Additionally, we do the cleanup of the remains of a previously failed
run prior creating the run directory. Otherwise, the directly creation
may fail because of a pending bindmount.
This patch simplifies the way of how Genode's base libraries are
organized. Originally, the base API was implemented in the form of many
small libraries such as 'thread', 'env', 'server', etc. Most of them
used to consist of only a small number of files. Because those libraries
are incorporated in any build, the checking of their inter-dependencies
made the build process more verbose than desired. Also, the number of
libraries and their roles (core only, non-core only, shared by both core
and non-core) were not easy to capture.
Hereby, the base libraries have been reduced to the following few
libraries:
- startup.mk contains the startup code for normal Genode processes.
On some platform, core is able to use the library as well.
- base-common.mk contains the parts of the base library that are
identical by core and non-core processes.
- base.mk contains the complete base API implementation for non-core
processes
Consequently, the 'LIBS' declaration in 'target.mk' files becomes
simpler as well. In the most simple case, only the 'base' library must
be mentioned.
Fixes#18
With this patch, custom UIDs and GIDs can be assigned to individual
Genode processes or whole Genode subsystems.
The new 'base-linux/run/lx_uid.run' script contains an example of how to
use the feature.
Fixes#510
On Linux, we want to attach additional attributes to processes, i.e.,
the chroot location, the designated UID, and GID. Instead of polluting
the generic code with such Linux-specific platform details, I introduced
the new 'Native_pd_args' type, which can be customized for each
platform. The platform-dependent policy of init is factored out in the
new 'pd_args' library.
The new 'base-linux/run/lx_pd_args.run' script can be used to validate
the propagation of those attributes into core.
Note that this patch does not add the interpretation of the new UID and
PID attributes by core. This will be subject of a follow-up patch.
Related to #510.
Since the recent move of the process creation into core, the original chroot trampoline
mechanism implemented in 'os/src/app/chroot' does not work anymore. A
process could simply escape the chroot environment by spawning a new
process via core's PD service. Therefore, this patch moves the chroot
support into core. So the chroot policy becomes mandatory part of the
process creation. For each process created by core, core checks for
'root' argument of the PD session. If a path is present, core takes the
precautions needed to execute the new process in the specified chroot
environment.
This conceptual change implies minor changes with respect to the Genode
API and the configuration of the init process. The API changes are the
enhancement of the 'Genode::Child' and 'Genode::Process' constructors to
take the root path as argument. Init supports the specification of a
chroot per process by specifying the new 'root' attribute to the
'<start>' node of the process. In line with these changes, the
'Loader::Session::start' function has been enhanced with the additional
(optional) root argument.
