Through links in the help page, the user can directly launch the app
whose help page is currently viewed. The idea for this feature came up
in the discussion of #11557
(https://github.com/SerenityOS/serenity/pull/11557#issuecomment-1004830728
). The intention is that the user can simply open the app they are
currently trying to understand, and play around with it, learn by doing,
or follow along with any guide that may be present in the help page. It
feels very great :^)
This utility helps to dump the physical memory space from /dev/mem.
It supports both read(2) and mmap(2) on it so we could use mmap(2) for
fast dumping of the memory, or read(2) when we need to read unaligned
physical regions.
This allows forcing the use of only the framebuffer set up by the
bootloader and skips instantiating devices for any other graphics
cards that may be present.
This feature was introduced in version 4.17 of the Linux kernel, and
while it's not specified by POSIX, I think it will be a nice addition to
our system.
MAP_FIXED_NOREPLACE provides a less error-prone alternative to
MAP_FIXED: while regular fixed mappings would cause any intersecting
ranges to be unmapped, MAP_FIXED_NOREPLACE returns EEXIST instead. This
ensures that we don't corrupt our process's address space if something
is already at the requested address.
Note that the more portable way to do this is to use regular
MAP_ANONYMOUS, and check afterwards whether the returned address matches
what we wanted. This, however, has a large performance impact on
programs like Wine which try to reserve large portions of the address
space at once, as the non-matching addresses have to be unmapped
separately.
The document describes the implications of enabling and disabling that
option on the ability to enable SMP mode, and describes the requirements
for enabling IOAPIC mode even without enabling SMP mode.
For setreuid and setresuid syscalls, -1 means to set the current
uid/euid/gid/egid value, to be more convenient for programming.
However, for other syscalls where we pass only one argument, there's no
justification to specify -1.
This behavior is identical to how Linux handles the value -1, and is
influenced by the fact that the manual pages for the group of one
argument syscalls that handle ID operations is ambiguous about this
topic.
This set was hand-curated, guided by the questions:
- Does it have at least three options, i.e. is the help page
non-trivial?
- Is the program unusual, i.e. does listing it in Help or on
man.serenityos.org spread awareness?
- Is the program common, but we only implement a subset of 'common'
flags?
'bootmode' now only controls which set of services are started by
SystemServer, so it is more appropriate to rename it to system_mode, and
no longer validate it in the Kernel.
Bootmode used to control framebuffers, panic behavior, and SystemServer.
This patch factors framebuffer control into a separate flag.
Note that the combination 'bootmode=self-test fbdev=on' leads to
unexpected behavior, which can only be fixed in a later commit.
I can't write these manpages ad-hoc, and in most cases I don't want to
remove the link because it is justified. The hope is that with this
FIXME in place, there is more motivation to write these manpages for
someone who knows enough about them. Or at least we will introduce fewer
dead links in the future, making Help more useful.
Chroot exists neither in code nor in documentation. If we add-in the
feature again, it will be simple enough to add it back in to the
documentation. For now, let's clean it up, instead of refering to things
that don't exist.
Found by markdown-checker.
I used "git grep -FIn http://" to find all occurrences, and looked at
each one. If an occurrence was really just a link, and if a https
version exists, and if our Browser can access it at least as well as the
http version, then I changed the occurrence to https.
I'm happy to report that I didn't run into a single site where Browser
can't deal with the https version.
These interfaces are broken for about 9 months, maybe longer than that.
At this point, this is just a dead code nobody tests or tries to use, so
let's remove it instead of keeping a stale code just for the sake of
keeping it and hoping someone will fix it.
To better justify this, I read that OpenBSD removed loadable kernel
modules in 5.7 release (2014), mainly for the same reason we do -
nobody used it so they had no good reason to maintain it.
Still, OpenBSD had LKMs being effectively working, which is not the
current state in our project for a long time.
An arguably better approach to minimize the Kernel image size is to
allow dropping drivers and features while compiling a new image.
