Replace all 9 kernel uid==0 privilege checks with a capability bitmask
model. Adds caps:u64 field to Context and CallerCtx, with CAP_ALL for
root processes. Zero behavioral change - uid==0 still gets all caps.
New module: src/scheme/caps.rs with 10 capability constants.
9 check sites converted: acpi, irq, memory, debug, serio, sys (msr+write),
scheme registration, and fchown.
Patch: local/patches/kernel/P27-capability-bitmask.patch
- login.rs: drop privileges via setresugid after authentication
- login.rs: add namespace isolation to password auth path (was missing)
- login.rs: add drm, input schemes to DEFAULT_SCHEMES
- sudo service: rename 00_sudo -> 12_sudo, type daemon (no boot block)
- Branded login screen with figlet RedBear OS v0.2.2 'Liliya'
- Root user kept but not advertised on login screen
- P6-login-privilege-drop.patch generated and wired
Implements Phase 1 of Plan 9 namespace privilege model:
login creates restricted namespace (mkns/setns) then drops
uid/gid to authenticated user before spawning shell.
Three fixes for the KWin DRM device discovery failure:
1. drm_scheme_ready(): replace head -c 1 with exec 3< open test.
Reading from a DRM scheme fd blocks because the scheme expects
ioctl-style request/response, not streaming reads. Use open()
success as the scheme availability probe instead.
2. ConsoleKitSession::create(): return nullptr immediately.
The D-Bus isServiceRegistered() call can block indefinitely when
the bus daemon doesn't fully implement org.freedesktop.DBus.
With both LogindSession and ConsoleKitSession returning nullptr,
Session::create() falls through to NoopSession which uses plain
open() for DRM device access.
3. Boot chain deps: redox-drm depends on driver-manager,
greeter depends on evdevd (keyboard/mouse ready before login).
Also includes: KF6 CMake build fixes, Qt6 platform patches,
libdrm Redox ioctl shim, and wayland.toml scheme check fix.
The cookbook resolves patch paths from recipe.dir which is the symlink
path (recipes/libs/libdrm/), not the physical path (local/recipes/).
Fix ../../../patches/libdrm/ → ../../../local/patches/libdrm/ to
match the convention used by kernel, base, relibc, and other recipes.
Replace 95-line manual symlink list with auto-discovery of all
local/recipes/<category>/<name>/ directories. This fixes 15 missing
symlinks that would have blocked the redbear-full build, including
critical packages: libdrm, qtbase, qtwayland, libinput, libevdev,
seatd, and wayland-protocols.
Special-case aliases preserved:
- kf6-kirigami → kirigami (KDE expects both names)
- wip/wayland/qt6-wayland-smoke (historical WIP path)
L1: Add make qemu-ram target — copies disk image to host tmpfs before
QEMU boots, eliminating host disk I/O during OS runtime.
Usage: make qemu-ram CONFIG_NAME=redbear-full QEMU_MEM=12288
L2: Create local/recipes/AGENTS.md — comprehensive catalog of all 165
custom recipes across 15 categories with descriptions.
L3: CollisionTracker already fully implemented and wired into installer
(recipes/core/installer/source/src/collision.rs, 267 lines).
L4: Add scripts/validate-collision-log.sh to make validate target —
scans build logs for [COLLISION-ERROR]/[COLLISION-WARN] markers
from the runtime CollisionTracker.
Add #ifdef __redox__ path to drmGetDeviceFromDevId() that mirrors the
working drmGetDevice2() Redox implementation. On Redox there is no
/dev/dri/ directory — DRM devices are accessed via /scheme/drm/card0.
The patch constructs a drmDevice with both PRIMARY and RENDER nodes
pointing to /scheme/drm/card0, since the redox-drm scheme serves both
roles through a single endpoint.
Also fixes drmParseSubsystemType() to return DRM_BUS_PCI on Redox.
Fix P3 patch paths (strip local/recipes/libs/libdrm/source/ prefix
from diff headers so patches apply correctly during repo fetch).
logd was starting before randd, causing a panic when the Rust std
library tried to get random data from /scheme/rand which didn't
exist yet. This cascaded into fbbootlogd failing (no log scheme)
and vesad timing out, blocking the console/getty chain entirely.
P58 adds:
- 00_logd.service: requires = ["00_randd.service"]
- 20_fbbootlogd.service: requires = ["00_logd.service"]
Result: mini ISO boots to RedBear Login: prompt with working
console, D-Bus, driver-manager, and all boot stage markers.
When LOGD_JSON=1 is set in the environment, logd formats all log
lines as JSON objects with timestamp, source, and message fields.
Also fixes indentation issues in P51 logd rotation patch.
The service_logs declaration hunk was targeting line 48 instead of 49,
causing patch to insert it inside the let persistent_log chain instead
of inside the thread spawn closure.
P53: Change itr_tracker insertion point from line 46 to 47
so it applies after NetworkScheme::new() closing, not inside it.
