P7 login diagnostics, P11 init noise reduction, config layering fix
This commit is contained in:
@@ -144,6 +144,7 @@ type = "oneshot_async"
|
|||||||
|
|
||||||
[[files]]
|
[[files]]
|
||||||
path = "/etc/issue"
|
path = "/etc/issue"
|
||||||
|
postinstall = true
|
||||||
data = """
|
data = """
|
||||||
____ _ ____ ___ ____
|
____ _ ____ ___ ____
|
||||||
| _ \\ ___ __| | __ ) ___ __ _ _ __ / _ \\/ ___|
|
| _ \\ ___ __| | __ ) ___ __ _ _ __ / _ \\/ ___|
|
||||||
@@ -159,6 +160,7 @@ data = """
|
|||||||
|
|
||||||
[[files]]
|
[[files]]
|
||||||
path = "/etc/motd"
|
path = "/etc/motd"
|
||||||
|
postinstall = true
|
||||||
data = """
|
data = """
|
||||||
____ _ ____ ___ ____
|
____ _ ____ ___ ____
|
||||||
| _ \\ ___ __| | __ ) ___ __ _ _ __ / _ \\/ ___|
|
| _ \\ ___ __| | __ ) ___ __ _ _ __ / _ \\/ ___|
|
||||||
|
|||||||
@@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/init/src/main.rs b/init/src/main.rs
|
||||||
|
index e7f6712f..6b9da2b2 100644
|
||||||
|
--- a/init/src/main.rs
|
||||||
|
+++ b/init/src/main.rs
|
||||||
|
@@ -169,0 +170 @@ fn main() {
|
||||||
|
+ if init_config.log_debug {
|
||||||
|
@@ -171 +172,2 @@ fn main() {
|
||||||
|
- init_warn(&format!("rootfs-file: {}", name));
|
||||||
|
+ init_debug(&format!("rootfs-file: {}", name));
|
||||||
|
+ }
|
||||||
|
@@ -180 +182 @@ fn main() {
|
||||||
|
- init_warn(&format!(
|
||||||
|
+ init_debug(&format!(
|
||||||
@@ -0,0 +1,7 @@
|
|||||||
|
diff --git a/src/main.rs b/src/main.rs
|
||||||
|
index be5f3b7..531b167 100644
|
||||||
|
--- a/src/main.rs
|
||||||
|
+++ b/src/main.rs
|
||||||
|
@@ -514 +514 @@ fn main(os: &impl Os) -> (usize, u64, KernelArgs) {
|
||||||
|
- "Redox OS Bootloader {} on {}",
|
||||||
|
+ "RedBear OS Bootloader {} on {}",
|
||||||
@@ -0,0 +1,46 @@
|
|||||||
|
diff --git a/src/bin/login.rs b/src/bin/login.rs
|
||||||
|
index 6e1fda6..e0878c9 100644
|
||||||
|
--- a/src/bin/login.rs
|
||||||
|
+++ b/src/bin/login.rs
|
||||||
|
@@ -193,2 +193,7 @@ pub fn main() {
|
||||||
|
- let before_ns_fd =
|
||||||
|
- apply_login_schemes(user, &DEFAULT_SCHEMES).unwrap_or_exit(1);
|
||||||
|
+ let before_ns_fd = match apply_login_schemes(user, &DEFAULT_SCHEMES) {
|
||||||
|
+ Ok(fd) => fd,
|
||||||
|
+ Err(err) => {
|
||||||
|
