bb3ae6e63f
- login.rs: drop privileges via setresugid after authentication - login.rs: add namespace isolation to password auth path (was missing) - login.rs: add drm, input schemes to DEFAULT_SCHEMES - sudo service: rename 00_sudo -> 12_sudo, type daemon (no boot block) - Branded login screen with figlet RedBear OS v0.2.2 'Liliya' - Root user kept but not advertised on login screen - P6-login-privilege-drop.patch generated and wired Implements Phase 1 of Plan 9 namespace privilege model: login creates restricted namespace (mkns/setns) then drops uid/gid to authenticated user before spawning shell.
8 lines
116 B
Desktop File
8 lines
116 B
Desktop File
[unit]
|
|
description = "Sudo privilege escalation daemon"
|
|
|
|
[service]
|
|
cmd = "sudo"
|
|
args = ["--daemon"]
|
|
type = "daemon"
|