If we try to launch a lazily-spawned service and the SystemServer as a
(running --user) session leader is running with root permissions, then
if it is instructed to drop the root permissions for a the new service
then it will make sense to abort the entire spawn procedure if dropping
of privileges failed.
For other users, trying to change UID/GID to something else doesn't make
sense (and will always actually fail) as we are already running in non
root permissions, hence we don't attempt to do this anymore.
It should be noted that if an explicit User configuration was actually
specified for a Service to be used with, we would still try to login
with the requested User option value, which would fail when running as
non-root user.
This is useful for example when trying to run the pro utility with pls
to elevate to root permissions, but the session leader is still the same
so trying to "drop" privileges to UID 0 doesn't make sense.
This makes it possible to set a pseudo-element as the inspected node
using Document::set_inspected_node(), Document then provides
inspected_layout_node() for the painting related functions.
Core::File's new `DontCreate` open mode removes the need for these
capabilities on SpiceAgent. We shouldn't have to create this file,
as if it doesn't exist, QEMU never initiated a spice connection!
If an image had a valid header and valid metadata, but decoding the
image frame data failed, the renderer used to crash.
The crash only happened in SerenityOS, because there
ImageCodecPluginSerenity returned nullptr bitmaps. Instead, return
{} like ImageCodecPluginLadybird already does if there's a nullptr
frame.
Fixes#19141.
Loading #19141 in the browser satisfyingly also serves as a manual
test for the bug. (No automated test since we don't run layout
tests within SerenityOS on the bots.)
Before this commit, notifications would appear in the top left of the
screen when created, then move to the top right once hovered by the
mouse. This happened because the first notification would use its own
default-constructed position of 0,0 as a point of reference.
The server cannot use these values anywhere, because this method always
sets 'prompt = ShouldPrompt::No'. This saves a bunch of roundtrips for
all clients that use FSAS to read abritrary files.
This is a clear sign that they want to use a UnixDateTime instead.
This also adds support for placing durations and date times into SQL
databases via their millisecond offset to UTC.
That's what this class really is; in fact that's what the first line of
the comment says it is.
This commit does not rename the main files, since those will contain
other time-related classes in a little bit.
This fixes a plethora of rounding problems on many websites.
In the future, we may want to replace this with fixed-point arithmetic
(bug #18566) for performance (and consistency with other engines),
but in the meantime this makes the web look a bit better. :^)
There's a lot more things that could be converted to doubles, which
would reduce the amount of casting necessary in this patch.
We can do that incrementally, however.
The spice server will ignore any clipboard-related messages if we don't
have the appropriate capabilities, but I think it's better for us to
do less CPU churning whenever the user copies something to their
clipboard.
It also stops the spice server from warning in the console
about a clipboard grab message being recieved when the capability was
never announced.
Previously, calling `.right()` on a `Gfx::Rect` would return the last
column's coordinate still inside the rectangle, or `left + width - 1`.
This is called 'endpoint inclusive' and does not make a lot of sense for
`Gfx::Rect<float>` where a rectangle of width 5 at position (0, 0) would
return 4 as its right side. This same problem exists for `.bottom()`.
This changes `Gfx::Rect` to be endpoint exclusive, which gives us the
nice property that `width = right - left` and `height = bottom - top`.
It enables us to treat `Gfx::Rect<int>` and `Gfx::Rect<float>` exactly
the same.
All users of `Gfx::Rect` have been updated accordingly.
Now, we write the data recieved to a file when the user drags a file
onto the Spice Viewer window. Once complete, the FileExplorer will open
with the copied file highlighted.
The old message system was very dependent on syscalls, and the overall
structure made it hard to implement new features.
The new message system is pretty expandible, where each message has its
own dedicated class. As well as this, we now use Core::File and
AK::Stream for reading and writing messages.
Using AK::Stream also allows us to change the actual data source
(in this case, Core::File) without having to update a whole lot of code
in the future.
It occurred to me that when trying to running "pls pro SOME_URL" with a
subsequent failure (which will be fixed in a future patch), that a small
error message was printed to the debug log about "Failed to drop
privileges (GID=0, UID=0)".
To actually understand where it failed, I added the actual errno to
printed message which helped me with further debugging, but this could
easily help others in similar scenarios so let's print the actual error.
Instead of showing an ambiguous "Unknown error" when FSAS approval is
denied, let's affirm the user's action wasn't permitted if they
reject the prompt.
These 2 are an actual separate types of syscalls, so let's stop using
special flags for bind mounting or re-mounting and instead let userspace
calling directly for this kind of actions.
The resolved property sets are stored with the element in a
per-pseudo-element array (same as for pseudo element layout nodes).
Longer term, we should stop storing this with elements entirely and make
it temporary state in StyleComputer somehow, so we don't waste memory
keeping all the resolved properties around.
This makes various gradients show up on https://shopify.com/ :^)
This allows for the browser process to control the play/pause state,
whether we paint user agent controls on the video, and whether the video
loops when it finishes playing.
This just sets up the IPC to notify the browser process of context menu
requests on video elements. The IPC contains a few pieces of information
about the state of the video element.
Previously it was possible for a window to register as a parentless
blocking modal then add itself to a stealable parent's modal chain,
bypassing a mode misbehavior check in create_window()
Also relaxes reciprocity for blockers with the same parent. This
scenario is usually created by simultaneous MessageBoxes. It's not
an ideal UX to cascade these, but there's no need to crash over it.