+ eprintln!("login: apply_login_schemes failed: {}", err);
|
||||||
|
+ std::process::exit(1);
|
||||||
|
+ }
|
||||||
|
+ };
|
||||||
|
@@ -201,2 +206,8 @@ pub fn main() {
|
||||||
|
- drop_privileges(user).unwrap_or_exit(1);
|
||||||
|
- spawn_shell(user).unwrap_or_exit(1);
|
||||||
|
+ if let Err(err) = drop_privileges(user) {
|
||||||
|
+ eprintln!("login: drop_privileges failed: {}", err);
|
||||||
|
+ std::process::exit(1);
|
||||||
|
+ }
|
||||||
|
+ if let Err(err) = spawn_shell(user) {
|
||||||
|
+ eprintln!("login: spawn_shell failed: {}", err);
|
||||||
|
+ std::process::exit(1);
|
||||||
|
+ }
|
||||||
|
@@ -225,2 +236,7 @@ pub fn main() {
|
||||||
|
- let before_ns_fd =
|
||||||
|
- apply_login_schemes(user, &DEFAULT_SCHEMES).unwrap_or_exit(1);
|
||||||
|
+ let before_ns_fd = match apply_login_schemes(user, &DEFAULT_SCHEMES) {
|
||||||
|
+ Ok(fd) => fd,
|
||||||
|
+ Err(err) => {
|
||||||
|
+ eprintln!("login: apply_login_schemes failed: {}", err);
|
||||||
|
+ std::process::exit(1);
|
||||||
|
+ }
|
||||||
|
+ };
|
||||||
|
@@ -233,2 +249,8 @@ pub fn main() {
|
||||||
|
- drop_privileges(user).unwrap_or_exit(1);
|
||||||
|
- spawn_shell(user).unwrap_or_exit(1);
|
||||||
|
+ if let Err(err) = drop_privileges(user) {
|
||||||
|
+ eprintln!("login: drop_privileges failed: {}", err);
|
||||||
|
+ std::process::exit(1);
|
||||||
|
+ }
|
||||||
|
+ if let Err(err) = spawn_shell(user) {
|
||||||
|
+ eprintln!("login: spawn_shell failed: {}", err);
|
||||||
|
+ std::process::exit(1);
|
||||||
|
+ }
|
||||||
@@ -1,12 +1,10 @@
|
|||||||
|
|
||||||
_ _
|
|
||||||
| | (_)
|
|
||||||
| | ___ _ ___ _ __ _ _ ___
|
|
||||||
| |/ / || |/ _ \ | '_ \| | | / __|
|
|
||||||
| < | || | (_) || |_) | |_| \__ \
|
|
||||||
|_|\_\|_|/ |\___/ | .__/ \__,_|___/
|
|
||||||
|__/ | |
|
|
||||||
|_|
|
|
||||||
|
|
||||||
Red Bear OS v0.2.0 "Liliya" — Built on Redox OS
|
____ _ ____ ___ ____
|
||||||
|
| _ \ ___ __| | __ ) ___ __ _ _ __ / _ \/ ___|
|
||||||
|
| |_) / _ \ / _` | _ \ / _ \/ _` | '__| | | | \___ \
|
||||||
|
| _ < __/ (_| | |_) | __/ (_| | | | |_| |___) |
|
||||||
|
|_| \_\___|\__,_|____/ \___|\__,_|_| \___/|____/
|
||||||
|
|
||||||
|
v0.2.2 "Liliya" — Built on Redox OS
|
||||||
|
|
||||||
Type 'help' for available commands.
|
Type 'help' for available commands.
