Re-using an inherited file descriptor to /dev/urandom frees us
from problems with mount options including 'nodev' and removes a
capability from the set we need.
Change-Id: I70337e923f802d7efbd3159c11a4e39f6529b6e6
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Initial background save implementation from the Kit perspective.
To do a background save we:
1. join known threads - we can't fork with >1 thread.
2. check all is well: one thread, nothing unusual...
3. create a socketpair to communicate with the child
4. fork
5. child: cleanup duplicated sockets
6. child: setup LOK to not damage our shared file-system
7. child: save
8. child: report status back to parent & _Exit
There is still a substantial TODO, but this can be built on.
Change-Id: Ibf2c492372e2b5133932773e230ad05e18521794
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Remove any stale elements from KitSocketPoll::KSPolls and
block until an element is added to KitSocketPoll::KSPolls
Signed-off-by: Patrick Luby <guibomacdev@gmail.com>
Change-Id: I25726171ef28d9107772f7665dd3cbb467e364e5
Reduce the uses of MOBILEAPP conditionals by using the isMobileApp
function.
Signed-off-by: Jaume Pujantell <jaume.pujantell@collabora.com>
Change-Id: If541307fbc457b342674cc560b6c53454f3904cf
We continue to process all entries of
the array.
The command name is now correct.
Otherwise, an error was logged instead.
Change-Id: Ie5085e062dc36a4e955347246d5087ec7749d270
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
We also set the variable on the core side in order to allow saving edited documents.
Signed-off-by: Gökay Şatır <gokaysatir@gmail.com>
Change-Id: I9ba97daca7013bf26b25fff785f175e3fb213dfb
On fork a thread_local variable simply inherits the parents'
value - so clearing the cached thread_id helps to make
logging more accurate.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: Ib03d2605489291589854caa10940fd7c11caea36
Seems browsers start to ping servers on their websockets, so don't
warn about that.
We trim memory left and right in clients, that doesn't deserve a
warning either.
Change-Id: I7bdcc99d167a8df3c847a1893dee8cd9123250f2
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
We use [[maybe_unused]] to reduce explicit supression
especially under compile-time directives.
Change-Id: Ic5f3f3227a80efe52097cb35520d05b9cdaacb42
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
StateRecorder.hpp split from ChildSession.cpp
KitWebSocketHandler.[ch]pp split from Kit.cpp.
ThreadPool.hpp split from RenderTiles.hpp
Expose headers for KitSocketPoll and Document
at the same time.
Not clear we need the DocumentManagerInterface anymore.
Conditionally compile out Document::createSession for unittest
dependency breaking, and avoid Rlimit::handleSetrlimitCommand
likewise.
Make makePropertyValue a private method of Kit.cpp.
clang-format new files.
Change-Id: I47a1d6afe20165f156b477a931b94c916cff4b9d
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
now that we will typically init the document theme, etc. from the
users last used settings, the current rendering state is likely the one
that the user wants to use.
The browser-side throws away all tiles, etc on getting a
canonidalidchange, so get the current document renderering state to
describe this initial state so later LOK_CALLBACK_VIEW_RENDER_STATE
events can be compared to this initial state and only emit
canonidalidchange if there is a need.
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I2902ff4e143f432755c335e1225149207fafdfc3
Replace a few cases of Util::toString(...), too.
Signed-off-by: Aron Budea <aron.budea@collabora.com>
Change-Id: I53c5dbbdf2f60710e94add9dd137aa9becb7bd3e
Kit's GlobalCallback has an alarming habit of enabling
inputprocessing during a jsdialog popup occuring during
load, so use a stronger heuristic to avoid sending errors.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I4a57685dcf63b4a3607c894e80a13e27bffaece5
like we do for the spelling setting, so we have the document in the
desired state early before any rendering, dropping the early full
document invalidations during initial setup
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I6b762c95fd4c00c7da04cf89f7bbeef4bc57375d
and don't check for it in the other cases, so drop it in these ones
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ie343178869cadc127ee898968fef8f798b6068d5
Given the surrounding debug we should be able infer the same
state from its absence.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: Id20de40f67ed52dc5535585aec9b5888131d6324
Cue up some basic state for being signal safe dumped on crash/abort.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: Ibc6713aef2a0e7b878b178b05f0e13c8d40b47fc
The mount-point must exist already, since
we always mount read-only. There is no
directory to create, but the subsequent
chmod always fails, since the mounted
directory is read-only. Since we started
warning when chmod fails recently,
6208b37a32,
these previously-silent failures became
noisy.