A quick grep revealed these stats (counting only the first occurrence
per line):
`thing`(1): 154
`thing(1)`: 9
thing(1): 4
This commit converts all occurrences to the `thing`(1) format.
The new asctl (audio server control) utility expands on avol with a
completely new command line interface (documented in the man page) that
supports retrieving and setting all exposed audio server settings, like
volume and sample rate. This is currently the only user-facing way of
changing the sample rate.
We are not using this for anything and it's just been sitting there
gathering dust for well over a year, so let's stop carrying all this
complexity around for no good reason.
On macOS with a Finnish keyboard layout, $ is typed with Option+4. While
writing this manpage, I made the mistake of holding Option down a little
too long, as I often do, resulting in the keystroke Option+space. This,
instead of typing a space, types U+00A0 (non-breaking space), which
looks identical on my host terminal. Luckily the Serenity terminal
called me out on it, printing out a question mark instead.
Since this program is setuid-root, it should be as simple as possible.
To that end, remove `/etc/plsusers` and use filesystem permissions to
achieve the same thing. `/bin/pls` is now only executable by `root` or
members of the `wheel` group.
Also remove all the logic that went to great lengths to `unveil()` a
minimal set of filesystem paths that may be used for the command.
The complexity-to-benefit ratio did not seem justified, and I think
we're better off keeping this simple.
Finally, remove pledge promises the moment they are no longer needed.
This is a new promise that guards access to mmap() with MAP_FIXED.
Fixed-address mappings are rarely used, but can be useful if you are
trying to groom the process address space for malicious purposes.
None of our programs need this at the moment, as the only user of
MAP_FIXED is DynamicLoader, but the fixed mappings are constructed
before the process has had a chance to pledge anything.
We had an exception that allowed SOL_SOCKET + SO_PEERCRED on local
socket to support LibIPC's PID exchange mechanism. This is no longer
needed so let's just remove the exception.
This prevents sys$mmap() and sys$mprotect() from creating executable
memory mappings in pledged programs that don't have this promise.
Note that the dynamic loader runs before pledging happens, so it's
unaffected by this.
When mounting an Ext2FS, a block device source is required. All other
filesystem types are unaffected, as most of them ignore the source file
descriptor anyway.
Fixes#5153.
All users of this mechanism have been switched to anonymous files and
passing file descriptors with sendfd()/recvfd().
Shbufs got us where we are today, but it's time we say good-bye to them
and welcome a much more idiomatic replacement. :^)
The vast majority of programs don't ever need to use sys$ptrace(),
and it seems like a high-value system call to prevent a compromised
process from using.
This patch moves sys$ptrace() from the "proc" promise to its own,
new "ptrace" promise and updates the affected apps.
Such errors are raised when SyntaxError nodes are executed, and are also
used for internal control flow.
The 'break' and 'continue' commands are currently only allowed inside
for loops, and outside function bodies.
This also adds a 'loop' keyword for infinite loops.
Problem:
- C functions with no arguments require a single `void` in the argument list.
Solution:
- Put the `void` in the argument list of functions in C header files.
Problem:
- `(void)` simply casts the expression to void. This is understood to
indicate that it is ignored, but this is really a compiler trick to
get the compiler to not generate a warning.
Solution:
- Use the `[[maybe_unused]]` attribute to indicate the value is unused.
Note:
- Functions taking a `(void)` argument list have also been changed to
`()` because this is not needed and shows up in the same grep
command.
This is a new "browse" permission that lets you open (and subsequently list
contents of) directories underneath the path, but not regular files or any other
types of files.
It's a thin userland wrapper around adjtime(2). It can be used
to view current pending time adjustments, and root can use it to
smoothly adjust the system time.
As far as I can tell, other systems don't have a userland utility
for this, but it seems useful. Useful enough that I'm adding it to
the lagom build so I can use it on my linux box too :)
Most systems (Linux, OpenBSD) adjust 0.5 ms per second, or 0.5 us per
1 ms tick. That is, the clock is sped up or slowed down by at most
0.05%. This means adjusting the clock by 1 s takes 2000 s, and the
clock an be adjusted by at most 1.8 s per hour.