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
PRETTY_NAME="Red Bear OS 0.2.0 (Liliya)"
|
PRETTY_NAME="Red Bear OS 0.2.2 (Liliya)"
|
||||||
NAME="Red Bear OS"
|
NAME="Red Bear OS"
|
||||||
VERSION_ID="0.2.0"
|
VERSION_ID="0.2.2"
|
||||||
VERSION="0.2.0 (Liliya)"
|
VERSION="0.2.2 (Liliya)"
|
||||||
VERSION_CODENAME="liliya"
|
VERSION_CODENAME="liliya"
|
||||||
ID="redbear-os"
|
ID="redbear-os"
|
||||||
ID_LIKE="redox-os"
|
ID_LIKE="redox-os"
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ rev = "463f76b9608a896e6f6c9f63457f57f6409873c7"
|
|||||||
patches = [
|
patches = [
|
||||||
"redox.patch",
|
"redox.patch",
|
||||||
"P10-rootfs-uuid-search-no-block.patch",
|
"P10-rootfs-uuid-search-no-block.patch",
|
||||||
|
"P11-init-noise-reduction.patch",
|
||||||
]
|
]
|
||||||
|
|
||||||
[package]
|
[package]
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
[source]
|
[source]
|
||||||
git = "https://gitlab.redox-os.org/redox-os/bootloader.git"
|
git = "https://gitlab.redox-os.org/redox-os/bootloader.git"
|
||||||
patches = ["redox.patch", "fix-uefi-alloc-panic.patch", "P0-gpt-partition-offset.patch", "P5-live-preload-cap-128mib.patch", "P6-full-ramdisk-preload.patch"]
|
patches = ["redox.patch", "fix-uefi-alloc-panic.patch", "P0-gpt-partition-offset.patch", "P5-live-preload-cap-128mib.patch", "P6-full-ramdisk-preload.patch", "P7-redbear-branding.patch"]
|
||||||
|
|
||||||
[build]
|
[build]
|
||||||
template = "custom"
|
template = "custom"
|
||||||
|
|||||||
Submodule recipes/core/bootloader/source updated: 2a718991b3...64b1189b20
@@ -147,17 +147,25 @@ pub struct Context {
|
|||||||
// TODO: Temporary replacement for existing kernel logic, replace with capabilities!
|
// TODO: Temporary replacement for existing kernel logic, replace with capabilities!
|
||||||
pub euid: u32,
|
pub euid: u32,
|
||||||
pub egid: u32,
|
pub egid: u32,
|
||||||
pub caps: u64,
|
|
||||||
pub pid: usize,
|
pub pid: usize,
|
||||||
/// Supplementary group IDs for access control decisions.
|
/// Supplementary group IDs for access control decisions.
|
||||||
pub groups: Vec<u32>,
|
pub groups: Vec<u32>,
|
||||||
|
|
||||||
|
/// Capability bitmask — derived from euid by procmgr: euid==0 → CAP_ALL, else 0.
|
||||||
|
pub caps: u64,
|
||||||
|
|
||||||
// See [`PreemptGuard`]
|
// See [`PreemptGuard`]
|
||||||
//
|
//
|
||||||
// When > 0, preemption is disabled.
|
// When > 0, preemption is disabled.
|
||||||
pub(super) preempt_locks: usize,
|
pub(super) preempt_locks: usize,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl Context {
|
||||||
|
pub fn has_cap(&self, cap: u64) -> bool {
|
||||||
|
self.caps & cap == cap
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct SignalState {
|
pub struct SignalState {
|
||||||
/// Offset to jump to when a signal is received.
|
/// Offset to jump to when a signal is received.
