DSOs may implicitly define global destructors which run after main. We ensure these run in the given DSO's compartment with ia2_compartment_destructor_N in runtime/libia2/include/ia2_compartment_init.inc, but this assumes that we switch back to the untrusted compartment after main/in exit. To avoid needing callgates for all the ld.so functions that run after main we should remain in ld.so's compartment instead. To do this we'll need to
DSOs may implicitly define global destructors which run after
main. We ensure these run in the given DSO's compartment withia2_compartment_destructor_Ninruntime/libia2/include/ia2_compartment_init.inc, but this assumes that we switch back to the untrusted compartment aftermain/inexit. To avoid needing callgates for all the ld.so functions that run aftermainwe should remain in ld.so's compartment instead. To do this we'll need toexit(possibly under some build flag)mainto return to ld.so's compartment (could use 1 for simplicity/until runtime/libia2: Set initial compartment from ia2_start #589 lands)ia2_compartment_destructor_Ncallgates to assume the caller is in that same compartment.