feat: supplementary groups + credential syscalls — setgroups/getgroups/RLIMIT
Kernel (3 files, 32 lines):
- Context.groups: Vec<u32> — supplementary group storage
- CallerCtx.groups — exposed to schemes for access control
- Proc scheme Groups handle — auth-{fd}-groups read/write path
- Fork inheritance — new-context copies parent groups to child
Relibc (4 files, 82 insertions, 84 deletions):
- posix_setgroups()/posix_getgroups() in redox-rt sys.rs
- DynamicProcInfo.groups cache in lib.rs
- setgroups() real impl via thr_fd.dup(auth-{fd}-groups)
- getgroups() kernel-only (no /etc/group fallback)
- initgroups() functional via setgroups()
- getrlimit/setrlimit userspace stubs with defaults
Patches:
- local/patches/kernel/P4-supplementary-groups.patch
- local/patches/relibc/P4-setgroups-getgroups.patch
Docs updated:
- COMPREHENSIVE-OS-ASSESSMENT: credential blocker → RESOLVED
- KERNEL-IPC-CREDENTIAL-PLAN: marked Phases K1-K2,K4 complete
- local/AGENTS.md: credential gap section → RESOLVED
Unblocks: polkit, dbus-daemon, logind, sudo/su, redbear-authd
This commit is contained in:
@@ -2,6 +2,7 @@
|
||||
|
||||
**Date:** 2026-04-30
|
||||
**Scope:** Kernel architecture, IPC infrastructure, credential syscalls, process isolation
|
||||
**Implementation status:** Phases K1-K2, K4 ✅ complete. Phases K3, K5 deferred.
|
||||
**Status:** This document is the canonical kernel + IPC plan, extending `local/docs/COMPREHENSIVE-OS-ASSESSMENT.md`
|
||||
|
||||
## 1. Purpose
|
||||
|
||||
Reference in New Issue
Block a user