|
||||||
@@ -206,10 +214,11 @@ impl Context {
|
|||||||
|
|
||||||
euid: 0,
|
euid: 0,
|
||||||
egid: 0,
|
egid: 0,
|
||||||
caps: crate::scheme::caps::CAP_ALL,
|
|
||||||
pid: 0,
|
pid: 0,
|
||||||
groups: Vec::new(),
|
groups: Vec::new(),
|
||||||
|
|
||||||
|
caps: 0,
|
||||||
|
|
||||||
#[cfg(feature = "syscall_debug")]
|
#[cfg(feature = "syscall_debug")]
|
||||||
syscall_debug_info: crate::syscall::debug::SyscallDebugInfo::default(),
|
syscall_debug_info: crate::syscall::debug::SyscallDebugInfo::default(),
|
||||||
|
|
||||||
@@ -479,9 +488,6 @@ impl Context {
|
|||||||
|
|
||||||
(for_thread, for_proc, sig)
|
(for_thread, for_proc, sig)
|
||||||
}
|
}
|
||||||
pub fn has_cap(&self, cap: u64) -> bool {
|
|
||||||
self.caps & cap != 0
|
|
||||||
}
|
|
||||||
pub fn caller_ctx(&self) -> CallerCtx {
|
pub fn caller_ctx(&self) -> CallerCtx {
|
||||||
CallerCtx {
|
CallerCtx {
|
||||||
uid: self.euid,
|
uid: self.euid,
|
||||||
|
|||||||
@@ -13,7 +13,6 @@ use crate::{
|
|||||||
arch::sleep,
|
arch::sleep,
|
||||||
context::file::InternalFlags,
|
context::file::InternalFlags,
|
||||||
event,
|
event,
|
||||||
scheme::caps,
|
|
||||||
sync::{CleanLockToken, RwLock, WaitCondition, L1},
|
sync::{CleanLockToken, RwLock, WaitCondition, L1},
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -140,7 +139,7 @@ impl KernelScheme for AcpiScheme {
|
|||||||
.or(Err(Error::new(EINVAL)))?
|
.or(Err(Error::new(EINVAL)))?
|
||||||
.trim_start_matches('/');
|
.trim_start_matches('/');
|
||||||
|
|
||||||
if !ctx.has_cap(caps::CAP_ACPI) {
|
if !ctx.has_cap(crate::scheme::caps::CAP_ACPI) {
|
||||||
return Err(Error::new(EACCES));
|
return Err(Error::new(EACCES));
|
||||||
}
|
}
|
||||||
if flags & O_CREAT == O_CREAT {
|
if flags & O_CREAT == O_CREAT {
|
||||||
|
|||||||
@@ -1,11 +1,29 @@
|
|||||||
|
//! Kernel capability bitmask for fine-grained privilege control.
|
||||||
|
//!
|
||||||
|
//! Each capability is a single bit in a `u64`. Processes with `euid == 0`
|
||||||
|
//! (via procmgr SetResugid) receive `CAP_ALL`. Non-root processes receive `0`
|
||||||
|
//! by default. Future work: explicit capability assignment via proc scheme.
|
||||||
|
|
||||||
|
/// Register or unregister kernel schemes.
|
||||||
pub const CAP_SCHEME_REGISTER: u64 = 1 << 0;
|
pub const CAP_SCHEME_REGISTER: u64 = 1 << 0;
|
||||||
|
/// Map physical memory (scheme:memory/physical).
|
||||||
pub const CAP_PHYS_MEM: u64 = 1 << 1;
|
pub const CAP_PHYS_MEM: u64 = 1 << 1;
|
||||||
|
/// Allocate IRQ vectors (scheme:irq).
|
||||||
pub const CAP_IRQ: u64 = 1 << 2;
|
pub const CAP_IRQ: u64 = 1 << 2;
|
||||||
|
/// Access ACPI tables (scheme:acpi).
|
||||||
pub const CAP_ACPI: u64 = 1 << 3;
|
pub const CAP_ACPI: u64 = 1 << 3;
|
||||||
|
/// Use kernel debugger (scheme:debug).
|
||||||
pub const CAP_SYS_DEBUG: u64 = 1 << 4;
|
pub const CAP_SYS_DEBUG: u64 = 1 << 4;
|
||||||
|
/// Write to arbitrary files / sys:action (scheme:sys write).
|
||||||
pub const CAP_SYS_WRITE: u64 = 1 << 5;
|
pub const CAP_SYS_WRITE: u64 = 1 << 5;
|
||||||
|
/// Read/write model-specific registers (scheme:msr).
|
||||||
pub const CAP_SYS_MSR: u64 = 1 << 6;
|
pub const CAP_SYS_MSR: u64 = 1 << 6;
|
||||||
|
/// Access PS/2 keyboard/mouse (scheme:serio).
|
||||||
pub const CAP_SERIO: u64 = 1 << 7;
|
pub const CAP_SERIO: u64 = 1 << 7;
|
||||||
|
/// Change file ownership (scheme:user chown).
