It looks like they're considered a bad idea, so let's not add
them before we need them. I figured it's good to have them in
git history if we ever do need them though, hence the add/remove
dance.
Add seteuid()/setegid() under _POSIX_SAVED_IDS semantics,
which also requires adding suid and sgid to Process, and
changing setuid()/setgid() to honor these semantics.
The exact semantics aren't specified by POSIX and differ
between different Unix implementations. This patch makes
serenity follow FreeBSD. The 2002 USENIX paper
"Setuid Demystified" explains the differences well.
In addition to seteuid() and setegid() this also adds
setreuid()/setregid() and setresuid()/setresgid(), and
the accessors getresuid()/getresgid().
Also reorder uid/euid functions so that they are the
same order everywhere (namely, the order that
geteuid()/getuid() already have).
Previously 4 bytes at once were read and compared to the string
"DATA". This worked when the DATA marker was aligned on a 32-bit
boundary relative to the start of the file. However, this is not
guranteed to always be the case, and for some files the loader
would just keep searching for the marker.
Now that KeyboardSettings is no longer setuid-root, we have to call out
to a helper program to actually set the keymap.
This is a very nice improvement to system security. :^)
This patch removes the setuid-root flag from the KeyboardSettings GUI
application and adds back the old "keymap" program.
It doesn't feel very safe and sound to have a GUI program runnable
as setuid-root, so in the next patch I'll be making KeyboardSettings
call out to the "keymap" program to do its bidding.
The stacking context tree doesn't affect layout at all, so let's move
it into the Painting/ directory. I'm not sure yet if it's worth going
for a fullly separate painting tree. So far I'm thinking a stacking
context tree with pointers into the layout tree might be enough.
"Paint" matches what we call this in the rest of the system. Let's not
confuse things by mixing paint/render/draw all the time. I'm guilty of
this in more places..
Also rename RenderingContext => PaintContext.
The shrink-to-fit width algorithm actually works a little bit different
in the absolute positioning context, so it can't share all of its code
with non-absolute positioning.
Also, inline-block elements were always inserting unnecessary line
breaks when splitting, which caused the preferred width to be smaller
than it should be. This patch fixes that as well, by just not breaking
after inline-block elements in LayoutMode::OnlyRequiredLineBreaks.
CSS defines a very specific paint order. This patch starts steering us
towards respecting that by introducing the PaintPhase enum with values:
- Background
- Border
- Foreground
- Overlay (internal overlays used by inspector)
Basically, to get the right visual result, we have to render the page
multiple times, going one phase at a time.
This commit adds some actions for creating and cycling through tracks.
set_octave_and_ensure_note_change() was refactored to allow switching
tracks to implement the same behaviour.
KnobsWidget is getting pretty bad.
This commit adds multi-track functionality without exposing it to the
user.
All I really did was rename AudioEngine to Track and allow more than one
Track in TrackManager. A lot of the changes are just changing widgets to
take a TrackManager and use current_track().
The TrackManager creates Tracks and gives them a read-only reference to
the global time value. When the TrackManager wants to fill a sample in
the buffer (in fill_buffer()), it calls fill_sample() on each Track.
The delay code is slightly different - a Track will fill its
m_delay_buffer with the sample it just created rather than the most
recent sample in the buffer (which used to be the same thing).
TrackManager manages the current octave.
Other than those few things, this is a pretty basic separation of
concerns.
After layout, we may want to repaint the page, so we now listen for the
PageClient::page_did_invalidate() notification and use it to drive a
client-side repaint.
Note that an invalidation request from LibWeb makes a full roundtrip
to the WebContent client and back since the client drives painting.
The "WebContent" service provides a very restricted instance of LibWeb
running as an unprivileged user account. This will be used to implement
process separation in Browser, among other things.
This first cut of the service only spawns a single WebContent process
when someone connects to /tmp/portal/webcontent. We will soon switch
this over to spawning a new process for each connection.
Since this feature is very immature, we'll be bringing it up inside of
Demos/WebView as a separate demo program. Eventually this will become
a reusable widget that anyone can embed and easily get out-of-process
web content in their GUI.
This is pretty, pretty cool! :^)
All the file actions stuff is still missing for now,
as is POSIX_SPAWN_SETSCHEDULER (not sure what that's
supposed to do) and POSIX_SPAWN_RESETIDS.
Implemented in userspace for now. Once there are users,
it'll likely make sense to make this a syscall for
performance reasons.
A simple test program of the form
extern char **environ;
int main(int argc, char* argv[])
{
pid_t pid;
char* args[] = { "ls", NULL };
posix_spawnp(&pid, "ls", nullptr, nullptr, args, environ);
}
works fine.
