Make pledge() and unveil() work amazingly

This change reconciles our pledge() implementation with the OpenBSD
kernel source code. We now a polyfill that's much closer to OpenBSD's
behavior. For example, it was discovered that "stdio" permits threads.
There were a bunch of Linux system calls that needed to be added, like
sched_yield(). The exec / execnative category division is now dropped.
We're instead using OpenBSD's "prot_exec" promise for launching APE
binaries and dynamic shared objects. We also now filter clone() flags.

The pledge.com command has been greatly improved. It now does unveiling
by default when Landlock is available. It's now smart enough to unveil a
superset of paths that OpenBSD automatically unveils with pledge(), such
as /etc/localtime. pledge.com also now checks if the executable being
launched is a dynamic shared object, in which case it unveils libraries.

These changes now make it possible to pledge curl on ubuntu 20.04 glibc:

    pledge.com -p 'stdio rpath prot_exec inet dns tty sendfd recvfd' \
        curl -s https://justine.lol/hello.txt

Here's what pledging curl on Alpine 3.16 with Musl Libc looks like:

    pledge.com -p 'stdio rpath prot_exec dns inet' \
        curl -s https://justine.lol/hello.txt

Here's what pledging curl.com w/ ape loader looks like:

    pledge.com -p 'stdio rpath prot_exec dns inet' \
        o//examples/curl.com https://justine.lol/hello.txt

The most secure sandbox, is curl.com converted to static ELF:

    o//tool/build/assimilate.com o//examples/curl.com
    pledge.com -p 'stdio rpath dns inet' \
        o//examples/curl.com https://justine.lol/hello.txt

A weird corner case needed to be handled when resolving symbolic links
during the unveiling process, that's arguably a Landlock bug. It's not
surprising since Musl and Glibc are also inconsistent here too.

libc/sysv/calls/landlock_add_rule.s

@@ -1,2 +0,0 @@
-.include "o/libc/sysv/macros.internal.inc"
-.scall landlock_add_rule,0xfffffffffffff1bd,globl

libc/sysv/calls/landlock_create_ruleset.s

@@ -1,2 +0,0 @@
-.include "o/libc/sysv/macros.internal.inc"
-.scall landlock_create_ruleset,0xfffffffffffff1bc,globl

libc/sysv/calls/landlock_restrict_self.s

@@ -1,2 +0,0 @@
-.include "o/libc/sysv/macros.internal.inc"
-.scall landlock_restrict_self,0xfffffffffffff1be,globl

libc/sysv/calls/pselect.s

@@ -1,2 +1,2 @@
 .include "o/libc/sysv/macros.internal.inc"
-.scall pselect,0x1b406e20a218afff,globl
+.scall pselect,0x1b406e20a218a10e,globl

libc/sysv/calls/pselect6.s

@@ -1,2 +0,0 @@
-.include "o/libc/sysv/macros.internal.inc"
-.scall pselect6,0xfffffffffffff10e,globl

libc/sysv/calls/sys_landlock_add_rule.s

@@ -0,0 +1,2 @@
+.include "o/libc/sysv/macros.internal.inc"
+.scall sys_landlock_add_rule,0xfffffffffffff1bd,globl,hidden

libc/sysv/calls/sys_landlock_create_ruleset.s

@@ -0,0 +1,2 @@
+.include "o/libc/sysv/macros.internal.inc"
+.scall sys_landlock_create_ruleset,0xfffffffffffff1bc,globl,hidden

libc/sysv/calls/sys_landlock_restrict_self.s

@@ -0,0 +1,2 @@
+.include "o/libc/sysv/macros.internal.inc"
+.scall sys_landlock_restrict_self,0xfffffffffffff1be,globl,hidden

libc/sysv/consts.sh

@@ -132,6 +132,7 @@ syscon	errno	EMULTIHOP				72			95			90			0			94			0			# barely in posix
 syscon	errno	ENOLINK					67			97			91			0			95			0			# barely in posix
 syscon	errno	ENOMEDIUM				123			0			0			85			0			0			# not posix; not documented
 syscon	errno	EMEDIUMTYPE				124			0			0			86			0			0			# not posix; not documented
+syscon	errno	EBADFD					77			9			0			0			0			0			# file descriptor in bad state
 syscon	compat	EWOULDBLOCK				11			35			35			35			35			10035			# same as EAGAIN on every platform we've seen
 
