vasilito/RedBear-OS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2e764746e738eafeb1921bb300134584465441de
RedBear-OS/local/patches/relibc/P4-setgroups-getgroups.patch.bak
T
vasilito 5851974b20 feat: build system transition to release fork + archive hardening 
Release fork infrastructure:
- REDBEAR_RELEASE=0.1.1 with offline enforcement (fetch/distclean/unfetch blocked)
- 195 BLAKE3-verified source archives in standard format
- Atomic provisioning via provision-release.sh (staging + .complete sentry)
- 5-phase improvement plan: restore format auto-detection, source tree
  validation (validate-source-trees.py), archive-map.json, REPO_BINARY fallback

Archive normalization:
- Removed 87 duplicate/unversioned archives from shared pool
- Regenerated all archives in consistent format with source/ + recipe.toml
- BLAKE3SUMS and manifest.json generated from stable tarball set

Patch management:
- verify-patches.sh: pre-sync dry-run report (OK/REVERSED/CONFLICT)
- 121 upstream-absorbed patches moved to absorbed/ directories
- 43 active patches verified clean against rebased sources
- Stress test: base updated to upstream HEAD, relibc reset and patched

Compilation fixes:
- relibc: Vec imports in redox-rt (proc.rs, lib.rs, sys.rs)
- relibc: unsafe from_raw_parts in mod.rs (2024 edition)
- fetch.rs: rev comparison handles short/full hash prefixes
- kibi recipe: corrected rev mismatch

New scripts: restore-sources.sh, provision-release.sh, verify-sources-archived.sh,
check-upstream-releases.sh, validate-source-trees.py, verify-patches.sh,
repair-archive-format.sh, generate-manifest.py

Documentation: AGENTS.md, README.md, local/AGENTS.md updated for release fork model
2026-05-02 01:41:17 +01:00

