Require authorization to start processes

Add an auth token for being able to start a process.
Additionally, it verifies that the file you are attempting
to start is in fact executable.

Closes #1180

packages/process/_test.pony

@@ -30,7 +30,8 @@ class iso _TestStdinStdout is UnitTest
       vars.push("HOME=/")
       vars.push("PATH=/bin")
 
-      let pm: ProcessMonitor = ProcessMonitor(consume notifier, path,
+      let auth = h.env.root as AmbientAuth
+      let pm: ProcessMonitor = ProcessMonitor(auth, consume notifier, path,
         consume args, consume vars)
         pm.write("one, two, three")
         pm.done_writing()  // closing stdin allows "cat" to terminate
@@ -59,7 +60,8 @@ class iso _TestStderr is UnitTest
       vars.push("HOME=/")
       vars.push("PATH=/bin")
 
-      let pm: ProcessMonitor = ProcessMonitor(consume notifier, path,
+      let auth = h.env.root as AmbientAuth
+      let pm: ProcessMonitor = ProcessMonitor(auth, consume notifier, path,
         consume args, consume vars)
         h.long_test(5_000_000_000)
     else
@@ -85,7 +87,8 @@ class iso _TestFileExec is UnitTest
       vars.push("HOME=/")
       vars.push("PATH=/bin")
 
-      let pm: ProcessMonitor = ProcessMonitor(consume notifier, path,
+      let auth = h.env.root as AmbientAuth
+      let pm: ProcessMonitor = ProcessMonitor(auth, consume notifier, path,
         consume args, consume vars)
       h.long_test(5_000_000_000)
     else
@@ -131,7 +134,8 @@ class iso _TestExpect is UnitTest
       vars.push("HOME=/")
       vars.push("PATH=/bin")
 
-      let pm: ProcessMonitor = ProcessMonitor(consume notifier, path,
+      let auth = h.env.root as AmbientAuth
+      let pm: ProcessMonitor = ProcessMonitor(auth, consume notifier, path,
         consume args, consume vars)
         h.long_test(5_000_000_000)
     else
@@ -156,7 +160,8 @@ class iso _TestWritevOrdering is UnitTest
       vars.push("HOME=/")
       vars.push("PATH=/bin")
 
-      let pm: ProcessMonitor = ProcessMonitor(consume notifier, path,
+      let auth = h.env.root as AmbientAuth
+      let pm: ProcessMonitor = ProcessMonitor(auth, consume notifier, path,
         consume args, consume vars)
       let params: Array[String] iso = recover Array[String](3) end
       params.push("one")
@@ -188,7 +193,8 @@ class iso _TestPrintvOrdering is UnitTest
       vars.push("HOME=/")
       vars.push("PATH=/bin")
 
-      let pm: ProcessMonitor = ProcessMonitor(consume notifier, path,
+      let auth = h.env.root as AmbientAuth
+      let pm: ProcessMonitor = ProcessMonitor(auth, consume notifier, path,
         consume args, consume vars)
       let params: Array[String] iso = recover Array[String](3) end
       params.push("one")

packages/process/auth.pony

@@ -0,0 +1,3 @@
+primitive StartProcessAuth
+  new create(from: AmbientAuth) =>
+    None

packages/process/process_monitor.pony

@@ -170,6 +170,8 @@ type ProcessError is
   | CapError
   )
 
+type ProcessMonitorAuth is (AmbientAuth | StartProcessAuth)
+
 actor ProcessMonitor
   """
   Forks and monitors a process. Notifies a client about STDOUT / STDERR events.
@@ -197,16 +199,26 @@ actor ProcessMonitor
 
   var _closed: Bool = false
 
-  new create(notifier: ProcessNotify iso, filepath: FilePath,
-    args: Array[String] val, vars: Array[String] val)
+  new create(auth: ProcessMonitorAuth, notifier: ProcessNotify iso,
+    filepath: FilePath, args: Array[String] val, vars: Array[String] val)
   =>
     """
     Create infrastructure to communicate with a forked child process
     and register the asio events. Fork child process and notify our
     user about incoming data via the notifier.
     """
     _notifier = consume notifier
-    if not filepath.caps(FileExec) then
+
+    // We need permission to execute and the
+    // file itself needs to be an executable
+    let ok =
+    try
+      filepath.caps(FileExec) and FileInfo(filepath).mode.any_exec
+    else
+      false
+    end
+
+    if not ok then
       _notifier.failed(this, CapError)
       return
     end