We need to call waitpid until no more waitable children are available.
This is necessary because SIGCHLD signals may coalesce into one when
multiple children terminate almost simultaneously.
This fixes random zombie processes sticking around after e.g. closing
Browser.
Also, switch to EventLoop's asynchronous signal handling mechanism,
which allows more complex operations in the signal handler.
Instead of everyone overriding save_to() and set_property() and doing
a pretty asymmetric job of implementing the various properties, let's
add a bit of structure here.
Object properties are now represented by a Core::Property. Properties
are registered with a getter and setter (optional) in constructors.
I've added some convenience macros for creating and registering
properties, but this does still feel a bit bulky. We'll have to
iterate on this and see where it goes.
A malicious caller can create a SocketAddress for a local unix socket with an
over-long name that does not fit into struct sock_addr_un.
- Socket::connet: This caused the 'sun_path' field to
overflow, probably overwriting the return pointer of the call frame, and thus
crashing the process (in the best case).
- SocketAddress::to_sockaddr_un: This triggered a RELEASE_ASSERT, and thus
crashing the process.
Both have been fixed to return a nice error code instead of crashing.
You can now ask SystemServer to not only listen for connections on the socket,
but to actually accept them, and to spawn an instance of the service for each
client connection. In this case, it's the accepted, not listening, socket that
the service processes will receive using socket takeover.
This mode obviously requires the service to be a multi-instance service.
For this kind of services, there's no single PID of a running instance;
there may be multiple, or no instances of the service running at any time.
No keepalive functionality is available in this mode, since "alive" doesn't
make sense for multi-instance services.
At the moment, there's no way to actually create multiple instances of
a service; this is going to be added in the next commit.
* In some cases, we can first call sigaction()/signal(), then *not* pledge
sigaction.
* In other cases, we pledge sigaction at first, call sigaction()/signal()
second, then pledge again, this time without sigaction.
* In yet other cases, we keep the sigaction pledge. I suppose these could all be
migrated to drop it or not pledge it at all, if somebody is interested in
doing that.
It didn't feel right to have a "DHCPClient" in a "Servers" directory.
Rename this to Services to better reflect the type of programs we'll
be putting in there.