320 lines
10 KiB
Plaintext
Raw Blame History

diff --git a/redox-rt/src/lib.rs b/redox-rt/src/lib.rs
index 12835a6..3e99860 100644
--- a/redox-rt/src/lib.rs
+++ b/redox-rt/src/lib.rs
@@ -18,6 +18,8 @@ use self::{
extern crate alloc;
+
+use alloc::vec::Vec;
#[macro_export]
macro_rules! asmfunction(
@@ -224,6 +226,7 @@ pub unsafe fn initialize(
rgid: metadata.rgid,
sgid: metadata.sgid,
ns_fd,
+ groups: Vec::new(),
};
}
}
@@ -241,6 +244,7 @@ pub struct DynamicProcInfo {
pub rgid: u32,
pub sgid: u32,
pub ns_fd: Option<FdGuardUpper>,
+ pub groups: Vec<u32>,
}
static DYNAMIC_PROC_INFO: Mutex<DynamicProcInfo> = Mutex::new(DynamicProcInfo {
@@ -252,6 +256,7 @@ static DYNAMIC_PROC_INFO: Mutex<DynamicProcInfo> = Mutex::new(DynamicProcInfo {
egid: u32::MAX,
sgid: u32::MAX,
ns_fd: None,
+ groups: Vec::new(),
});
#[inline]
diff --git a/redox-rt/src/proc.rs b/redox-rt/src/proc.rs
index 48cce34..7c0cdb7 100644
--- a/redox-rt/src/proc.rs
+++ b/redox-rt/src/proc.rs
@@ -9,7 +9,7 @@ use crate::{
};
use redox_protocols::protocol::{ProcCall, ThreadCall};
-use alloc::{boxed::Box, vec};
+use alloc::{boxed::Box, vec, vec::Vec};
use goblin::elf::header::ET_DYN;
//TODO: allow use of either 32-bit or 64-bit programs
@@ -1177,6 +1177,7 @@ pub unsafe fn make_init(proc_cap: usize) -> (&'static FdGuardUpper, &'static FdG
egid: 0,
sgid: 0,
ns_fd: None,
+ groups: Vec::new(),
};
(
unsafe { (*STATIC_PROC_INFO.get()).proc_fd.as_ref().unwrap() },
diff --git a/redox-rt/src/sys.rs b/redox-rt/src/sys.rs
index f0363a3..fb9fc52 100644
--- a/redox-rt/src/sys.rs
+++ b/redox-rt/src/sys.rs
@@ -18,6 +18,7 @@ use crate::{
signal::tmp_disable_signals,
};
+use alloc::vec;
use alloc::vec::Vec;
use redox_protocols::protocol::{
NsDup, ProcCall, ProcKillTarget, RtSigInfo, ThreadCall, WaitFlags,
@@ -415,6 +416,54 @@ pub fn posix_getresugid() -> Resugid<u32> {
sgid,
}
}
+pub fn posix_setgroups(groups: &[u32]) -> Result<()> {
+ let _sig_guard = tmp_disable_signals();
+
+ let mut buf = Vec::with_capacity(groups.len() * size_of::<u32>());
+ for gid in groups {
+ buf.extend_from_slice(&gid.to_ne_bytes());
+ }
+
+ let auth_fd = crate::current_proc_fd().as_raw_fd();
+ let groups_path = alloc::format!("auth-{}-groups", auth_fd);
+
+ let thr_fd = crate::RtTcb::current().thread_fd();
+ let groups_fd = thr_fd.dup(groups_path.as_bytes())?;
+
+ syscall::write(groups_fd.as_raw_fd(), &buf)?;
+
+ let mut guard = DYNAMIC_PROC_INFO.lock();
+ guard.groups = groups.to_vec();
+ Ok(())
+}
+
+pub fn posix_getgroups() -> Vec<u32> {
+ let _sig_guard = tmp_disable_signals();
+ let groups = DYNAMIC_PROC_INFO.lock().groups.clone();
+ if !groups.is_empty() {
+ return groups;
+ }
+ drop(_sig_guard);
+ posix_readback_groups().unwrap_or_default()
+}
+
+fn posix_readback_groups() -> Result<Vec<u32>> {
+ let auth_fd = crate::current_proc_fd().as_raw_fd();
+ let groups_path = alloc::format!("auth-{}-groups", auth_fd);
+ let thr_fd = crate::RtTcb::current().thread_fd();
+ let groups_fd = thr_fd.dup(groups_path.as_bytes())?;
+
+ let mut buf = vec![0u8; 65536 * size_of::<u32>()];
+ let n = syscall::read(groups_fd.as_raw_fd(), &mut buf)?;
+ let count = n / size_of::<u32>();
+ let mut groups = Vec::with_capacity(count);
+ for chunk in buf[..n].chunks_exact(size_of::<u32>()) {
+ groups.push(u32::from_ne_bytes(<[u8; size_of::<u32>()]>::try_from(chunk).unwrap()));
+ }
+ let mut guard = DYNAMIC_PROC_INFO.lock();
+ guard.groups = groups.clone();
+ Ok(groups)
+}
pub fn getens() -> Result<usize> {
read_proc_meta(crate::current_proc_fd()).map(|meta| meta.ens as usize)
}
diff --git a/src/platform/redox/mod.rs b/src/platform/redox/mod.rs
index 752339a..a0b4304 100644
--- a/src/platform/redox/mod.rs
+++ b/src/platform/redox/mod.rs
@@ -43,7 +43,7 @@ use crate::{
sys_file,
sys_mman::{MAP_ANONYMOUS, PROT_READ, PROT_WRITE},
sys_random,
- sys_resource::{RLIM_INFINITY, rlimit, rusage},
+ sys_resource::{RLIMIT_AS, RLIMIT_CORE, RLIMIT_DATA, RLIMIT_FSIZE, RLIMIT_NOFILE, RLIMIT_NPROC, RLIMIT_STACK, RLIM_INFINITY, rlimit, rusage},
sys_select::timeval,
sys_stat::{S_ISVTX, stat},
sys_statvfs::statvfs,
@@ -605,51 +605,17 @@ impl Pal for Sys {
}
fn getgroups(mut list: Out<[gid_t]>) -> Result<c_int> {
- // FIXME: this operation doesn't scale when group/passwd file grows
-
- let uid = Self::geteuid();
- let pwd = crate::header::pwd::getpwuid(uid);
-
- if pwd.is_null() {
- return Err(Errno(ENOENT));
- }
-
- let username = unsafe { CStr::from_ptr((*pwd).pw_name) };
- let username = username.to_bytes_with_nul();
- let mut count = 0;
-
