Fix bugs and add security features to redbean

- Fix a regression with the previous change that broke redbean
- Add chroot(), resource limit, seccomp, and other stuff to redbean
- Write lots and lots of documentation
- Iron out more system call issues

libc/runtime/clone.c

@@ -87,13 +87,11 @@ privileged int clone(int (*f)(void *), void *stack, int flags, void *arg, ...) {
     if (ax) return ax;
     asm volatile("xor\t%%ebp,%%ebp\n\t"
                  "pop\t%%rdi\n\t"
-                 "call\t%1"
-                 : "=a"(ax)
-                 : "r"(func)
-                 : "memory");
-    asm volatile("syscall"
+                 "call\t%0\n\t"
+                 "xchg\t%%eax,%%edi\n\t"
+                 "call\t_Exit1"
                  : /* no outputs */
-                 : "a"(__NR_exit), "D"(ax)
+                 : "r"(func)
                  : "memory");
     unreachable;
   } else if (IsWindows()) {

libc/runtime/getsymboltable.c

@@ -19,6 +19,7 @@
 #include "libc/assert.h"
 #include "libc/bits/bits.h"
 #include "libc/bits/weaken.h"
+#include "libc/calls/issandboxed.h"
 #include "libc/calls/strace.internal.h"
 #include "libc/macros.internal.h"
 #include "libc/runtime/runtime.h"
@@ -117,7 +118,7 @@ static struct SymbolTable *GetSymbolTableFromElf(void) {
 struct SymbolTable *GetSymbolTable(void) {
   int ft, st;
   struct Zipos *z;
-  if (!g_symtab) {
+  if (!g_symtab && !__issandboxed) {
     ft = g_ftrace, g_ftrace = 0;
     st = __strace, __strace = 0;
     if (weaken(__zipos_get) && (z = weaken(__zipos_get)())) {

libc/runtime/mmap.c

@@ -112,6 +112,14 @@ noasan static bool Automap(int n, int *res) {
   }
 }
 
+noasan static size_t GetMemtrackSize(struct MemoryIntervals *mm) {
+  size_t i, n;
+  for (n = i = 0; i < mm->i; ++i) {
+    n += ((size_t)(mm->p[i].y - mm->p[i].x) + 1) << 16;
+  }
+  return n;
+}
+
 static noasan void *MapMemory(void *addr, size_t size, int prot, int flags,
                               int fd, int64_t off, int f, int x, int n) {
   struct DirectMap dm;
@@ -225,6 +233,7 @@ noasan void *mmap(void *addr, size_t size, int prot, int flags, int fd,
   void *res;
   char *p = addr;
   struct DirectMap dm;
+  size_t virtualused, virtualneed;
   int a, b, i, f, m, n, x;
   if (UNLIKELY(!size)) {
     STRACE("size=0");
@@ -268,6 +277,13 @@ noasan void *mmap(void *addr, size_t size, int prot, int flags, int fd,
   } else if (__isfdkind(fd, kFdZip)) {
     STRACE("fd is zipos handle");
     res = VIP(einval());
+  } else if (__virtualmax &&
+             (__builtin_add_overflow((virtualused = GetMemtrackSize(&_mmi)),
+                                     size, &virtualneed) ||
+              virtualneed > __virtualmax)) {
+    STRACE("%'zu size + %'zu inuse exceeds virtual memory limit %'zu", size,
+           virtualused, __virtualmax);
+    res = VIP(enomem());
   } else {
     if (fd == -1) {
       size = ROUNDUP(size, FRAMESIZE);

libc/runtime/runtime.h

@@ -38,6 +38,7 @@ extern unsigned char *__relo_end[];                 /* αpε */
 extern uint8_t __zip_start[];                       /* αpε */
 extern uint8_t __zip_end[];                         /* αpε */
 extern bool ftrace_enabled;
+extern size_t __virtualmax;
 
 void mcount(void);
 unsigned long getauxval(unsigned long);
@@ -49,6 +50,7 @@ void _longjmp(jmp_buf, int) libcesque wontreturn paramsnonnull();
 void exit(int) wontreturn;
 void _exit(int) libcesque wontreturn;
 void _Exit(int) libcesque wontreturn;
+void _Exit1(int) libcesque wontreturn;
 void quick_exit(int) wontreturn;
 void abort(void) wontreturn noinstrument;
 int __cxa_atexit(void *, void *, void *) libcesque;