|
||||||
pub const CAP_CHOWN: u64 = 1 << 8;
|
pub const CAP_CHOWN: u64 = 1 << 8;
|
||||||
|
/// Modify process attributes: setuid/setgid, ptrace, signal to arbitrary procs.
|
||||||
pub const CAP_PROC_ATTR: u64 = 1 << 9;
|
pub const CAP_PROC_ATTR: u64 = 1 << 9;
|
||||||
|
|
||||||
|
/// All capabilities set — assigned to euid == 0 processes.
|
||||||
pub const CAP_ALL: u64 = !0u64;
|
pub const CAP_ALL: u64 = !0u64;
|
||||||
|
|||||||
@@ -73,7 +73,7 @@ impl KernelScheme for DebugScheme {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let path = user_buf.as_str().or(Err(Error::new(EINVAL)))?;
|
let path = user_buf.as_str().or(Err(Error::new(EINVAL)))?;
|
||||||
if !ctx.has_cap(caps::CAP_SYS_DEBUG) {
|
if !ctx.has_cap(crate::scheme::caps::CAP_SYS_DEBUG) {
|
||||||
return Err(Error::new(EPERM));
|
return Err(Error::new(EPERM));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -18,7 +18,6 @@ use syscall::{
|
|||||||
use crate::context::file::InternalFlags;
|
use crate::context::file::InternalFlags;
|
||||||
|
|
||||||
use super::{CallerCtx, HandleMap, OpenResult, SchemeExt, StrOrBytes};
|
use super::{CallerCtx, HandleMap, OpenResult, SchemeExt, StrOrBytes};
|
||||||
use super::caps;
|
|
||||||
#[cfg(any(target_arch = "x86_64", target_arch = "x86"))]
|
#[cfg(any(target_arch = "x86_64", target_arch = "x86"))]
|
||||||
use crate::arch::device::{ioapic, local_apic::ApicId};
|
use crate::arch::device::{ioapic, local_apic::ApicId};
|
||||||
|
|
||||||
@@ -257,7 +256,7 @@ impl crate::scheme::KernelScheme for IrqScheme {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let path = user_buf.as_str().or(Err(Error::new(EINVAL)))?;
|
let path = user_buf.as_str().or(Err(Error::new(EINVAL)))?;
|
||||||
if !ctx.has_cap(caps::CAP_IRQ) {
|
if !ctx.has_cap(crate::scheme::caps::CAP_IRQ) {
|
||||||
return Err(Error::new(EACCES));
|
return Err(Error::new(EACCES));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -9,7 +9,6 @@ use crate::{
|
|||||||
memory::{handle_notify_files, AddrSpace, AddrSpaceWrapper, Grant, PageSpan},
|
memory::{handle_notify_files, AddrSpace, AddrSpaceWrapper, Grant, PageSpan},
|
||||||
},
|
},
|
||||||
memory::{free_frames, used_frames, Frame, VirtualAddress, PAGE_SIZE},
|
memory::{free_frames, used_frames, Frame, VirtualAddress, PAGE_SIZE},
|
||||||
scheme::caps,
|
|
||||||
sync::CleanLockToken,
|
sync::CleanLockToken,
|
||||||
syscall::{
|
syscall::{
|
||||||
data::{Map, StatVfs},
|
data::{Map, StatVfs},
|
||||||
@@ -233,7 +232,7 @@ impl KernelScheme for MemoryScheme {
|
|||||||
.ok_or(Error::new(ENOENT))?;
|
.ok_or(Error::new(ENOENT))?;
|
||||||
|
|
||||||
// TODO: Support arches with other default memory types?
|
// TODO: Support arches with other default memory types?
