Next to functions like `is_eof` these were really confusing to use, and
the `read`/`write` functions should fail anyways if a stream is not
readable/writable.
`Core::Stream::File` shouldn't hold any utility methods that are
unrelated to constructing a `Core::Stream`, so let's just replace the
existing `Core::File::exists` with the nicer looking implementation.
This will make it easier to support both string types at the same time
while we convert code, and tracking down remaining uses.
One big exception is Value::to_string() in LibJS, where the name is
dictated by the ToString AO.
We have a new, improved string type coming up in AK (OOM aware, no null
state), and while it's going to use UTF-8, the name UTF8String is a
mouthful - so let's free up the String name by renaming the existing
class.
Making the old one have an annoying name will hopefully also help with
quick adoption :^)
Make LocalServer connections not terminate their process from SIGPIPE,
which fixes the issue where closing DisplaySettings with the[OK] button
would often crash WindowServer.
When creating a `Core::Stream::Socket`, you can now choose to prevent
SIGPIPE signals from firing and terminating your process. This is done
by passing MSG_NOSIGNAL to the `System::recv()` or `System::send()`
calls when you `read()` or `write()` to that Socket.
This could be used in a scenario when it is expected that a user program
will be invoked with a specific option multiple times, for example:
"program --a-option=example --a-option=anotherexample ..."
To accomplish this, we add another VeilState which is called
LockedInherited. The idea is to apply exec unveil data, similar to
execpromises of the pledge syscall, on the current exec'ed program
during the execve sequence. When applying the forced unveil data, the
veil state is set to be locked but the special state of LockedInherited
ensures that if the new program tries to unveil paths, the request will
silently be ignored, so the program will continue running without
receiving an error, but is still can only use the paths that were
unveiled before the exec syscall. This in turn, allows us to use the
unveil syscall with a special utility to sandbox other userland programs
in terms of what is visible to them on the filesystem, and is usable on
both programs that use or don't use the unveil syscall in their code.
This allows rectangle specifications in the form [x, y, width, height],
which mirrors margin properties and is much more convenient than the
JSON object specifications that were allowed before. Those are still
allowed, of course.
These lambdas were marked mutable as they captured a Ptr wrapper
class by value, which then only returned const-qualified references
to the value they point from the previous const pointer operators.
Nothing is actually mutating in the lambdas state here, and now
that the Ptr operators don't add extra const qualifiers these
can be removed.
In order to avoid the base encode/decode methods from being used (and
failing a static assertion), we must be sure to declare/define the
custom type implementations as template specializations.
After this, LibIPC is no longer sensitive to include order.
This hasn't been an issue on Serenity, but on Linux, if a program opens
a TCPServer on some port and then exits, that program can't be re-run
until the OS makes the port available again. This is usually ~2x the TCP
socket's maximum segment lifetime, upwards of a minute.
Add an option to TCPServer to allow re-using the port after the program
exits.
We still log the error (perhaps in the future, we will only want to log
the error if there is no handler). But this allows callers to actually
handle errors to e.g. unblock waiters.
This happens in two ways:
1. LibCore now has two new methods for creating Jails and attaching
processes to a Jail.
2. We introduce 3 new utilities - lsjails, jail-create and jails-attach,
which list jails, create jails and attach processes to a Jail,
respectively.
This method was taken from the pls utility and its purpose is to execute
a given command with all the required requirements such as providing a
suitable exec environment.
Otherwise, we end up propagating those dependencies into targets that
link against that library, which creates unnecessary link-time
dependencies.
Also included are changes to readd now missing dependencies to tools
that actually need them.
Even though the toolchain implicitly links against -lc, it does not know
where it should get LibC from except for the sysroot. In the case of
Clang this causes it to pick up the LibC stub instead, which might be
slightly outdated and feature missing symbols.
This is currently not an issue that manifests because we pass through
the dependency on LibC and other libraries by accident, which causes
CMake to link against the LibC target (instead of just the library),
and thus points the linker at the build output directory.
Since we are looking to fix that in the upcoming commits, let's make
sure that everything will still be able to find the proper LibC first.
Previously, this would cause an assert to fail if one reads a completely
buffered line into a buffer that is smaller than the Stream's internal
buffer.
We should not rely on the Kernel to unveil this for us, so if a program
needs to execute another program it should unveil the dynamic loader too
to prevent crashing.
To do this, we check if the user program tried to unveil a binary with
at least using the 'x' permission, so we will try to also unveil the
dynamic loader too.
