This happens in two ways:
1. LibCore now has two new methods for creating Jails and attaching
processes to a Jail.
2. We introduce 3 new utilities - lsjails, jail-create and jails-attach,
which list jails, create jails and attach processes to a Jail,
respectively.
This method was taken from the pls utility and its purpose is to execute
a given command with all the required requirements such as providing a
suitable exec environment.
We previously had at least three different implementations for resolving
executables in the PATH, all of which had slightly different
characteristics.
Merge those into a single implementation to keep the behaviour
consistent, and maybe to make that implementation more configurable in
the future.
Most changes are around user and group management, which are exposed in
the Android NDK differently than other Unices.
We require version 30 for memfd_create, version 28 for posix_spawn, and
so on. It's possible a shim for memfd_create could be used, but since
Google is mandating new apps use API level 30 as of Nov 2022, this seems
suitable.
These convenience templates allow the following to be written as before:
TRY(Core::System::pledge("promises..."));
TRY(Core::System::pledge("promises...", "execpromises..."));
TRY(Core::System::unveil("path", "permissions"));
TRY(Core::System::unveil(nullptr, nullptr));
Other uses must now append sv to any literal string passed to pledge and
unveil.
This is a single function, which behaves like the various LibC exec()
functions depending on the passed parameters. No direct equivalent is
made for execl() - you have to wrap your arguments in a Span of some
kind.
On Serenity, this calls the syscall directly, whereas Lagom forwards to
the appropriate LibC function.
In a few places we intentionally drop privileges to reduce the potential
security surface area of networked program, with the pattern of:
```
if (setgid(getgid()) || setuid(getuid()) {
return 1;
}
```
We can make this a bit nicer to use by creating a wrapper.
I also added a common interface with StringView compatible parameters:
int serenity_setenv(const char*, ssize_t, const char*, ssize_t, int)
This function is called by both C and C++ API for setenv().
This wrapper is particularly helpful as we use a combination of similar
syscalls on Linux to simulate the behavior of the Serenity-exclusive
anon_create syscall. Users therefore won't have to worry about the
platform anymore :^)
This modifies sys$chown to allow specifying whether or not to follow
symlinks and in which directory.
This was then used to implement lchown and fchownat in LibC and LibCore.