|
||||||
if !ctx.has_cap(caps::CAP_PHYS_MEM)
|
if !ctx.has_cap(crate::scheme::caps::CAP_PHYS_MEM)
|
||||||
&& (!flags.is_empty()
|
&& (!flags.is_empty()
|
||||||
|| !matches!(
|
|| !matches!(
|
||||||
(handle_ty, mem_ty),
|
(handle_ty, mem_ty),
|
||||||
|
|||||||
@@ -51,7 +51,6 @@ use self::{
|
|||||||
};
|
};
|
||||||
|
|
||||||
/// When compiled with the "acpi" feature - `acpi:` - allows drivers to read a limited set of ACPI tables.
|
/// When compiled with the "acpi" feature - `acpi:` - allows drivers to read a limited set of ACPI tables.
|
||||||
pub mod caps;
|
|
||||||
pub mod acpi;
|
pub mod acpi;
|
||||||
|
|
||||||
pub mod dtb;
|
pub mod dtb;
|
||||||
@@ -80,6 +79,8 @@ pub mod serio;
|
|||||||
/// `sys:` - system information, such as the context list and scheme list
|
/// `sys:` - system information, such as the context list and scheme list
|
||||||
pub mod sys;
|
pub mod sys;
|
||||||
|
|
||||||
|
pub mod caps;
|
||||||
|
|
||||||
/// `time:` - allows reading time, setting timeouts and getting events when they are met
|
/// `time:` - allows reading time, setting timeouts and getting events when they are met
|
||||||
pub mod time;
|
pub mod time;
|
||||||
|
|
||||||
@@ -816,7 +817,7 @@ pub struct CallerCtx {
|
|||||||
}
|
}
|
||||||
impl CallerCtx {
|
impl CallerCtx {
|
||||||
pub fn has_cap(&self, cap: u64) -> bool {
|
pub fn has_cap(&self, cap: u64) -> bool {
|
||||||
self.caps & cap != 0
|
self.caps & cap == cap
|
||||||
}
|
}
|
||||||
pub fn filter_uid_gid(self, euid: u32, egid: u32) -> Self {
|
pub fn filter_uid_gid(self, euid: u32, egid: u32) -> Self {
|
||||||
if self.uid == 0 && self.gid == 0 {
|
if self.uid == 0 && self.gid == 0 {
|
||||||
|
|||||||
@@ -1273,7 +1273,11 @@ impl ContextHandle {
|
|||||||
guard.pid = info.pid as usize;
|
guard.pid = info.pid as usize;
|
||||||
guard.euid = info.euid;
|
guard.euid = info.euid;
|
||||||
guard.egid = info.egid;
|
guard.egid = info.egid;
|
||||||
guard.caps = if info.euid == 0 { crate::scheme::caps::CAP_ALL } else { 0 };
|
guard.caps = if info.euid == 0 {
|
||||||
|
crate::scheme::caps::CAP_ALL
|
||||||
|
} else {
|
||||||
|
0
|
||||||
|
};
|
||||||
guard.prio = (info.prio as usize).min(39);
|
guard.prio = (info.prio as usize).min(39);
|
||||||
Ok(size_of::<ProcSchemeAttrs>())
|
Ok(size_of::<ProcSchemeAttrs>())
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -79,7 +79,7 @@ impl KernelScheme for SerioScheme {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let path = user_buf.as_str().or(Err(Error::new(EINVAL)))?;
|
let path = user_buf.as_str().or(Err(Error::new(EINVAL)))?;
|
||||||
if !ctx.has_cap(caps::CAP_SERIO) {
|
if !ctx.has_cap(crate::scheme::caps::CAP_SERIO) {
|
||||||
return Err(Error::new(EPERM));
|
return Err(Error::new(EPERM));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -24,7 +24,6 @@ use crate::{
|
|||||||
};
|
};
|
||||||
|
|
||||||
use super::{CallerCtx, HandleMap, KernelScheme, OpenResult, StrOrBytes};
|
