fix(container): improve sandbox runtime compatibility

[fslongjin]

Summary

• Improve container-oriented mount and filesystem compatibility, including debugfs/mqueue mounts, mount/pivot-root behavior, overlayfs copy-up/path handling, and per-open backing-file reads.
• Extend FUSE/virtiofs compatibility with xattr list/remove syscall coverage, FUSE xattr protocol handling, lookup caching, mmap/readaround behavior, and virtiofs smoke coverage.
• Improve process/runtime behavior exercised by sandbox workloads, including PTY/TTY handling, pipe wakeups, eventfd pending-signal behavior, signal/ucontext handling, process exit cleanup, and x86_64 exec-entry ABI initialization.
• Clear x86_64 %rdx on successful exec so glibc does not inherit the old execve() envp pointer as rtld_fini.
• Fix N_TTY canonical input handling so PTY slave reads correctly treat newline as a canonical line delimiter after ICANON termios updates.
• Add focused dunitest coverage for FUSE, overlayfs, PTY/pipe exec chains, eventfd, exec ABI, N_TTY canonical reads, and virtiofs smoke paths.

Root Cause

Sandbox workloads combine overlayfs, FUSE/virtiofs-backed lower layers, PTY/pipe based exec I/O, signal delivery, and Linux-compatible exec ABI expectations. Several DragonOS paths diverged from Linux behavior:

• Some overlayfs/VFS reads operated through inode-level state instead of the opened backing file, which could bypass per-open filesystem state required by FUSE.
• FUSE/virtiofs xattr list/remove behavior and ENOSYS-to-EOPNOTSUPP handling were incomplete.
• PTY, pipe, eventfd, signal, and process cleanup paths had gaps that sandbox exec flows can expose.
• N_TTY termios-derived state did not rebuild the character map for ICANON, ICRNL, and INLCR, so a PTY slave could receive line\n without advancing canon_head or waking canonical readers.
• x86_64 exec did not clear %rdx before entering a new ELF image, while Linux clears regs->dx through ELF_PLAT_INIT; glibc treats %rdx at _start as rtld_fini.

Validation

• git diff --check
• make fmt
• make kernel
• make -C user/apps/tests/dunitest build-suites
• Host dunitest: normal/exec_abi, normal/tty_pty_hangup, normal/pipe_waitqueue_wakeup
• DragonOS guest dunitest: normal/exec_abi, normal/tty_pty_hangup, normal/pipe_waitqueue_wakeup, normal/pipe_release_wakeup
• DragonOS guest with host virtiofsd: normal/virtiofs_smoke
• CubeSandbox busybox smoke: sandbox creation succeeds; non-interactive ls and repeated uname -a execs exit successfully.

Notes

The latest PTY canonical-read hang was traced to N_TTY termios character-map handling rather than CubeSandbox, virtiofs, generic pipe wakeups, or the scheduler. The fix keeps the responsibility inside the line discipline and matches Linux N_TTY character-map semantics for canonical input.

[fslongjin]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f46da9ebeb

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

不要在 I/O 时重绑 overlay backing

当 lower-only 文件已被一个 fd 以 O_RDONLY 打开后，另一个 fd 以写入或截断方式打开会触发 copy-up；已打开的 fd 应继续使用打开时选定的 lower realfile。这里在后续 I/O 发现 current_inode 变成 upper 后重新 File::new 并替换 backing，导致旧 fd 的 read/mmap/flush 开始看到 upper 的新内容或截断结果，破坏打开文件描述的稳定语义；应保留 open 时的 backing，至少不要对既有只读 fd 自动切换。

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

继续解除 FUSE direct-io mmap 的旧映射

当同一个 FUSE 文件已有普通 page-cache mmap 后，再通过返回 FOPEN_DIRECT_IO 的句柄做私有 mmap，原路径会先 unmap_mapping_pages() 再丢弃 clean cache。这里改为只调用 discard_clean_page_cache()，不会 zap 已映射的 PTE，旧 VMA 仍可访问旧 page-cache 页，而新的 direct-io mmap/fault 可能走另一份数据，造成同一文件页的陈旧或不一致映射；请在 direct-io mmap 前继续解除旧映射或复用原来的失效流程。

Useful? React with 👍 / 👎.

[fslongjin]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2b82b9d034

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

使用真实凭据填充 auxv UID/GID

在非 root 进程执行 exec 时，这里会把 AT_UID/AT_EUID/AT_GID/AT_EGID 全部暴露为 0，导致用户态通过 getauxval() 看到自己是 root；glibc 或运行时可能依赖这些 auxv 值做权限和安全路径判断。这里应从当前进程的凭据填入真实/有效 uid、gid，而不是固定写 0。

Useful? React with 👍 / 👎.

[fslongjin]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 50b33486e0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".