fix: P27 caps init + P6 type errors and overlap with P5

P27: add caps: 0 to Context::new() default initialization.
P6: fix syscall::Error vs libredox::Error type mismatch (use ?),
    fix usize->u32 casts for Resugid fields, remove P5 overlap
    (issue/motd/consecutive_failures already in P5), add namespace
    isolation to password-verified auth path.

All 39 kernel patches validate. Full image builds.
This commit is contained in:
2026-05-29 12:24:51 +03:00
parent f40b751bca
commit d2c761a56c
2 changed files with 20 additions and 20 deletions
@@ -1,5 +1,5 @@
diff --git a/src/context/context.rs b/src/context/context.rs
index 6d723f4..a0825ac 100644
index 6d723f4..836ce25 100644
--- a/src/context/context.rs
+++ b/src/context/context.rs
@@ -153,0 +154,3 @@ pub struct Context {
@@ -13,7 +13,10 @@ index 6d723f4..a0825ac 100644
+ }
+}
+
@@ -485,0 +495 @@ impl Context {
@@ -210,0 +220,2 @@ impl Context {
+ caps: 0,
+
@@ -485,0 +497 @@ impl Context {
+ caps: self.caps,
diff --git a/src/scheme/acpi.rs b/src/scheme/acpi.rs
index 5d73469..7e1558a 100644
@@ -1,14 +1,14 @@
diff --git a/src/bin/login.rs b/src/bin/login.rs
index 022fb47..a2807b2 100644
index 022fb47..6e1fda6 100644
--- a/src/bin/login.rs
+++ b/src/bin/login.rs
@@ -13,0 +14,3 @@ use userutils::spawn_shell;
@@ -8,0 +9,3 @@ use std::str;
+#[cfg(target_os = "redox")]
+use redox_rt::sys::{posix_setresugid, Resugid};
+
@@ -38 +41 @@ const MOTD_FILE: &'static str = "/etc/motd";
-const DEFAULT_SCHEMES: [&'static str; 26] = [
+const DEFAULT_SCHEMES: [&'static str; 29] = [
+const DEFAULT_SCHEMES: [&'static str; 28] = [
@@ -65 +68,2 @@ const DEFAULT_SCHEMES: [&'static str; 26] = [
- // Display schemes
+ // Display schemes (DRM/KMS path for GPU drivers)
@@ -19,14 +19,14 @@ index 022fb47..a2807b2 100644
@@ -92,0 +99,17 @@ pub fn apply_login_schemes(
+#[cfg(target_os = "redox")]
+fn drop_privileges(user: &User<redox_users::auth::Full>) -> Result<()> {
+ posix_setresugid(&Resugid {
+ ruid: Some(user.uid),
+ euid: Some(user.uid),
+ suid: Some(user.uid),
+ rgid: Some(user.gid),
+ egid: Some(user.gid),
+ sgid: Some(user.gid),
+ })
+ Ok(posix_setresugid(&Resugid {
+ ruid: Some(user.uid as u32),
+ euid: Some(user.uid as u32),
+ suid: Some(user.uid as u32),
+ rgid: Some(user.gid as u32),
+ egid: Some(user.gid as u32),
+ sgid: Some(user.gid as u32),
+ })?)
+}
+
+#[cfg(not(target_os = "redox"))]
@@ -34,10 +34,9 @@ index 022fb47..a2807b2 100644
+ Ok(())
+}
+
@@ -177,0 +201,2 @@ pub fn main() {
+
@@ -177,0 +201 @@ pub fn main() {
+ drop_privileges(user).unwrap_or_exit(1);
@@ -200,0 +226,10 @@ pub fn main() {
@@ -200,0 +225,9 @@ pub fn main() {
+ let before_ns_fd =
+ apply_login_schemes(user, &DEFAULT_SCHEMES).unwrap_or_exit(1);
+
@@ -46,11 +45,9 @@ index 022fb47..a2807b2 100644
+ syscall::F_SETFD,
+ syscall::O_CLOEXEC,
+ );
+
+ drop_privileges(user).unwrap_or_exit(1);
@@ -201,0 +237,5 @@ pub fn main() {
@@ -201,0 +235,4 @@ pub fn main() {
+ let _ = syscall::fcntl(before_ns_fd.raw(), syscall::F_SETFD, 0);
+ let _ = libredox::call::close(
+ libredox::call::setns(before_ns_fd.into_raw())
+ .unwrap_or_exit(1),
+ libredox::call::setns(before_ns_fd.into_raw()).unwrap_or_exit(1),
+ );