Improve pledge() usability and consistency

- We now kill the program on violations like OpenBSD - We now print a message explaining which promise is needed - This change also fixes a linkage bug with thread local storage - Your sigaction() handlers should now be more thread safe A new `__pledge_mode` global has been introduced to make pledge() more customizable on Linux. For example: __attribute__((__constructor__)) static void init(void) { __pledge_mode = SECCOMP_RET_ERRNO | EPERM; } Can be used to restore our old permissive pledge() behavior.
2025-07-01 16:58:30 +00:00 · 2022-08-07 16:18:33 -07:00 · 2022-08-07 16:18:33 -07:00 · 5546559034
commit 5546559034
parent 13c1c45075
30 changed files with 713 additions and 86 deletions
--- a/libc/runtime/runtime.h
+++ b/libc/runtime/runtime.h
@ -17,6 +17,7 @@ extern intptr_t __oldstack;                         /* CRT */
 extern uint64_t __nosync;                           /* SYS */
 extern _Atomic(int) __ftrace;                       /* SYS */
 extern _Atomic(int) __strace;                       /* SYS */
+extern uint32_t __pledge_mode;                      /* SYS */
 extern char *program_invocation_name;               /* RII */
 extern char *program_invocation_short_name;         /* RII */
 extern uint64_t __syscount;                         /* RII */
@ -41,6 +42,10 @@ extern unsigned char *__relo_start[];               /* αpε */
 extern unsigned char *__relo_end[];                 /* αpε */
 extern uint8_t __zip_start[];                       /* αpε */
 extern uint8_t __zip_end[];                         /* αpε */
+extern uint8_t __data_start[];                      /* αpε */
+extern uint8_t __data_end[];                        /* αpε */
+extern uint8_t __bss_start[];                       /* αpε */
+extern uint8_t __bss_end[];                         /* αpε */
 extern size_t __virtualmax;
 extern bool __isworker;