mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-01-31 19:43:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cosmopolitan/libc/sysv
History
Justine Tunney e81edf7b04 Improve pledge() and unveil() 
The pledge.com command now supports the new [WIP] unveil() support. For
example, to strongly sandbox our command for listing directories.

    o//tool/build/assimilate.com o//examples/ls.com
    pledge.com -v /etc -p 'stdio rpath' o//examples/ls.com /etc

This file system sandboxing is going to be perfect for us, because APE
binaries are self-contained static executables that really don't use the
filesystem that much. On the other hand, with non-static executables,
sandboxing is going to be more difficult. For example, here's how to
sandbox the `ls` command on the latest Alpine:

    pledge.com -v rx:/lib -v /usr/lib -v /etc -p 'stdio rpath exec' ls /etc

This change fixes the `execpromises` API with pledge().

This change also adds unix.unveil() to redbean.

Fixes #494
2022-07-18 07:58:20 -07:00
..
calls Improve pledge() and unveil() 2022-07-18 07:58:20 -07:00
consts Write some tests for unveil() 2022-07-18 02:27:26 -07:00
errfuns Make improvements 2022-05-28 00:28:09 -07:00
consts.sh Add tcp syn packet fingerprinting to redbean 2022-07-17 02:43:49 -07:00
describeos.greg.c Introduce --strace flag for system call tracing 2022-03-18 18:07:28 -07:00
errfun.S Make improvements 2022-05-28 00:28:09 -07:00
errfuns.h Make improvements 2022-05-24 10:58:48 -07:00
errfuns.sh Change license 2020-12-27 17:18:44 -08:00
errno.c Fix stdio regression 2022-05-19 00:51:15 -07:00
errno_location.greg.c Simplify TLS and reduce startup latency 2022-07-18 04:10:54 -07:00
gen.sh Make improvements 2022-05-28 00:28:09 -07:00
macros.internal.h Support thread local storage 2022-05-16 13:20:08 -07:00
README.md Initial import 2020-06-15 07:18:57 -07:00
restorert.S Clean old .source directive out of asm code 2022-03-18 12:43:21 -07:00
strace.greg.c Make some systemic improvements 2022-05-18 16:52:36 -07:00
syscall.S Add MODE=optlinux build mode (#141) 2021-10-14 19:36:49 -07:00
syscalls.sh Improve pledge() and unveil() 2022-07-18 07:58:20 -07:00
syscount.S Make some systemic improvements 2022-05-18 16:52:36 -07:00
systemfive.S Show crash reports on SIGSYS 2022-06-23 13:01:01 -07:00
sysv.mk Simplify TLS and reduce startup latency 2022-07-18 04:10:54 -07:00

README.md

SYNOPSIS

System Five Import Libraries

OVERVIEW

Bell System Five is the umbrella term we use to describe Linux, FreeBSD, OpenBSD, and Mac OS X which all have nearly-identical application binary interfaces that stood the test of time, having definitions nearly the same as those of AT&T back in the 1980's.

Cosmopolitan aims to help you build apps that can endure over the course of decades, just like these systems have: without needing to lift a finger for maintenance churn, broken builds, broken hearts.

The challenge to System V binary compatibility basically boils down to numbers. All these systems agree on what services are provided, but tend to grant them wildly different numbers.

We address this by putting all the numbers in a couple big shell scripts, ask the GNU Assembler to encode them into binaries using an efficient LEB128 encoding, unpacked by _init(), and ref'd via extern const. It gives us good debuggability, and any costs are gained back by fewer branches in wrapper functions.z