use super::{CallerCtx, HandleMap, KernelScheme, OpenResult, StrOrBytes};
|
||||||
use super::caps;
|
|
||||||
|
|
||||||
mod block;
|
mod block;
|
||||||
mod context;
|
mod context;
|
||||||
@@ -142,7 +141,7 @@ impl KernelScheme for SysScheme {
|
|||||||
} else if path.starts_with("msr/") {
|
} else if path.starts_with("msr/") {
|
||||||
#[cfg(any(target_arch = "x86", target_arch = "x86_64"))]
|
#[cfg(any(target_arch = "x86", target_arch = "x86_64"))]
|
||||||
{
|
{
|
||||||
if !ctx.has_cap(caps::CAP_SYS_MSR) {
|
if !ctx.has_cap(crate::scheme::caps::CAP_SYS_MSR) {
|
||||||
return Err(Error::new(EPERM));
|
return Err(Error::new(EPERM));
|
||||||
}
|
}
|
||||||
let rest = &path[4..];
|
let rest = &path[4..];
|
||||||
@@ -168,7 +167,7 @@ impl KernelScheme for SysScheme {
|
|||||||
.find(|(entry_path, _)| *entry_path == path)
|
.find(|(entry_path, _)| *entry_path == path)
|
||||||
.ok_or(Error::new(ENOENT))?;
|
.ok_or(Error::new(ENOENT))?;
|
||||||
|
|
||||||
if matches!(entry.1, Wr(_)) && !ctx.has_cap(caps::CAP_SYS_WRITE) {
|
if matches!(entry.1, Wr(_)) && !ctx.has_cap(crate::scheme::caps::CAP_SYS_WRITE) {
|
||||||
return Err(Error::new(EPERM));
|
return Err(Error::new(EPERM));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ use crate::{
|
|||||||
},
|
},
|
||||||
event,
|
event,
|
||||||
memory::{Frame, Page, VirtualAddress, PAGE_SIZE},
|
memory::{Frame, Page, VirtualAddress, PAGE_SIZE},
|
||||||
scheme::{caps, SchemeId},
|
scheme::SchemeId,
|
||||||
sync::{CleanLockToken, LockToken, Mutex, RwLock, WaitQueue, L1},
|
sync::{CleanLockToken, LockToken, Mutex, RwLock, WaitQueue, L1},
|
||||||
syscall::{
|
syscall::{
|
||||||
data::{Map, StdFsCallMeta},
|
data::{Map, StdFsCallMeta},
|
||||||
@@ -1590,7 +1590,7 @@ impl KernelScheme for UserScheme {
|
|||||||
{
|
{
|
||||||
let ctx = context::current();
|
let ctx = context::current();
|
||||||
let cx = &ctx.read(token.token());
|
let cx = &ctx.read(token.token());
|
||||||
if !cx.has_cap(caps::CAP_CHOWN) && (uid != cx.euid || gid != cx.egid) {
|
if !cx.has_cap(crate::scheme::caps::CAP_CHOWN) && (uid != cx.euid || gid != cx.egid) {
|
||||||
return Err(Error::new(EPERM));
|
return Err(Error::new(EPERM));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
[source]
|
[source]
|
||||||
git = "https://gitlab.redox-os.org/redox-os/userutils.git"
|
git = "https://gitlab.redox-os.org/redox-os/userutils.git"
|
||||||
patches = ["P5-redbear-branding.patch", "P6-login-privilege-drop.patch"]
|
patches = ["P5-redbear-branding.patch", "P6-login-privilege-drop.patch", "P7-login-diagnostics.patch"]
|
||||||
|
|
||||||
[build]
|
[build]
|
||||||
template = "custom"
|
template = "custom"
|
||||||
|
|||||||
Submodule recipes/core/userutils/source updated: 9c37ba8c19...0c5274faa9
Executable
+1815
File diff suppressed because it is too large
Load Diff
Executable
+2354
File diff suppressed because it is too large
Load Diff
Executable
+18882
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user