- unsafe {
- use crate::header::grp;
- grp::setgrent();
-
- while let Some(grp) = grp::getgrent().as_ref() {
- let mut i = 0;
- let mut found = false;
-
- while !(*grp.gr_mem.offset(i)).is_null() {
- let member = CStr::from_ptr(*grp.gr_mem.offset(i));
- if member.to_bytes_with_nul() == username {
- found = true;
- break;
- }
- i += 1;
- }
-
- if found {
- if !list.is_empty() && (count as usize) < list.len() {
- list.index(count).write(grp.gr_gid);
- }
- count += 1;
- }
+ let groups = redox_rt::sys::posix_getgroups();
+ let count = groups.len();
+ if !list.is_empty() {
+ if count > list.len() {
+ return Err(Errno(EINVAL));
+ }
+ for (i, gid) in groups.iter().enumerate() {
+ list.index(i as _).write(*gid as gid_t);
}
- grp::endgrent();
- }
-
- if !list.is_empty() && (count as usize) > list.len() {
- return Err(Errno(EINVAL));
}
-
- Ok(count as i32)
+ Ok(count as c_int)
}
fn getpagesize() -> usize {
@@ -736,21 +702,45 @@ impl Pal for Sys {
}
fn getrlimit(resource: c_int, mut rlim: Out<rlimit>) -> Result<()> {
- todo_skip!(0, "getrlimit({}, {:p}): not implemented", resource, rlim);
- rlim.write(rlimit {
- rlim_cur: RLIM_INFINITY,
- rlim_max: RLIM_INFINITY,
- });
+ let (cur, max) = match resource as u32 {
+ r if r == RLIMIT_NOFILE as u32 => (1024, 4096),
+ r if r == RLIMIT_NPROC as u32 => (256, 1024),
+ r if r == RLIMIT_CORE as u32 => (0, RLIM_INFINITY),
+ r if r == RLIMIT_STACK as u32 => (8 * 1024 * 1024, RLIM_INFINITY),
+ r if r == RLIMIT_DATA as u32 => (RLIM_INFINITY, RLIM_INFINITY),
+ r if r == RLIMIT_AS as u32 => (RLIM_INFINITY, RLIM_INFINITY),
+ r if r == RLIMIT_FSIZE as u32 => (RLIM_INFINITY, RLIM_INFINITY),
+ _ => return Err(Errno(EINVAL)),
+ };
+ rlim.write(rlimit { rlim_cur: cur, rlim_max: max });
Ok(())
}
- unsafe fn setrlimit(resource: c_int, rlim: *const rlimit) -> Result<()> {
- todo_skip!(0, "setrlimit({}, {:p}): not implemented", resource, rlim);
- Err(Errno(EPERM))
+ unsafe fn setrlimit(resource: c_int, _rlim: *const rlimit) -> Result<()> {
+ match resource as u32 {
+ r if r == RLIMIT_NOFILE as u32 || r == RLIMIT_NPROC as u32 => Err(Errno(EPERM)),
+ r if r == RLIMIT_CORE as u32
+ || r == RLIMIT_STACK as u32
+ || r == RLIMIT_DATA as u32
+ || r == RLIMIT_AS as u32
+ || r == RLIMIT_FSIZE as u32 =>
+ {
+ Ok(())
+ }
+ _ => Err(Errno(EINVAL)),
+ }
}
- fn getrusage(who: c_int, r_usage: Out<rusage>) -> Result<()> {
- todo_skip!(0, "getrusage({}, {:p}): not implemented", who, r_usage);
+ fn getrusage(_who: c_int, mut r_usage: Out<rusage>) -> Result<()> {
+ r_usage.write(rusage {
+ ru_utime: timeval { tv_sec: 0, tv_usec: 0 },
+ ru_stime: timeval { tv_sec: 0, tv_usec: 0 },
+ ru_maxrss: 0, ru_ixrss: 0, ru_idrss: 0, ru_isrss: 0,
+ ru_minflt: 0, ru_majflt: 0, ru_nswap: 0,
+ ru_inblock: 0, ru_oublock: 0,
+ ru_msgsnd: 0, ru_msgrcv: 0, ru_nsignals: 0,
+ ru_nvcsw: 0, ru_nivcsw: 0,
+ });
Ok(())
}
@@ -913,23 +903,7 @@ impl Pal for Sys {
Ok(())
}
- unsafe fn msync(addr: *mut c_void, len: usize, flags: c_int) -> Result<()> {
- todo_skip!(
- 0,
- "msync({:p}, 0x{:x}, 0x{:x}): not implemented",
- addr,
- len,
- flags
- );
- Err(Errno(ENOSYS))
- /* TODO
- syscall::msync(
- addr as usize,
- round_up_to_page_size(len),
- flags
- )?;
- */
- }
+ unsafe fn msync(_addr: *mut c_void, _len: usize, _flags: c_int) -> Result<()> { Ok(()) }
unsafe fn munlock(addr: *const c_void, len: usize) -> Result<()> {
// Redox never swaps
@@ -953,16 +927,7 @@ impl Pal for Sys {
Ok(())
}
- unsafe fn madvise(addr: *mut c_void, len: usize, flags: c_int) -> Result<()> {
- todo_skip!(
- 0,
- "madvise({:p}, 0x{:x}, 0x{:x}): not implemented",
- addr,
- len,
- flags
- );
- Err(Errno(ENOSYS))
- }
+ unsafe fn madvise(_addr: *mut c_void, _len: usize, _flags: c_int) -> Result<()> { Ok(()) }
unsafe fn nanosleep(rqtp: *const timespec, rmtp: *mut timespec) -> Result<()> {
let redox_rqtp = unsafe { redox_timespec::from(&*rqtp) };
@@ -1220,9 +1185,19 @@ impl Pal for Sys {
}
unsafe fn setgroups(size: size_t, list: *const gid_t) -> Result<()> {
- // TODO
- todo_skip!(0, "setgroups({}, {:p}): not implemented", size, list);
- Err(Errno(ENOSYS))
+ if size as usize > crate::header::limits::NGROUPS_MAX {
+ return Err(Errno(EINVAL));
+ }
+ if size > 0 && list.is_null() {
+ return Err(Errno(EFAULT));
+ }
+ let groups: &[u32] = if size == 0 {
+ &[]
+ } else {
+ core::slice::from_raw_parts(list as *const u32, size as usize)
+ };
+ redox_rt::sys::posix_setgroups(groups)?;
+ Ok(())
}
fn setpgid(pid: pid_t, pgid: pid_t) -> Result<()> {
Reference in New Issue View Git Blame Copy Permalink