Improve pledge() usability and consistency

- We now kill the program on violations like OpenBSD
- We now print a message explaining which promise is needed
- This change also fixes a linkage bug with thread local storage
- Your sigaction() handlers should now be more thread safe

A new `__pledge_mode` global has been introduced to make pledge() more
customizable on Linux. For example:

    __attribute__((__constructor__)) static void init(void) {
      __pledge_mode = SECCOMP_RET_ERRNO | EPERM;
    }

Can be used to restore our old permissive pledge() behavior.

libc/sysv/calls/sys_syslog.s

@@ -0,0 +1,2 @@
+.include "o/libc/sysv/macros.internal.inc"
+.scall sys_syslog,0xfffffffffffff067,globl,hidden

libc/sysv/calls/syslog.s

@@ -1,2 +0,0 @@
-.include "o/libc/sysv/macros.internal.inc"
-.scall syslog,0xfffffffffffff067,globl

libc/sysv/consts/kern.h

@@ -0,0 +1,21 @@
+#ifndef COSMOPOLITAN_LIBC_SYSV_CONSTS_KERN_H_
+#define COSMOPOLITAN_LIBC_SYSV_CONSTS_KERN_H_
+#if !(__ASSEMBLER__ + __LINKER__ + 0)
+COSMOPOLITAN_C_START_
+
+#define KERN_SOH       "\001"
+#define KERN_SOH_ASCII '\001'
+#define KERN_EMERG     KERN_SOH "0"
+#define KERN_ALERT     KERN_SOH "1"
+#define KERN_CRIT      KERN_SOH "2"
+#define KERN_ERR       KERN_SOH "3"
+#define KERN_WARNING   KERN_SOH "4"
+#define KERN_NOTICE    KERN_SOH "5"
+#define KERN_INFO      KERN_SOH "6"
+#define KERN_DEBUG     KERN_SOH "7"
+#define KERN_DEFAULT   ""
+#define KERN_CONT      KERN_SOH "c"
+
+COSMOPOLITAN_C_END_
+#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
+#endif /* COSMOPOLITAN_LIBC_SYSV_CONSTS_KERN_H_ */

libc/sysv/consts/loglevel.h

@@ -0,0 +1,19 @@
+#ifndef COSMOPOLITAN_LIBC_SYSV_CONSTS_LOGLEVEL_H_
+#define COSMOPOLITAN_LIBC_SYSV_CONSTS_LOGLEVEL_H_
+#if !(__ASSEMBLER__ + __LINKER__ + 0)
+COSMOPOLITAN_C_START_
+
+#define LOGLEVEL_SCHED   -2
+#define LOGLEVEL_DEFAULT -1
+#define LOGLEVEL_EMERG   0
+#define LOGLEVEL_ALERT   1
+#define LOGLEVEL_CRIT    2
+#define LOGLEVEL_ERR     3
+#define LOGLEVEL_WARNING 4
+#define LOGLEVEL_NOTICE  5
+#define LOGLEVEL_INFO    6
+#define LOGLEVEL_DEBUG   7
+
+COSMOPOLITAN_C_END_
+#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
+#endif /* COSMOPOLITAN_LIBC_SYSV_CONSTS_LOGLEVEL_H_ */

libc/sysv/restorert.S

@@ -16,6 +16,7 @@
 │ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
 │ PERFORMANCE OF THIS SOFTWARE.                                                │
 ╚─────────────────────────────────────────────────────────────────────────────*/
+#include "libc/sysv/consts/nrlinux.h"
 #include "libc/macros.internal.h"
 .privileged
 
@@ -25,8 +26,8 @@ __restore_bt:
 	.endfn	__restore_bt,globl,hidden
 	nop	# gap so that __get_symbol(st, addr - 1) fails
 	.align	16
-__restore_rt:				# @see gdb/amd64-linux-tdep.c
-	mov	$0x000f,%rax		# [sic]
+__restore_rt:					# @see gdb/amd64-linux-tdep.c
+	mov	$__NR_linux_sigreturn,%rax	# [sic]
 	syscall
 	.align	16
 	.endfn	__restore_rt,globl,hidden

libc/sysv/syscalls.sh

@@ -140,7 +140,7 @@ scall	__sys_getrusage		0x1bd0130752075062	globl hidden
 scall	sys_sysinfo		0xfffffffffffff063	globl hidden
 scall	sys_times		0xfffffffffffff064	globl hidden
 scall	sys_ptrace		0x01a01a01a201a065	globl hidden
-scall	syslog			0xfffffffffffff067	globl
+scall	sys_syslog		0xfffffffffffff067	globl hidden
 scall	sys_getuid		0x0180180182018066	globl hidden
 scall	sys_getgid		0x02f02f02f202f068	globl hidden
 scall	sys_getppid		0xfff027027202706e	globl hidden # see sys_getpid()→edx for netbsd