Immutable mounts are mounts that can't be changed in any aspect, if the
VFSRootContext that hold them is used by a process. This includes two
operations on a mount:
1. Trying to remove the mount from the mount table.
2. Trying to change the flags of the mount.
The condition of a VFSRootContext being held by a process or not is
crucial, as the intention is to allow removal of mounts that marked as
immutable if the VFSRootContext is not being used anymore (for example,
if the container that was created with such context stopped).
Marking mounts as immutable on the first VFS root context essentially
ensures they will never be modified because there will be a process
using that context (which is the "main" VFS root context in the system
runtime).
It should be noted that setting a mount as immutable can be done in
creation time of the mount by passing the MS_IMMUTABLE flag, or by doing
a remount with MS_IMMUTABLE flag.
Together with a first JSON file for bringing up a fully functional
BuggieBox container, we allow users to take advantage of the kernel
unsharing features that were introduced in earlier commits.
These 2 syscalls are responsible for unsharing resources in the system,
such as hostname, VFS root contexts and process lists.
Together with an appropriate userspace implementation, these syscalls
could be used for creating a sandbox environment (containers) for user
programs.
The whole concept of Jails was far more complicated than I actually want
it to be, so let's reduce the complexity of how it works from now on.
Please note that we always leaked the attach count of a Jail object in
the fork syscall if it failed midway.
Instead, we should have attach to the jail just before registering the
new Process, so we don't need to worry about unsuccessful Process
creation.
The reduction of complexity in regard to jails means that instead of
relying on jails to provide PID isolation, we could simplify the whole
idea of them to be a simple SetOnce, and let the ProcessList (now called
ScopedProcessList) to be responsible for this type of isolation.
Therefore, we apply the following changes to do so:
- We make the Jail concept no longer a class of its own. Instead, we
simplify the idea of being jailed to a simple ProtectedValues boolean
flag. This means that we no longer check of matching jail pointers
anywhere in the Kernel code.
To set a process as jailed, a new prctl option was added to set a
Kernel SetOnce boolean flag (so it cannot change ever again).
- We provide Process & Thread methods to iterate over process lists.
A process can either iterate on the global process list, or if it's
attached to a scoped process list, then only over that list.
This essentially replaces the need of checking the Jail pointer of a
process when iterating over process lists.
This utility lists all devices' major number allocations, for character
and block devices. It can help the user to figure out the DeviceMapper
service manages spawning of device nodes in /dev and other associated
files under the /tmp/system/devicemap directory.
- Document exactly which crash features are available on which
architectures. There's several interesting crash tests we will want to
add for specific architectures, such as misaligned memory accesses.
- Don't compile the divide by zero crash test on RISC-V, as they simply
don't crash here.
- Rename the test for "x86 User Mode Instruction Prevention" to a more
generic "try to execute a priviledged instruction"; whatever that
specifically entails on any given architecture.
- Rename a bunch of internal variables to more generic names.
- Wrap the x86-specific implementation of "execute non executable
memory" in architecture preprocessor checks.
Similarly to OpenBSD nc, an option to just connect without transmitting
any actual data is added.
However, we don't allow UDP-mode when testing a remote service, as it
will always succeed and has no technical meaning for the user if they're
not able to view the traffic on the remote machine.
These options supplements the original threshold option, because it's
now possible to specify a threshold and add either minimum/maximum size
for additional filtering.
It's also possible to not use the old threshold option (that Tim
Schumacher told me it was inherited from coreutils) and only specify the
2 new options to create a filtering.
As a preparation to introducing ldd as a symlink to /usr/lib/Loader.so
we rename the ldd utility to be elfdeps, at its sole purpose is to list
ELF object dependencies, and not how the dynamic loader loads them.
Nobody uses this functionality. I used this code on my old 2007 ICH7
test machine about a year ago, but bare metal is a small aspect of the
project, so it's safe to assume that nobody really tests this piece of
code.
Therefore, let's drop this for good and focus on more modern hardware.
Now both /bin/zcat and /bin/gunzip are symlinks to /bin/gzip, and we
essentially running it in decompression mode through these symlinks.
This ensures we don't maintain 2 versions of code to decompress Gzipped
data anymore, and handle the use case of gzipped-streaming input only
once in the codebase.
Restore ImageViewer's new application icon, which was accidentally
changed back to using the filetype icon by e800605.
Additionally, use the correct icon in the ImageViewer manpage.
Many widget classes need to run substantial initialization code after
they have been setup from GML. With this change, an
initialize_fallibles() function is called if available, allowing the
initialization to be invoked from the GML setup automatically. This
means that the GML-generated creation function can now be used directly
for many more cases, and reduces code duplication.
The -p flag is equivalent to the previous behavior: outputting the
uptime in a human-readable form.
We don't seem to expose the number of online users or the load averages,
so those sections are missing from the output compared to those OSes.
This is an option supported by coreutils, so we might as well support
it too.
It allows users to wrap their encoded output after the "column" value
they provide.
This commit also has the Markdown look more like what we see
when running ArgsParser::print_usage_markdown() (and it fixes some
of the examples).
This utility uses the Core::DirIterator facility which in turn uses the
get_dir_entries syscall. Therefore, this utility lets us to view the
actual values for inode numbers, and entry type value for directory
entries.
In a bunch of cases, this actually ends up simplifying the code as
to_number will handle something such as:
```
Optional<I> opt;
if constexpr (IsSigned<I>)
opt = view.to_int<I>();
else
opt = view.to_uint<I>();
```
For us.
The main goal here however is to have a single generic number conversion
API between all of the String classes.
This commit un-deprecates DeprecatedString, and repurposes it as a byte
string.
As the null state has already been removed, there are no other
particularly hairy blockers in repurposing this type as a byte string
(what it _really_ is).
This commit is auto-generated:
$ xs=$(ack -l \bDeprecatedString\b\|deprecated_string AK Userland \
Meta Ports Ladybird Tests Kernel)
$ perl -pie 's/\bDeprecatedString\b/ByteString/g;
s/deprecated_string/byte_string/g' $xs
$ clang-format --style=file -i \
$(git diff --name-only | grep \.cpp\|\.h)
$ gn format $(git ls-files '*.gn' '*.gni')
Add a new widget "DynamicWidgetContainer" that is used to group it's
child widgets within an collapsable and detachable container. The
DynmnicWidgetContainer is able to persist it's view state if a config
domain has been provided. Having that set will allow the widget to
restore it's view state automatically.
