feat: Phase 1 - Plan 9 namespace privilege drop + branding
- login.rs: drop privileges via setresugid after authentication - login.rs: add namespace isolation to password auth path (was missing) - login.rs: add drm, input schemes to DEFAULT_SCHEMES - sudo service: rename 00_sudo -> 12_sudo, type daemon (no boot block) - Branded login screen with figlet RedBear OS v0.2.2 'Liliya' - Root user kept but not advertised on login screen - P6-login-privilege-drop.patch generated and wired Implements Phase 1 of Plan 9 namespace privilege model: login creates restricted namespace (mkns/setns) then drops uid/gid to authenticated user before spawning shell.
This commit is contained in:
@@ -1,7 +0,0 @@
|
||||
[unit]
|
||||
description = "Sudo background handler"
|
||||
|
||||
[service]
|
||||
cmd = "sudo"
|
||||
args = ["--daemon"]
|
||||
type = "oneshot_async"
|
||||
@@ -0,0 +1,7 @@
|
||||
[unit]
|
||||
description = "Sudo privilege escalation daemon"
|
||||
|
||||
[service]
|
||||
cmd = "sudo"
|
||||
args = ["--daemon"]
|
||||
type = "daemon"
|
||||
@@ -63,7 +63,7 @@ installs = [
|
||||
"/usr/lib/init.d/00_ipcd.service",
|
||||
"/usr/lib/init.d/00_pcid-spawner.service",
|
||||
"/usr/lib/init.d/00_ptyd.service",
|
||||
"/usr/lib/init.d/00_sudo.service",
|
||||
"/usr/lib/init.d/12_sudo.service",
|
||||
"/usr/lib/init.d/00_tmp",
|
||||
"/usr/lib/init.d/05_boot_essential.target",
|
||||
"/usr/lib/init.d/10_dhcpd.service",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[source]
|
||||
git = "https://gitlab.redox-os.org/redox-os/userutils.git"
|
||||
patches = ["P5-redbear-branding.patch"]
|
||||
patches = ["P5-redbear-branding.patch", "P6-login-privilege-drop.patch"]
|
||||
|
||||
[build]
|
||||
template = "custom"
|
||||
|
||||
Submodule recipes/core/userutils/source updated: 0c5274faa9...9c37ba8c19
Reference in New Issue
Block a user