1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 16:27:35 +00:00

Kernel: Allow configuring a Jail to not impose PID isolation restriction

This is quite useful for userspace applications that can't cope with the
restriction, but it's still useful to impose other non-configurable
restrictions by using jails.
This commit is contained in:
Liav A 2023-01-12 22:47:09 +02:00 committed by Jelle Raaijmakers
parent cf8875426d
commit 8289759f1d
11 changed files with 62 additions and 23 deletions

View file

@ -5,7 +5,7 @@
*/
#include <AK/Userspace.h>
#include <Kernel/API/Ioctl.h>
#include <Kernel/API/Jail.h>
#include <Kernel/Jail.h>
#include <Kernel/Process.h>
#include <Kernel/StdLib.h>
@ -30,7 +30,7 @@ ErrorOr<FlatPtr> Process::sys$jail_create(Userspace<Syscall::SC_jail_create_para
// any info leak about the "outside world" jail metadata.
if (my_jail)
return Error::from_errno(EPERM);
auto jail = TRY(Jail::create(move(jail_name)));
auto jail = TRY(Jail::create(move(jail_name), static_cast<unsigned>(params.flags)));
return jail->index().value();
}));
// Note: We do the copy_to_user outside of the m_attached_jail Spinlock locked scope because