Change-Id: I9efaa89182c016e9a7a5d36cc3da5bfa7ee599c2
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
so we can pass through the full state that the view reports
which makes it easy to see if a browser side is given a view
whose render settings are unexpected.
e.g. clicking "formatting marks" and not getting a viewrenderedstate
with 'P' or view#1 clicks their "formatting marks" and view#2
receives a 'P'ilcrow state.
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I31d3a8397f02dedf2505bed5dd83576f3138b504
So this only affects the case where we reuse the fd from opening smaps_rollup
Bug seen in 4.15.0 and not in 6.5.10, suspected to be fixed by:
258f669e7e
included in >= v4.19
Test for this in coolwsd and set a flag if it is broken
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I0a4aca77b9d9201e4f70172340296e5eb5460229
Using the aggregated file saves a hundred+ system-calls per
pid we're getting data for, and presumably also lots of time.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I41c40982ebbec44aba72a1d15dabf24a8986f59e
Removed all uses of KIT_IN_PROCESS, used Utils::isKitInProcess()
when necessary. Also removed the now unused parameter 'limit' from
forkLibreOfficeKit.
Signed-off-by: Jaume Pujantell <jaume.pujantell@collabora.com>
Change-Id: I068d3f55ab49076590f111847c87b3188f4d25d0
debugging some intermittent failures in UnitBadDocLoad I see that there
are some duplicate jsdialog messages appearing which is easily
reproducible by just opening test/data/corrupted.odt in online.
probably has been like this since:
commit 7f70197723
Date: Mon Dec 28 11:37:27 2020 -0400
kit: enable input process when early dialog show
and possibly not the problem I was originally trying to chase
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I7aa342e86ad9ae73082cb71f1b2c9b2bf0f212b9
Also use some allowed path for HOME and XDG_CONFIG_HOME so we start correctly.
Setup Work path for pdf/epub export.
Enable osl allowed paths for nocap only.
Signed-off-by: Szymon Kłos <szymon.klos@collabora.com>
Change-Id: I4fa058fe5fabc5eafdff7630dfcc72dedfe22e4a
Also move the nocaps TMPDIR into the jail folder, to sandbox better.
Change-Id: I161695b4585a2c6003779caa88152b744d36266b
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
in which case don't send it, which then implies we might have
an empty shareFDs which we can treat the same as a nonexisting
shareFDs
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I80a78a01c69dbee5ee28a64442a5069a6c2b4dbe
Instead of fighting the SolarMutex to get the messages
processed by the main loop. Simple and no additional
threading, mutexes etc.
messages from the external uno client are just
written to URPtoLoFD and the core reads from that
messages to the external uno client are written
to URPfromLoFD by core, that fd is in poll, and
activity there triggers a read by the DocBroker
to send it to the external uno client.
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ib1f0a0d5fb5ab22eee476d5d740b290c51de59dc
- Allow COOLWSD client sessions to forward messages with the prefix
'urp' to the child, and return messages with 'urp:' to the client,
communicating with binary
- Make COOLWSD child sessions use the FunctionBasedURPConnection from
https://gerrit.libreoffice.org/c/core/+/155100
(core change ID I2bda3d0b988bef7883f9b6829eeb5b7ae8075f27) to start a
new URP session
- Make COOLWSD child sessions submit messages to this URP session,
stripping and adding the 'urp' and 'urp:' prefixes so the Java client
from https://gerrit.libreoffice.org/c/core/+/154680
(core change ID I91ee52922a24688a6b94512cb7e7bc760bf25ec9) can
use the connection (and to avoid interference with any other websocket
messages)
- Add a COOLWSD option for enabling/disabling URP given the security
implications around allowing anyone to write URP (e.g. URP lets you
run shell commands so a mallicious actor can take over the child
session)
Signed-off-by: Skyler Grey <skyler.grey@collabora.com>
Change-Id: Idadfe288a78cfd72b01253dfdade150d506e3f05
- it applies for 2 cases:
1. when document is loaded for the first time document already has
tiles of respective theme
2. when Kit loads the document it sends canonicalidchange unconditionally
(5520965b15/kit/Kit.cpp (L1708))
we don't need to request new tiles for that also
Signed-off-by: Rash419 <rashesh.padia@collabora.com>
Change-Id: I42cdc5a03e70c3d3d653f3124d3d5ed9382e22c0
in error branches dlclose unusable dso, leave it open on success
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I3a2eafceb573cc59ada922d98ae6a9b421d6accc
This is to differentiate between a complete
trimming when idle compared to trimming
when inactive.
Change-Id: I61b309968e0a5199fe4f0fb445437a953c0e468a
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Also rename trimIfExcessive to trimAfterInactivity.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I62166a3ed5d70d1e6fd9804e91e07452978523fd
which isn't available in the current android toolchain
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I5834adb7c6211c7aad38f5977a7e425d9ca257fd