This segments privileges more, making it so that any app connecting to wsys.sock can't just always access every single advanced feature in wind if they don't need to.
Of course, apps have to restrict themselves, which is why only privileged apps have access to this feature in the first place.
Normal apps' pledges are all empty and can't be changed.
An example: taskbar uses the "ExtendedLayers" pledge to move its window to the background, but relinquishes it afterwards, and doesn't need any other advanced feature for now.
If a pledge-capable app tries to use a pledge-protected function without having pledged anything, it can't. Pledges are mandatory if you want to access certain functionality, unlike the kernel's pledges which make every syscall available if you don't use pledge().
Two layers are accessible to all apps: global and global_top (for popups and similar windows).
Three other layers are accessible to privileged clients (background, system and lock), for things that need to be on a different level than user apps, like the taskbar, system popups, menus and the lock screen.
Big oof moment.
Thankfully kernel panics sometimes just give you the exact source of the problem :P
"-- KERNEL PANIC: Check failed at kernel/src/sys/waitpid.cpp:67, in sys_waitpid: !target->dead() --"
Since waitpid always sends a SIGCHLD now, we'd handle a SIGCHLD after returning from waitpid, which would trigger another wait, looping forever and not actually handling the wait.
This seems to fix previous problems. Apparently reaping a thread somewhat corrupts/replaces the calling thread's address space.
I should've known there's a reason we do it in a separate kernel thread...
VFS functions now accept a single Process* pointer instead of credentials and groups.
There is now a distinction between processes and threads
Now to fix all the bugs... waitpid crashes the process with an NX error...