 #	signals
@@ -2583,7 +2584,6 @@ syscon	junkerr	ESRMNT					69			0			0			0			0			0
 syscon	junkerr	ECOMM					70			0			0			0			0			0
 syscon	junkerr	EDOTDOT					73			0			0			0			0			0
 syscon	junkerr	ENOTUNIQ				76			0			0			0			0			0
-syscon	junkerr	EBADFD					77			9			0			0			0			0
 syscon	junkerr	EREMCHG					78			0			0			0			0			0
 syscon	junkerr	ELIBACC					79			0			0			0			0			0
 syscon	junkerr	ELIBBAD					80			0			0			0			0			0

libc/sysv/consts/clone.h

@@ -1,15 +1,7 @@
 #ifndef COSMOPOLITAN_LIBC_SYSV_CONSTS_CLONE_H_
 #define COSMOPOLITAN_LIBC_SYSV_CONSTS_CLONE_H_
-#include "libc/runtime/symbolic.h"
-#if !(__ASSEMBLER__ + __LINKER__ + 0)
-COSMOPOLITAN_C_START_
 
-extern const long CLONE_VM;
-
-COSMOPOLITAN_C_END_
-#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
-
-#define CLONE_VM             SYMBOLIC(CLONE_VM)
+#define CLONE_VM             0x00000100
 #define CLONE_FS             0x00000200
 #define CLONE_FILES          0x00000400
 #define CLONE_SIGHAND        0x00000800

libc/sysv/syscalls.sh

@@ -332,7 +332,7 @@ scall	timerfd_gettime		0xfffffffffffff11f	globl # won't polyfill; see INTON/INTO
 scall	recvmmsg		0x1dbffffffffff12b	globl #  ├─ end of life 2024-06-30 (extended)
 scall	fanotify_init		0xfffffffffffff12c	globl #  ├─ last distro with the original gnome desktop
 scall	fanotify_mark		0xfffffffffffff12d	globl #  └─ apple and google condemn the gplv3/gccrtev3
-scall	prlimit			0xfffffffffffff12e	globl
+scall	prlimit			0xfffffffffffff12e	globl # a.k.a. prlimit64()
 scall	name_to_handle_at	0xfffffffffffff12f	globl
 scall	open_by_handle_at	0xfffffffffffff130	globl
 scall	clock_adjtime		0xfffffffffffff131	globl
@@ -391,9 +391,9 @@ scall	process_madvise		0xfffffffffffff1b8	globl
 scall	epoll_pwait2		0xfffffffffffff1b9	globl
 scall	mount_setattr		0xfffffffffffff1ba	globl
 scall	quotactl_fd		0xfffffffffffff1bb	globl
-scall	landlock_create_ruleset	0xfffffffffffff1bc	globl
-scall	landlock_add_rule	0xfffffffffffff1bd	globl
-scall	landlock_restrict_self	0xfffffffffffff1be	globl
+scall	sys_landlock_create_ruleset 0xfffffffffffff1bc	globl hidden # Linux 5.13+
+scall	sys_landlock_add_rule	0xfffffffffffff1bd	globl hidden
+scall	sys_landlock_restrict_self 0xfffffffffffff1be	globl hidden
 scall	memfd_secret		0xfffffffffffff1bf	globl
 scall	process_mrelease	0xfffffffffffff1c0	globl
 scall	futex_waitv		0xfffffffffffff1c1	globl