P45: Add log.workspace = true to ixgbed Cargo.toml since
P45 adds log::error! usage to ixgbed main.rs.
P46 migrated ac97d to pci_allocate_interrupt_vector but missed
adding to the pcid_handle parameter. This caused build
failure: cannot borrow pcid_handle as mutable.
The original P49 patch had incorrect line numbers that caused
patch --fuzz=3 to insert cpu_id field and methods at wrong locations,
corrupting irq_helpers.rs. Regenerate from clean P0-P48 baseline.
Reads from /scheme/acpi/thermal/, /scheme/acpi/fan/, and /scheme/acpi/cstates/
plus /scheme/sys/cstate_policy to populate the --health dashboard with
hardware thermal status, fan activity, and CPU power-management state.
Re-implements work that was lost due to ephemeral source/ subdirectory.
ITR dynamically adjusts interrupt coalescing based on packet rate.
- Add ITR register (0xC4) and set_itr() to device.rs
- Add itr.rs tracker with hysteresis-based rate adaptation
- Wire tracker into IRQ handler in main.rs
- Document in AGENTS.md: source/ is ALWAYS rewritten
- Add intel_vtd.rs module with DMAR parsing, DRHD discovery,
register definitions, and basic unit initialization
- Update iommu daemon discovery to detect both AMD-Vi (IVRS)
and Intel VT-d (DMAR) units
- Update IommuScheme to track both amd_units and intel_units
- Intel VT-d init: version check, capability read, disable
translation, report supported features (QI, IR, EIM)
Full DMA remapping enablement (root table, context entries,
page tables, command buffer) remains as TODO for follow-up.
- drivers/acpid/src/cstate.rs: Evaluate _CST per processor, parse
Package-of-Packages into CStateInfo structs
- AcpiContext: add cstate_state field with refresh, add processor_names()
to scan _PR namespace
- acpid scheme: expose /scheme/acpi/cstates/<proc> read handles
- thermald: read /scheme/sys/cstate, set /scheme/sys/cstate_policy
to restrict to C1 when temp exceeds WARNING_TEMP
Works with kernel P25 cpuidle deep C-states.
Define 4 hardware target classes (AMD/Intel desktop/laptop),
per-target checklist, negative-result capture format, and
quick/full test procedures. Ready for bare-metal evidence.
Detect CPU vendor by probing MSRs (Intel IA32_THERM_STATUS vs AMD
TCTL MSR C0010293). Support both Intel Tjmax-based and AMD direct
temperature reading. Log detected vendor per CPU at startup.
Extend logd output thread to write logs to per-service files in
/var/log/<service>.log, with automatic size-based rotation (10 MB
threshold, 5 backup files). All logs also go to /var/log/system.log.
Backwards compatible with existing sink file descriptors.
Add RateLimitedLog to common::logger for per-message rate limiting with
"last message repeated N times" warnings. Add structured_log! macro for
key=value formatted logs. Update thermald to rate-limit the max-temp
summary line (30s interval) to reduce log volume.
Track the target CPU ID in InterruptVector, and log the interrupt type
(MSI-X/MSI/Legacy) and CPU affinity at allocation time in
pci_allocate_interrupt_vector. Add log_affinity() helper for drivers
to call after setup.
Add fan.rs module to acpid that discovers FAN* devices under \_TZ,
evaluates _FST for current speed level and RPM, and exposes them via
/scheme/acpi/fan/<name>/status. Update thermald to read and log fan
status alongside temperature sensors.
Replace the old hardcoded /scheme/acpi/thermal_zone/{n} paths with
proper discovery of /scheme/acpi/thermal/ zones and /scheme/coretemp/
CPU temperatures. Logs per-zone and per-CPU temps with max tracking.
Switch network drivers from legacy INTx to pci_allocate_interrupt_vector
which auto-prefers MSI-X > MSI > Legacy. rtl8139d and rtl8168d already
used this helper; e1000d and ixgbed were the remaining legacy-only NIC
drivers.
Implement CPU power-saving idle loop using x86 MONITOR/MWAIT:
- Add monitor(), mwait(), enable_and_mwait() to interrupt module
- Detect MWAIT availability via CPUID at boot
- Use MONITOR+MWAIT instead of STI+HLT when supported
- Expose /scheme/sys/cstate_policy for userspace control
- Add RdWr Kind variant to sys scheme for read+write files
Graceful init patches for fbcond, graphics scheme, smolnetd, vesad,
PCI interrupt allocation, BAR probing, common init, inputd fallback,
and dhcpd hard dependency ordering.
Implement full thermal zone backend in acpid:
- thermal.rs: Discover \_TZ_.TZ* zones, evaluate \_TMP, \_CRT, \_PSV,
\_AC0, \_TC1, \_TC2, \_TSP, \_TZP methods
- scheme.rs: Expose /scheme/acpi/thermal/ with per-zone temperature files
- acpi.rs: Add thermal_state and thermal_zone_names() to AcpiContext
Wired as P44 patch in base recipe.toml.