION(Client, "/tmp/user/%uid/portal/filesystemaccess"sv) + IPC_CLIENT_CONNECTION(Client, "/tmp/session/%sid/portal/filesystemaccess"sv) public: Result try_request_file_read_only_approved(GUI::Window* parent_window, String const& path); diff --git a/Userland/Libraries/LibGUI/Notification.cpp b/Userland/Libraries/LibGUI/Notification.cpp index b022c9ac4b..adfbfb6189 100644 --- a/Userland/Libraries/LibGUI/Notification.cpp +++ b/Userland/Libraries/LibGUI/Notification.cpp @@ -15,7 +15,7 @@ namespace GUI { class ConnectionToNotificationServer final : public IPC::ConnectionToServer , public NotificationClientEndpoint { - IPC_CLIENT_CONNECTION(ConnectionToNotificationServer, "/tmp/user/%uid/portal/notify"sv) + IPC_CLIENT_CONNECTION(ConnectionToNotificationServer, "/tmp/session/%sid/portal/notify"sv) friend class Notification; diff --git a/Userland/Libraries/LibIPC/ConnectionToServer.h b/Userland/Libraries/LibIPC/ConnectionToServer.h index 0b7ec8d54c..eecab12d86 100644 --- a/Userland/Libraries/LibIPC/ConnectionToServer.h +++ b/Userland/Libraries/LibIPC/ConnectionToServer.h @@ -6,7 +6,7 @@ #pragma once -#include +#include #include #include @@ -18,7 +18,7 @@ public: template \ static ErrorOr> try_create(Args&&... args) \ { \ - auto parsed_socket_path { Core::Account::parse_path_with_uid(socket_path) }; \ + auto parsed_socket_path = TRY(Core::SessionManagement::parse_path_with_sid(socket_path)); \ auto socket = TRY(Core::Stream::LocalSocket::connect(move(parsed_socket_path))); \ /* We want to rate-limit our clients */ \ TRY(socket->set_blocking(true)); \ diff --git a/Userland/Libraries/LibImageDecoderClient/Client.h b/Userland/Libraries/LibImageDecoderClient/Client.h index 04f239a1b3..02fa7f8147 100644 --- a/Userland/Libraries/LibImageDecoderClient/Client.h +++ b/Userland/Libraries/LibImageDecoderClient/Client.h @@ -27,7 +27,7 @@ struct DecodedImage { class Client final : public IPC::ConnectionToServer , public ImageDecoderClientEndpoint { - IPC_CLIENT_CONNECTION(Client, "/tmp/user/%uid/portal/image"sv); + IPC_CLIENT_CONNECTION(Client, "/tmp/session/%sid/portal/image"sv); public: Optional decode_image(ReadonlyBytes); diff --git a/Userland/Libraries/LibProtocol/RequestClient.h b/Userland/Libraries/LibProtocol/RequestClient.h index 3cc54cca10..cf8efe1856 100644 --- a/Userland/Libraries/LibProtocol/RequestClient.h +++ b/Userland/Libraries/LibProtocol/RequestClient.h @@ -20,7 +20,7 @@ class Request; class RequestClient final : public IPC::ConnectionToServer , public RequestClientEndpoint { - IPC_CLIENT_CONNECTION(RequestClient, "/tmp/user/%uid/portal/request"sv) + IPC_CLIENT_CONNECTION(RequestClient, "/tmp/session/%sid/portal/request"sv) public: template> diff --git a/Userland/Libraries/LibProtocol/WebSocketClient.h b/Userland/Libraries/LibProtocol/WebSocketClient.h index 9edc484d38..db67203aa9 100644 --- a/Userland/Libraries/LibProtocol/WebSocketClient.h +++ b/Userland/Libraries/LibProtocol/WebSocketClient.h @@ -18,7 +18,7 @@ class WebSocket; class WebSocketClient final : public IPC::ConnectionToServer , public WebSocketClientEndpoint { - IPC_CLIENT_CONNECTION(WebSocketClient, "/tmp/user/%uid/portal/websocket"sv) + IPC_CLIENT_CONNECTION(WebSocketClient, "/tmp/session/%sid/portal/websocket"sv) public: RefPtr connect(const URL&, String const& origin = {}, Vector const& protocols = {}, Vector const& extensions = {}, HashMap const& request_headers = {}); diff --git a/Userland/Libraries/LibSQL/SQLClient.h b/Userland/Libraries/LibSQL/SQLClient.h index 