Improve pledge() usability and consistency

- We now kill the program on violations like OpenBSD - We now print a message explaining which promise is needed - This change also fixes a linkage bug with thread local storage - Your sigaction() handlers should now be more thread safe A new `__pledge_mode` global has been introduced to make pledge() more customizable on Linux. For example: __attribute__((__constructor__)) static void init(void) { __pledge_mode = SECCOMP_RET_ERRNO | EPERM; } Can be used to restore our old permissive pledge() behavior.
2025-07-28 13:30:29 +00:00 · 2022-08-07 16:18:33 -07:00 · 2022-08-07 16:18:33 -07:00 · 5546559034
commit 5546559034
parent 13c1c45075
30 changed files with 713 additions and 86 deletions
--- a/libc/sysv/restorert.S
+++ b/libc/sysv/restorert.S
@ -16,6 +16,7 @@
 │ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
 │ PERFORMANCE OF THIS SOFTWARE.                                                │
 ╚─────────────────────────────────────────────────────────────────────────────*/
+#include "libc/sysv/consts/nrlinux.h"
 #include "libc/macros.internal.h"
 .privileged

@ -25,8 +26,8 @@ __restore_bt:
 	.endfn	__restore_bt,globl,hidden
 	nop	# gap so that __get_symbol(st, addr - 1) fails
 	.align	16
-__restore_rt:				# @see gdb/amd64-linux-tdep.c
-	mov	$0x000f,%rax		# [sic]
+__restore_rt:					# @see gdb/amd64-linux-tdep.c
+	mov	$__NR_linux_sigreturn,%rax	# [sic]
 	syscall
 	.align	16
 	.endfn	__restore_rt,globl,hidden