FreeBSD adjusts 5 ms per second if the remaining time adjustment is
>= 1 s (0.5%) , else it adjusts by 0.5 ms as well. This allows adjusting
by (almost) 18 s per hour.
Since Serenity OS can lose more than 22 s per hour (#3429), this
picks an adjustment rate up to 1% for now. This allows us to
adjust up to 36s per hour, which should be sufficient to adjust
the clock fast enough to keep up with how much time the clock
currently loses. Once we have a fancier NTP implementation that can
adjust tick rate in addition to offset, we can think about reducing
this.
adjtime is a bit old-school and most current POSIX-y OSs instead
implement adjtimex/ntp_adjtime, but a) we have to start somewhere
b) ntp_adjtime() is a fairly gnarly API. OpenBSD's adjfreq looks
like it might provide similar functionality with a nicer API. But
before worrying about all this, it's probably a good idea to get
to a place where the kernel APIs are (barely) good enough so that
we can write an ntp service, and once we have that we should write
a way to automatically evaluate how well it keeps the time adjusted,
and only then should we add improvements ot the adjustment mechanism.
This is implemented in Line::Editor meaning not only the Shell will
respect it, but also js, Debugger etc.
Possible values are "ignorespace", "ignoredups" and "ignoreboth", as
documented in Shell-vars(7), for now.
The default value for the anon user (set in .shellrc) is "ignoreboth".
This patchset adds the following to the manpage:
- Mention `if` expressions.
- Add section about subshells
- Mention that control structures can now be used as commands
- Update the grammar.
- Fix small header size mistake with "Example"'s being larger than their
containing sections.
This syscall allows a parent process to disown a child process, setting
its parent PID to 0.
Unparented processes are automatically reaped by the kernel upon exit,
and no sys$waitid() is required. This will make it much nicer to do
spawn-and-forget which is common in the GUI environment.
Now that we have a standalone test-js program, the "-t" test mode of the
js REPL is unused and can simply be removed. Required functionality has
been duplicated in test-js (isStrictMode function, loading of testing
utilities).
Also remove outdated information about tests from the js(1) man page.
Now that we have SystemServer that can (re)spawn the Shell, we don't need a
separate server just for that.
The two shells (on tty0 and tty1) are configured to only be started when booting
in text mode. This means you can now simply say boot_mode=text on the kernel
command line, and SystemServer will set up the system and spawn a comfy root
shell for you :^)
Services can now have their initial working directory
configured via `SystemServer.ini`.
This commit also configures Terminal's working directory
to be /home/anon
This feels a lot more consistent and Unixy:
create_shared_buffer() => shbuf_create()
share_buffer_with() => shbuf_allow_pid()
share_buffer_globally() => shbuf_allow_all()
get_shared_buffer() => shbuf_get()
release_shared_buffer() => shbuf_release()
seal_shared_buffer() => shbuf_seal()
get_shared_buffer_size() => shbuf_get_size()
Also, "shared_buffer_id" is shortened to "shbuf_id" all around.
This commit implements the `useradd` utility that is found on most,
if not all *NIX systems. It allows the root user to add new users
to the password file found in `/etc/passwd`, thereby making
it easier to manipulate the file.
This patch adds a new "accept" promise that allows you to call accept()
on an already listening socket. This lets programs set up a socket for
for listening and then dropping "inet" and/or "unix" so that only
incoming (and existing) connections are allowed from that point on.
No new outgoing connections or listening server sockets can be created.
In addition to accept() it also allows getsockopt() with SOL_SOCKET
and SO_PEERCRED, which is used to find the PID/UID/GID of the socket
peer. This is used by our IPC library when creating shared buffers that
should only be accessible to a specific peer process.
This allows us to drop "unix" in WindowServer and LookupServer. :^)
It also makes the debugging/introspection RPC sockets in CEventLoop
based programs work again.