0653ffa653..6248852ea5 100644 --- a/Userland/Libraries/LibSQL/SQLClient.h +++ b/Userland/Libraries/LibSQL/SQLClient.h @@ -16,7 +16,7 @@ namespace SQL { class SQLClient : public IPC::ConnectionToServer , public SQLClientEndpoint { - IPC_CLIENT_CONNECTION(SQLClient, "/tmp/user/%uid/portal/sql"sv) + IPC_CLIENT_CONNECTION(SQLClient, "/tmp/session/%sid/portal/sql"sv) virtual ~SQLClient() = default; Function on_connected; diff --git a/Userland/Libraries/LibWebView/WebContentClient.h b/Userland/Libraries/LibWebView/WebContentClient.h index b305a75ed9..412584a68f 100644 --- a/Userland/Libraries/LibWebView/WebContentClient.h +++ b/Userland/Libraries/LibWebView/WebContentClient.h @@ -19,7 +19,7 @@ class OutOfProcessWebView; class WebContentClient final : public IPC::ConnectionToServer , public WebContentClientEndpoint { - IPC_CLIENT_CONNECTION(WebContentClient, "/tmp/user/%uid/portal/webcontent"sv); + IPC_CLIENT_CONNECTION(WebContentClient, "/tmp/session/%sid/portal/webcontent"sv); public: Function on_web_content_process_crash; diff --git a/Userland/Services/InspectorServer/main.cpp b/Userland/Services/InspectorServer/main.cpp index 72e7c6ecb9..1cdaa5d552 100644 --- a/Userland/Services/InspectorServer/main.cpp +++ b/Userland/Services/InspectorServer/main.cpp @@ -17,12 +17,12 @@ ErrorOr serenity_main(Main::Arguments) { Core::EventLoop event_loop; - TRY(Core::System::pledge("stdio unix accept")); + TRY(Core::System::pledge("stdio unix accept rpath proc")); - auto server = TRY(IPC::MultiServer::try_create("/tmp/user/%uid/portal/inspector")); + auto server = TRY(IPC::MultiServer::try_create("/tmp/session/%sid/portal/inspector")); auto inspectables_server = TRY(Core::LocalServer::try_create()); - TRY(inspectables_server->take_over_from_system_server("/tmp/user/%uid/portal/inspectables")); + TRY(inspectables_server->take_over_from_system_server("/tmp/session/%sid/portal/inspectables")); inspectables_server->on_accept = [&](auto client_socket) { auto pid = client_socket->peer_pid().release_value_but_fixme_should_propagate_errors(); diff --git a/Userland/Services/LoginServer/main.cpp b/Userland/Services/LoginServer/main.cpp index 192e1d0610..8ff9647ee9 100644 --- a/Userland/Services/LoginServer/main.cpp +++ b/Userland/Services/LoginServer/main.cpp @@ -6,6 +6,7 @@ #include #include +#include #include #include #include @@ -18,8 +19,14 @@ static void child_process(Core::Account const& account) { - if (auto result = account.create_user_temporary_directory_if_needed(); result.is_error()) { - dbgln("Failed to create temporary directory for user {}: {}", account.username(), result.error()); + pid_t rc = setsid(); + if (rc == -1) { + dbgln("failed to setsid: {}", strerror(errno)); + exit(1); + } + auto result = Core::SessionManagement::create_session_temporary_directory_if_needed(account.uid(), account.gid()); + if (result.is_error()) { + dbgln("Failed to create temporary directory for session: {}", result.error()); exit(1); } @@ -29,11 +36,6 @@ static void child_process(Core::Account const& account) } setenv("HOME", account.home_directory().characters(), true); - pid_t rc = setsid(); - if (rc == -1) { - dbgln("failed to setsid: {}", strerror(errno)); - exit(1); - } dbgln("login with sid={}", rc); execlp("/bin/SystemServer", "SystemServer", "--user", nullptr); @@ -68,6 +70,7 @@ ErrorOr serenity_main(Main::Arguments arguments) TRY(Core::System::unveil("/etc/shadow", "r")); TRY(Core::System::unveil("/etc/group", "r")); TRY(Core::System::unveil("/bin/SystemServer", "x")); + TRY(Core::System::unveil("/proc/all", "r")); TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil(nullptr, nullptr)); diff --git a/Userland/Services/SystemServer/Service.cpp b/Userland/Services/SystemServer/Service.cpp index 673f0683c5..f82e29428e 100644 --- a/Userland/Services/SystemServer/Service.cpp +++ b/Userland/Services/SystemServer/Service.cpp @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -322,17 +323,21 @@ Service::Service(Core::ConfigFile const& config, StringView name) // Need i here to iterate along with all other vectors. for (unsigned i = 0; i < socket_paths.size(); i++) { - auto const path = Core::Account::parse_path_with_uid(socket_paths.at(i), m_account.has_value() ? m_account.value().uid() : Optional {}); + auto const path = Core::SessionManagement::parse_path_with_sid(socket_paths.at(i)); + if (path.is_error()) { + // FIXME: better error handling for this case. + TODO(); + } // Socket path (plus NUL) must fit into the structs sent to the Kernel. - VERIFY(path.length() < UNIX_PATH_MAX); + VERIFY(path.value().length() < UNIX_PATH_MAX); // This is done so that the last permission repeats for every other // socket. So you can define a single permission, and have it // be applied for every socket. mode_t permissions = strtol(socket_perms.at(min(socket_perms.size() - 1, (long unsigned)i)).characters(), nullptr, 8) & 0777; - m_sockets.empend(path, -1, permissions); + m_sockets.empend(path.value(), -1, permissions); } } diff --git a/Userland/Services/WebContent/main.cpp b/Userland/Services/WebContent/main.cpp index ea5c757617..9fdf9630a6 100644 --- a/Userland/Services/WebContent/main.cpp +++ b/Userland/Services/WebContent/main.cpp @@ -22,12 +22,13 @@ ErrorOr serenity_main(Main::Arguments) { Core::EventLoop event_loop; - TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath")); + TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath proc")); + TRY(Core::System::unveil("/proc/all", "r")); TRY(Core::System::unveil("/res", "r")); TRY(Core::System::unveil("/etc/timezone", "r")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/request", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw")); - TRY(Core::System::unveil("/tmp/user/%uid/portal/websocket", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/request", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw")); + TRY(Core::System::unveil("/tmp/session/%sid/portal/websocket", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); Web::Platform::EventLoopPlugin::install(*new Web::Platform::EventLoopPluginSerenity); diff --git a/Userland/Utilities/aplay.cpp b/Userland/Utilities/aplay.cpp index b8e1a9f537..2bf3f2f987 100644 --- a/Userland/Utilities/aplay.cpp +++ b/Userland/Utilities/aplay.cpp @@ -22,7 +22,7 @@ constexpr size_t LOAD_CHUNK_SIZE = 128 * KiB; ErrorOr serenity_main(Main::Arguments arguments) { - TRY(Core::System::pledge("stdio rpath sendfd unix thread")); + TRY(Core::System::pledge("stdio rpath sendfd unix thread proc")); StringView path {}; bool should_loop = false; @@ -34,8 +34,8 @@ ErrorOr serenity_main(Main::Arguments arguments) args_parser.add_option(show_sample_progress, "Show playback progress in samples", "sample-progress", 's'); args_parser.parse(arguments); + TRY(Core::System::unveil("/tmp/session/%sid/portal/audio", "rw")); TRY(Core::System::unveil(Core::File::absolute_path(path), "r"sv)); - TRY(Core::System::unveil("/tmp/user/%uid/portal/audio", "rw")); TRY(Core::System::unveil(nullptr, nullptr)); Core::EventLoop loop;