diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/rustix/src/backend/linux_raw/mount/syscalls.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/rustix/src/backend/linux_raw/mount/syscalls.rs')
| -rw-r--r-- | vendor/rustix/src/backend/linux_raw/mount/syscalls.rs | 237 |
1 files changed, 0 insertions, 237 deletions
diff --git a/vendor/rustix/src/backend/linux_raw/mount/syscalls.rs b/vendor/rustix/src/backend/linux_raw/mount/syscalls.rs deleted file mode 100644 index 6fc69240..00000000 --- a/vendor/rustix/src/backend/linux_raw/mount/syscalls.rs +++ /dev/null @@ -1,237 +0,0 @@ -//! linux_raw syscalls supporting `rustix::mount`. -//! -//! # Safety -//! -//! See the `rustix::backend` module documentation for details. -#![allow(unsafe_code)] -#![allow(clippy::undocumented_unsafe_blocks)] - -use crate::backend::conv::{ret, ret_owned_fd, slice, zero}; -use crate::fd::{BorrowedFd, OwnedFd}; -use crate::ffi::CStr; -use crate::io; - -#[inline] -pub(crate) fn mount( - source: Option<&CStr>, - target: &CStr, - file_system_type: Option<&CStr>, - flags: super::types::MountFlagsArg, - data: Option<&CStr>, -) -> io::Result<()> { - unsafe { - ret(syscall_readonly!( - __NR_mount, - source, - target, - file_system_type, - flags, - data - )) - } -} - -#[inline] -pub(crate) fn unmount(target: &CStr, flags: super::types::UnmountFlags) -> io::Result<()> { - unsafe { ret(syscall_readonly!(__NR_umount2, target, flags)) } -} - -#[inline] -pub(crate) fn fsopen(fs_name: &CStr, flags: super::types::FsOpenFlags) -> io::Result<OwnedFd> { - unsafe { ret_owned_fd(syscall_readonly!(__NR_fsopen, fs_name, flags)) } -} - -#[inline] -pub(crate) fn fsmount( - fs_fd: BorrowedFd<'_>, - flags: super::types::FsMountFlags, - attr_flags: super::types::MountAttrFlags, -) -> io::Result<OwnedFd> { - unsafe { ret_owned_fd(syscall_readonly!(__NR_fsmount, fs_fd, flags, attr_flags)) } -} - -#[inline] -pub(crate) fn move_mount( - from_dfd: BorrowedFd<'_>, - from_pathname: &CStr, - to_dfd: BorrowedFd<'_>, - to_pathname: &CStr, - flags: super::types::MoveMountFlags, -) -> io::Result<()> { - unsafe { - ret(syscall_readonly!( - __NR_move_mount, - from_dfd, - from_pathname, - to_dfd, - to_pathname, - flags - )) - } -} - -#[inline] -pub(crate) fn open_tree( - dfd: BorrowedFd<'_>, - filename: &CStr, - flags: super::types::OpenTreeFlags, -) -> io::Result<OwnedFd> { - unsafe { ret_owned_fd(syscall_readonly!(__NR_open_tree, dfd, filename, flags)) } -} - -#[inline] -pub(crate) fn fspick( - dfd: BorrowedFd<'_>, - path: &CStr, - flags: super::types::FsPickFlags, -) -> io::Result<OwnedFd> { - unsafe { ret_owned_fd(syscall_readonly!(__NR_fspick, dfd, path, flags)) } -} - -#[inline] -pub(crate) fn fsconfig_set_flag(fs_fd: BorrowedFd<'_>, key: &CStr) -> io::Result<()> { - unsafe { - ret(syscall_readonly!( - __NR_fsconfig, - fs_fd, - super::types::FsConfigCmd::SetFlag, - key, - zero(), - zero() - )) - } -} - -#[inline] -pub(crate) fn fsconfig_set_string( - fs_fd: BorrowedFd<'_>, - key: &CStr, - value: &CStr, -) -> io::Result<()> { - unsafe { - ret(syscall_readonly!( - __NR_fsconfig, - fs_fd, - super::types::FsConfigCmd::SetString, - key, - value, - zero() - )) - } -} - -#[inline] -pub(crate) fn fsconfig_set_binary( - fs_fd: BorrowedFd<'_>, - key: &CStr, - value: &[u8], -) -> io::Result<()> { - let (value_addr, value_len) = slice(value); - unsafe { - ret(syscall_readonly!( - __NR_fsconfig, - fs_fd, - super::types::FsConfigCmd::SetBinary, - key, - value_addr, - value_len - )) - } -} - -#[inline] -pub(crate) fn fsconfig_set_fd( - fs_fd: BorrowedFd<'_>, - key: &CStr, - fd: BorrowedFd<'_>, -) -> io::Result<()> { - unsafe { - ret(syscall_readonly!( - __NR_fsconfig, - fs_fd, - super::types::FsConfigCmd::SetFd, - key, - zero(), - fd - )) - } -} - -#[inline] -pub(crate) fn fsconfig_set_path( - fs_fd: BorrowedFd<'_>, - key: &CStr, - path: &CStr, - fd: BorrowedFd<'_>, -) -> io::Result<()> { - unsafe { - ret(syscall_readonly!( - __NR_fsconfig, - fs_fd, - super::types::FsConfigCmd::SetPath, - key, - path, - fd - )) - } -} - -#[inline] -pub(crate) fn fsconfig_set_path_empty( - fs_fd: BorrowedFd<'_>, - key: &CStr, - fd: BorrowedFd<'_>, -) -> io::Result<()> { - unsafe { - ret(syscall_readonly!( - __NR_fsconfig, - fs_fd, - super::types::FsConfigCmd::SetPathEmpty, - key, - cstr!(""), - fd - )) - } -} - -#[inline] -pub(crate) fn fsconfig_create(fs_fd: BorrowedFd<'_>) -> io::Result<()> { - unsafe { - ret(syscall_readonly!( - __NR_fsconfig, - fs_fd, - super::types::FsConfigCmd::Create, - zero(), - zero(), - zero() - )) - } -} - -#[inline] -pub(crate) fn fsconfig_reconfigure(fs_fd: BorrowedFd<'_>) -> io::Result<()> { - unsafe { - ret(syscall_readonly!( - __NR_fsconfig, - fs_fd, - super::types::FsConfigCmd::Reconfigure, - zero(), - zero(), - zero() - )) - } -} - -#[inline] -pub(crate) fn fsconfig_create_excl(fs_fd: BorrowedFd<'_>) -> io::Result<()> { - unsafe { - ret(syscall_readonly!( - __NR_fsconfig, - fs_fd, - super::types::FsConfigCmd::CreateExclusive, - zero(), - zero(), - zero() - )) - } -} |