userutils compiled redox-rt with default-features=false, disabling the proc feature. This caused login's fork to not pass proc fd to child shell, triggering assertion failed: info.has_proc_fd in redox-rt. P8 patch enables features=['proc']. Verified: zero panics on boot, login works for user/root.
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
- login.rs: drop privileges via setresugid after authentication
- login.rs: add namespace isolation to password auth path (was missing)
- login.rs: add drm, input schemes to DEFAULT_SCHEMES
- sudo service: rename 00_sudo -> 12_sudo, type daemon (no boot block)
- Branded login screen with figlet RedBear OS v0.2.2 'Liliya'
- Root user kept but not advertised on login screen
- P6-login-privilege-drop.patch generated and wired
Implements Phase 1 of Plan 9 namespace privilege model:
login creates restricted namespace (mkns/setns) then drops
uid/gid to authenticated user before spawning shell.
Red Bear OS is a full fork. All sources must be available from git clone
with zero network access. Removed gitignore rules that excluded fetched
source trees under recipes/*/source/, local/recipes/kde/*/source/,
local/recipes/qt/*/source/, and vendor source trees.
Build artifacts (target/, build/, source.tar, *.o, *.so) remain excluded.
127291 files added — kernel, relibc, base, bootloader, pkgar, all KDE/Qt
frameworks, mesa, wayland, DRM drivers, and every other recipe source.
Base: fix P6-driver-new-modules.patch (ed format -> unified diff) for new
driver modules (ncq, itr, phy). P6-driver-main-fixes.patch now applies with
offset on current upstream source.
Relibc: remove stale P5-named-semaphores (upstream has stubs), add
P10-stack-size-8mb and P11-getrlimit-getrusage (per-process rlimit table,
sysconf integration, getdtablesize fix, null-pointer safety).
Kernel: consolidate 29 individual patches into single redbear-consolidated.patch.
Userutils: P5-redbear-branding replaces P4-login-rate-limit.
Recipe.toml changes now committed so they survive source resets.
P2-2: Login rate limiting (userutils/login.rs):
- Tracks consecutive failures, resets on success
- 3+ failures: exponential delay up to 30 seconds
- Applies to both password and blank-password login paths
P2-3: Network stack in initfs (base-initfs + service files):
- Added e1000d, rtl8168d to base-initfs BINS
- 60_smolnetd.service: network stack in initfs
- 61_dhcpd.service: DHCP client in initfs
- Network available before switch_root
Part of COMPREHENSIVE-FIX-AND-IMPROVEMENT-PLAN Phases P2.
Enforce that every source-tree edit must be mirrored to local/patches/
and wired into recipe.toml in the same session. Apply the policy
retroactively to userutils res/issue and res/motd (Redox → Red Bear).
Derivative of Redox OS (https://www.redox-os.org) adding:
- AMD GPU driver (amdgpu) via LinuxKPI compat layer
- ext4 filesystem support (ext4d scheme daemon)
- ACPI fixes for AMD bare metal (x2APIC, DMAR, IVRS, MCFG)
- Custom branding (hostname, os-release, boot identity)
Build system is full upstream Redox with RBOS overlay in local/.
Patches for kernel, base, and relibc are symlinked from local/patches/
and protected from make clean/distclean. Custom recipes live in
local/recipes/ with symlinks into the recipes/ search path.
Build: make all CONFIG_NAME=redbear-full
Sync: ./local/scripts/sync-upstream.sh