SystemServer+LoginServer+Userland: Switch to sid-based sockets

This commit does three things atomically:
- switch over Core::Account+SystemServer+LoginServer to sid based socket
  names.
- change socket names with %uid to %sid.
- add/update necessary pledges and unveils.

Userland: Switch over servers to sid based sockets

Userland: Properly pledge and unveil for sid based sockets

Userland/Services/InspectorServer/main.cpp

@@ -17,12 +17,12 @@ ErrorOr<int> serenity_main(Main::Arguments)
 {
     Core::EventLoop event_loop;
 
-    TRY(Core::System::pledge("stdio unix accept"));
+    TRY(Core::System::pledge("stdio unix accept rpath proc"));
 
-    auto server = TRY(IPC::MultiServer<InspectorServer::ConnectionFromClient>::try_create("/tmp/user/%uid/portal/inspector"));
+    auto server = TRY(IPC::MultiServer<InspectorServer::ConnectionFromClient>::try_create("/tmp/session/%sid/portal/inspector"));
 
     auto inspectables_server = TRY(Core::LocalServer::try_create());
-    TRY(inspectables_server->take_over_from_system_server("/tmp/user/%uid/portal/inspectables"));
+    TRY(inspectables_server->take_over_from_system_server("/tmp/session/%sid/portal/inspectables"));
 
     inspectables_server->on_accept = [&](auto client_socket) {
         auto pid = client_socket->peer_pid().release_value_but_fixme_should_propagate_errors();

Userland/Services/LoginServer/main.cpp

@@ -6,6 +6,7 @@
 
 #include <LibCore/Account.h>
 #include <LibCore/ArgsParser.h>
+#include <LibCore/SessionManagement.h>
 #include <LibCore/System.h>
 #include <LibGUI/Application.h>
 #include <LibGUI/MessageBox.h>
@@ -18,8 +19,14 @@
 
 static void child_process(Core::Account const& account)
 {
-    if (auto result = account.create_user_temporary_directory_if_needed(); result.is_error()) {
-        dbgln("Failed to create temporary directory for user {}: {}", account.username(), result.error());
+    pid_t rc = setsid();
+    if (rc == -1) {
+        dbgln("failed to setsid: {}", strerror(errno));
+        exit(1);
+    }
+    auto result = Core::SessionManagement::create_session_temporary_directory_if_needed(account.uid(), account.gid());
+    if (result.is_error()) {
+        dbgln("Failed to create temporary directory for session: {}", result.error());
         exit(1);
     }
 
@@ -29,11 +36,6 @@ static void child_process(Core::Account const& account)
     }
 
     setenv("HOME", account.home_directory().characters(), true);
-    pid_t rc = setsid();
-    if (rc == -1) {
-        dbgln("failed to setsid: {}", strerror(errno));
-        exit(1);
-    }
     dbgln("login with sid={}", rc);
 
     execlp("/bin/SystemServer", "SystemServer", "--user", nullptr);
@@ -68,6 +70,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
     TRY(Core::System::unveil("/etc/shadow", "r"));
     TRY(Core::System::unveil("/etc/group", "r"));
     TRY(Core::System::unveil("/bin/SystemServer", "x"));
+    TRY(Core::System::unveil("/proc/all", "r"));
     TRY(Core::System::unveil("/res", "r"));
     TRY(Core::System::unveil(nullptr, nullptr));
 

Userland/Services/SystemServer/Service.cpp

@@ -13,6 +13,7 @@
 #include <LibCore/ConfigFile.h>
 #include <LibCore/Directory.h>
 #include <LibCore/File.h>
+#include <LibCore/SessionManagement.h>
 #include <LibCore/SocketAddress.h>
 #include <LibCore/System.h>
 #include <fcntl.h>
@@ -322,17 +323,21 @@ Service::Service(Core::ConfigFile const& config, StringView name)
 
         // Need i here to iterate along with all other vectors.
         for (unsigned i = 0; i < socket_paths.size(); i++) {
-            auto const path = Core::Account::parse_path_with_uid(socket_paths.at(i), m_account.has_value() ? m_account.value().uid() : Optional<uid_t> {});
+            auto const path = Core::SessionManagement::parse_path_with_sid(socket_paths.at(i));
+            if (path.is_error()) {
+                // FIXME: better error handling for this case.
+                TODO();
+            }
 
             // Socket path (plus NUL) must fit into the structs sent to the Kernel.
-            VERIFY(path.length() < UNIX_PATH_MAX);
+            VERIFY(path.value().length() < UNIX_PATH_MAX);
 
             // This is done so that the last permission repeats for every other
             // socket. So you can define a single permission, and have it
             // be applied for every socket.
             mode_t permissions = strtol(socket_perms.at(min(socket_perms.size() - 1, (long unsigned)i)).characters(), nullptr, 8) & 0777;
 
-            m_sockets.empend(path, -1, permissions);
+            m_sockets.empend(path.value(), -1, permissions);
         }
     }
 

Userland/Services/WebContent/main.cpp

@@ -22,12 +22,13 @@
 ErrorOr<int> serenity_main(Main::Arguments)
 {
     Core::EventLoop event_loop;
-    TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath"));
+    TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath proc"));
+    TRY(Core::System::unveil("/proc/all", "r"));
     TRY(Core::System::unveil("/res", "r"));
     TRY(Core::System::unveil("/etc/timezone", "r"));
-    TRY(Core::System::unveil("/tmp/user/%uid/portal/request", "rw"));
-    TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw"));
-    TRY(Core::System::unveil("/tmp/user/%uid/portal/websocket", "rw"));
+    TRY(Core::System::unveil("/tmp/session/%sid/portal/request", "rw"));
+    TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw"));
+    TRY(Core::System::unveil("/tmp/session/%sid/portal/websocket", "rw"));
     TRY(Core::System::unveil(nullptr, nullptr));
 
     Web::Platform::EventLoopPlugin::install(*new Web::Platform::EventLoopPluginSerenity);