mirror of
https://github.com/RGBCube/serenity
synced 2025-07-28 10:27:36 +00:00
SystemServer+LoginServer+Userland: Switch to sid-based sockets
This commit does three things atomically: - switch over Core::Account+SystemServer+LoginServer to sid based socket names. - change socket names with %uid to %sid. - add/update necessary pledges and unveils. Userland: Switch over servers to sid based sockets Userland: Properly pledge and unveil for sid based sockets
This commit is contained in:
parent
1df4cc1926
commit
7af5eef0dd
50 changed files with 134 additions and 130 deletions
|
@ -17,12 +17,12 @@ ErrorOr<int> serenity_main(Main::Arguments)
|
|||
{
|
||||
Core::EventLoop event_loop;
|
||||
|
||||
TRY(Core::System::pledge("stdio unix accept"));
|
||||
TRY(Core::System::pledge("stdio unix accept rpath proc"));
|
||||
|
||||
auto server = TRY(IPC::MultiServer<InspectorServer::ConnectionFromClient>::try_create("/tmp/user/%uid/portal/inspector"));
|
||||
auto server = TRY(IPC::MultiServer<InspectorServer::ConnectionFromClient>::try_create("/tmp/session/%sid/portal/inspector"));
|
||||
|
||||
auto inspectables_server = TRY(Core::LocalServer::try_create());
|
||||
TRY(inspectables_server->take_over_from_system_server("/tmp/user/%uid/portal/inspectables"));
|
||||
TRY(inspectables_server->take_over_from_system_server("/tmp/session/%sid/portal/inspectables"));
|
||||
|
||||
inspectables_server->on_accept = [&](auto client_socket) {
|
||||
auto pid = client_socket->peer_pid().release_value_but_fixme_should_propagate_errors();
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
#include <LibCore/Account.h>
|
||||
#include <LibCore/ArgsParser.h>
|
||||
#include <LibCore/SessionManagement.h>
|
||||
#include <LibCore/System.h>
|
||||
#include <LibGUI/Application.h>
|
||||
#include <LibGUI/MessageBox.h>
|
||||
|
@ -18,8 +19,14 @@
|
|||
|
||||
static void child_process(Core::Account const& account)
|
||||
{
|
||||
if (auto result = account.create_user_temporary_directory_if_needed(); result.is_error()) {
|
||||
dbgln("Failed to create temporary directory for user {}: {}", account.username(), result.error());
|
||||
pid_t rc = setsid();
|
||||
if (rc == -1) {
|
||||
dbgln("failed to setsid: {}", strerror(errno));
|
||||
exit(1);
|
||||
}
|
||||
auto result = Core::SessionManagement::create_session_temporary_directory_if_needed(account.uid(), account.gid());
|
||||
if (result.is_error()) {
|
||||
dbgln("Failed to create temporary directory for session: {}", result.error());
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
@ -29,11 +36,6 @@ static void child_process(Core::Account const& account)
|
|||
}
|
||||
|
||||
setenv("HOME", account.home_directory().characters(), true);
|
||||
pid_t rc = setsid();
|
||||
if (rc == -1) {
|
||||
dbgln("failed to setsid: {}", strerror(errno));
|
||||
exit(1);
|
||||
}
|
||||
dbgln("login with sid={}", rc);
|
||||
|
||||
execlp("/bin/SystemServer", "SystemServer", "--user", nullptr);
|
||||
|
@ -68,6 +70,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
|
|||
TRY(Core::System::unveil("/etc/shadow", "r"));
|
||||
TRY(Core::System::unveil("/etc/group", "r"));
|
||||
TRY(Core::System::unveil("/bin/SystemServer", "x"));
|
||||
TRY(Core::System::unveil("/proc/all", "r"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
#include <LibCore/ConfigFile.h>
|
||||
#include <LibCore/Directory.h>
|
||||
#include <LibCore/File.h>
|
||||
#include <LibCore/SessionManagement.h>
|
||||
#include <LibCore/SocketAddress.h>
|
||||
#include <LibCore/System.h>
|
||||
#include <fcntl.h>
|
||||
|
@ -322,17 +323,21 @@ Service::Service(Core::ConfigFile const& config, StringView name)
|
|||
|
||||
// Need i here to iterate along with all other vectors.
|
||||
for (unsigned i = 0; i < socket_paths.size(); i++) {
|
||||
auto const path = Core::Account::parse_path_with_uid(socket_paths.at(i), m_account.has_value() ? m_account.value().uid() : Optional<uid_t> {});
|
||||
auto const path = Core::SessionManagement::parse_path_with_sid(socket_paths.at(i));
|
||||
if (path.is_error()) {
|
||||
// FIXME: better error handling for this case.
|
||||
TODO();
|
||||
}
|
||||
|
||||
// Socket path (plus NUL) must fit into the structs sent to the Kernel.
|
||||
VERIFY(path.length() < UNIX_PATH_MAX);
|
||||
VERIFY(path.value().length() < UNIX_PATH_MAX);
|
||||
|
||||
// This is done so that the last permission repeats for every other
|
||||
// socket. So you can define a single permission, and have it
|
||||
// be applied for every socket.
|
||||
mode_t permissions = strtol(socket_perms.at(min(socket_perms.size() - 1, (long unsigned)i)).characters(), nullptr, 8) & 0777;
|
||||
|
||||
m_sockets.empend(path, -1, permissions);
|
||||
m_sockets.empend(path.value(), -1, permissions);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -22,12 +22,13 @@
|
|||
ErrorOr<int> serenity_main(Main::Arguments)
|
||||
{
|
||||
Core::EventLoop event_loop;
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath"));
|
||||
TRY(Core::System::pledge("stdio recvfd sendfd accept unix rpath proc"));
|
||||
TRY(Core::System::unveil("/proc/all", "r"));
|
||||
TRY(Core::System::unveil("/res", "r"));
|
||||
TRY(Core::System::unveil("/etc/timezone", "r"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/request", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/image", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/user/%uid/portal/websocket", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/request", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/image", "rw"));
|
||||
TRY(Core::System::unveil("/tmp/session/%sid/portal/websocket", "rw"));
|
||||
TRY(Core::System::unveil(nullptr, nullptr));
|
||||
|
||||
Web::Platform::EventLoopPlugin::install(*new Web::Platform::EventLoopPluginSerenity);
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue