This commit does three things atomically:
- switch over Core::Account+SystemServer+LoginServer to sid based socket
names.
- change socket names with %uid to %sid.
- add/update necessary pledges and unveils.
Userland: Switch over servers to sid based sockets
Userland: Properly pledge and unveil for sid based sockets
Because HID devices are not always present in quantities of one per type
it is more elegant and correct to put the representative device nodes in
subdirectories for each HID device type.
This patch allows to insert "%uid" in `IPC_CLIENT_CONNECTION`
declaration and in SystemServer's ini files. This pattern is replaced
then replaced by the UID of the owner of the service. It opens a path
for seamlessly managed, per-user portal.
Various changes are needed to support this:
- The directory is created by Core::Account on login (and located in
/tmp).
- Service's sockets are now deleted on exit (to allow re-creation)
- SystemServer needs to handle SIGTERM to correctly destroy services.
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).
No functional changes.
SystemServer now invokes services with the same uid as the process that
made the request.
This allows the superuser to have a normal GUI workflow. For example,
read and write its own files in TextEditor.
New propagated errors comes from an endgrent call, and all chown+chmod
calls all over the file. For the two last functions, custom C++ wrappers
were used.
Those wrappers were discarding `ENOENT` errors and naively crashing on
other errors, this change introduced in 76e12a48 was used to prevent a
crash if a mouse wasn't detected. There are no reasons to discard and to
not propagate other errors.
Previously, the device wasn't being created.
The new numbers correspond to those in the FullDevice (which is also
a Linux's full device number).
Also, I've tweaked the permissions to give everyone read-write access
to it.
As the framebuffer devices are gone by now, searching for them makes no
sense, so instead, let's remove this check now. If the user requested to
boot into text mode, he probably knows what he is doing and we should
not try to warn him about this.
SystemServer had safety fallbacks to boot into text mode if the user
errorneously specified graphical mode but no video hardware was present.
As it's now possible to do exactly this intentionally, we should allow
it. This would of course make WindowServer fall over and die if
configured improperly, but if you're messing with the kernel command
line in strange ways, you should be able to fix that.
I've attempted to handle the errors gracefully where it was clear how to
do so, and simple, but a lot of this was just adding
`release_value_but_fixme_should_propagate_errors()` in places.
We first create the /dev/devctl based on the information from the SysFS.
Then, we create block devices and character devices based on the events
we read from that device.
Add them in `<Kernel/API/Device.h>` and use these to provides
`{makedev,major,minor}` in `<sys/sysmacros.h>`. It aims to be more in
line with other Unix implementations and avoid code duplication in user
land.
This file refers to the controlling terminal associated with the current
process. It's specified by POSIX, and is used by ports like openssh to
interface with the terminal even if the standard input/output is
redirected to somewhere else.
Our implementation leverages ProcFS's existing facilities to create
process-specific symbolic links. In our setup, `/dev/tty` is a symbolic
link to `/proc/self/tty`, which itself is a symlink to the appropriate
`/dev/pts` entry. If no TTY is attached, `/dev/tty` is left dangling.
Previously, Virtio console ports would not show up in `/sys/dev/char/`.
Also adds support to `SystemServer` to create more than one console
port device in `/dev/` in the multiport case.
'bootmode' now only controls which set of services are started by
SystemServer, so it is more appropriate to rename it to system_mode, and
no longer validate it in the Kernel.
We are no longer have a separate Inode object class for the pts
directory. With a small exception to this, all chmod and chown code
is now at one place.
It's now possible to create any name of a sub-directory in the
filesystem.
While traversing in both /sys/dev/char and /sys/dev/block, SystemServer
populates the DevFS (mounted normally in /dev) with the corresponding
device nodes.
This is a very crude implementation of populating DevFS device nodes,
before we have a full-fledged udev-like daemon to take care of this
task. Also, we don't populate DiskPartition device nodes yet, because
that requires more sophisticated mechanism to figure out which
DiskPartition is related to which StorageDevice.
Don't create these device nodes in the Kernel, so we essentially enforce
userspace (SystemServer) to take control of this operation and to decide
how to create these device nodes.
This makes the DevFS to resemble linux devtmpfs, and allows us to remove
a bunch of unneeded overriding implementations of device name creation
in the Kernel.
Instead of neatly searching for all framebuffer device nodes and
changing ownership of them, let's generalize this function so we can
apply the same pattern on tty nodes.
WindowServer was not able to utilize any other framebuffer device in the
/dev directory due to wrong group ownership of other framebuffer
devices. Therefore we need to ensure that when SystemServer starts,
it checks all directory entries in /dev, searching for framebuffer
devices, and then apply the correct ownership for them.
