mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 19:17:44 +00:00
SystemServer+LoginServer+Userland: Switch to sid-based sockets
This commit does three things atomically: - switch over Core::Account+SystemServer+LoginServer to sid based socket names. - change socket names with %uid to %sid. - add/update necessary pledges and unveils. Userland: Switch over servers to sid based sockets Userland: Properly pledge and unveil for sid based sockets
This commit is contained in:
parent
1df4cc1926
commit
7af5eef0dd
50 changed files with 134 additions and 130 deletions
|
@ -358,9 +358,9 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
{
|
||||
auto app = TRY(GUI::Application::try_create(arguments));
|
||||
|
||||
TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix prot_exec"));
|
||||
TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix prot_exec proc"));
|
||||
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/home/anon/Documents/3D Models", "r"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/usr/lib", "r"));
|
||||
|
|
|
@ -80,14 +80,16 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_scheme(Core::StandardPaths::downloads_directory())));
|
||||
TRY(Desktop::Launcher::seal_allowlist());
|
||||
|
||||
TRY(Core::System::unveil("/proc/all", "r"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/request", "rw"));
|
||||
TRY(Core::System::unveil("/home", "rwc"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/etc/passwd", "r"));
|
||||
TRY(Core::System::unveil("/etc/timezone", "r"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/request", "rw"));
|
||||
TRY(Core::System::unveil("/bin/BrowserSettings", "x"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
|
|
|
@ -28,14 +28,15 @@ static String parse_input(StringView input)
|
|||
|
||||
ErrorOr<int> serenity_main(Main::Arguments arguments)
|
||||
{
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix"));
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc"));
|
||||
auto app = TRY(GUI::Application::try_create(arguments));
|
||||
|
||||
TRY(Core::System::unveil("/proc/all", "r"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/usr/share/man", "r"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
String start_page;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
|
||||
ErrorOr<int> serenity_main(Main::Arguments arguments)
|
||||
{
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread"));
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix cpath wpath thread proc"));
|
||||
|
||||
auto app = TRY(GUI::Application::try_create(arguments));
|
||||
|
||||
|
@ -43,8 +43,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
return GUI::Window::CloseRequestDecision::StayOpen;
|
||||
};
|
||||
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
hex_editor_widget->initialize_menubar(*window);
|
||||
|
|
|
@ -37,11 +37,11 @@ static ErrorOr<ByteBuffer> dump_bitmap(RefPtr<Gfx::Bitmap> bitmap, AK::StringVie
|
|||
|
||||
ErrorOr<int> serenity_main(Main::Arguments arguments)
|
||||
{
|
||||
TRY(Core::System::pledge("stdio cpath rpath recvfd sendfd unix"));
|
||||
TRY(Core::System::pledge("stdio cpath rpath recvfd sendfd unix proc"));
|
||||
auto app = TRY(GUI::Application::try_create(arguments));
|
||||
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
auto app_icon = GUI::Icon::default_icon("app-magnifier"sv);
|
||||
|
|
|
@ -18,17 +18,18 @@
|
|||
|
||||
ErrorOr<int> serenity_main(Main::Arguments arguments)
|
||||
{
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix inet"));
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix inet proc"));
|
||||
|
||||
auto app = TRY(GUI::Application::try_create(arguments));
|
||||
|
||||
Config::pledge_domain("Mail");
|
||||
|
||||
TRY(Core::System::unveil("/proc/all", "r"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/etc", "r"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/portal/lookup", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_scheme("/bin/MailSettings")));
|
||||
|
|
|
@ -32,10 +32,10 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
window->set_title("PDF Viewer");
|
||||
window->resize(640, 400);
|
||||
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix"));
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd rpath unix proc"));
|
||||
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
auto pdf_viewer_widget = TRY(window->try_set_main_widget<PDFViewerWidget>());
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
|
||||
ErrorOr<int> serenity_main(Main::Arguments arguments)
|
||||
{
|
||||
TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix wpath cpath"));
|
||||
TRY(Core::System::pledge("stdio thread recvfd sendfd rpath unix wpath cpath proc"));
|
||||
|
||||
auto app = TRY(GUI::Application::try_create(arguments));
|
||||
Config::pledge_domain("PixelPaint");
|
||||
|
@ -31,10 +31,11 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
args_parser.add_positional_argument(image_file, "Image file to open", "path", Core::ArgsParser::Required::No);
|
||||
args_parser.parse(arguments);
|
||||
|
||||
TRY(Core::System::unveil("/proc/all", "r"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/tmp/portal/clipboard", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw"));
|
||||
TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
|
||||
ErrorOr<int> serenity_main(Main::Arguments arguments)
|
||||
{
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread"));
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread proc"));
|
||||
|
||||
auto app = TRY(GUI::Application::try_create(arguments));
|
||||
|
||||
|
@ -44,7 +44,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
}
|
||||
}
|
||||
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
|
||||
// For writing temporary files when exporting.
|
||||
TRY(Core::System::unveil("/tmp", "crw"));
|
||||
TRY(Core::System::unveil("/etc", "r"));
|
||||
|
|
|
@ -422,6 +422,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
return GUI::Window::CloseRequestDecision::StayOpen;
|
||||
};
|
||||
|
||||
TRY(Core::System::unveil("/proc/all", "r"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/bin", "r"));
|
||||
TRY(Core::System::unveil("/proc", "r"));
|
||||
|
@ -429,8 +430,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
TRY(Core::System::unveil("/bin/TerminalSettings", "x"));
|
||||
TRY(Core::System::unveil("/bin/utmpupdate", "x"));
|
||||
TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/config", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/config", "rw"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
auto modified_state_check_timer = Core::Timer::create_repeating(500, [&] {
|
||||
|
|
|
@ -18,7 +18,7 @@ using namespace TextEditor;
|
|||
|
||||
ErrorOr<int> serenity_main(Main::Arguments arguments)
|
||||
{
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix"));
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath cpath wpath unix proc"));
|
||||
|
||||
auto app = TRY(GUI::Application::try_create(arguments));
|
||||
|
||||
|
@ -31,10 +31,11 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
parser.add_positional_argument(file_to_edit, "File to edit, with optional starting line and column number", "file[:line[:column]]", Core::ArgsParser::Required::No);
|
||||
parser.parse(arguments);
|
||||
|
||||
TRY(Core::System::unveil("/proc/all", "r"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/launch", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/launch", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
auto app_icon = GUI::Icon::default_icon("app-text-editor"sv);
|
||||
|
|
|
@ -38,8 +38,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
if (!file_to_edit.is_empty())
|
||||
path = Core::File::absolute_path(file_to_edit);
|
||||
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd thread rpath unix proc"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
|
|
|
@ -19,10 +19,11 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
|
||||
Config::pledge_domain("SystemServer");
|
||||
|
||||
TRY(Core::System::unveil("/proc/all", "r"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/webcontent", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/home", "r"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/filesystemaccess", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/webcontent", "rw"));
|
||||
TRY(Core::System::unveil("/bin/Help", "x"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
auto app_icon = TRY(GUI::Icon::try_create_default_icon("app-welcome"sv));
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue