diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/stacker/src/alloc_stack_restore_guard.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/stacker/src/alloc_stack_restore_guard.rs')
| -rw-r--r-- | vendor/stacker/src/alloc_stack_restore_guard.rs | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/vendor/stacker/src/alloc_stack_restore_guard.rs b/vendor/stacker/src/alloc_stack_restore_guard.rs deleted file mode 100644 index ef2babb7..00000000 --- a/vendor/stacker/src/alloc_stack_restore_guard.rs +++ /dev/null @@ -1,47 +0,0 @@ -use crate::{get_stack_limit, set_stack_limit}; - -pub struct StackRestoreGuard { - new_stack: *mut u8, - stack_bytes: usize, - old_stack_limit: Option<usize>, -} - -const ALIGNMENT: usize = 16; - -impl StackRestoreGuard { - pub fn new(stack_bytes: usize) -> StackRestoreGuard { - // On these platforms we do not use stack guards. this is very unfortunate, - // but there is not much we can do about it without OS support. - // We simply allocate the requested size from the global allocator with a suitable - // alignment. - let stack_bytes = stack_bytes - .checked_add(ALIGNMENT - 1) - .expect("unreasonably large stack requested") - / ALIGNMENT - * ALIGNMENT; - let layout = std::alloc::Layout::from_size_align(stack_bytes, ALIGNMENT).unwrap(); - let ptr = unsafe { std::alloc::alloc(layout) }; - assert!(!ptr.is_null(), "unable to allocate stack"); - StackRestoreGuard { - new_stack: ptr, - stack_bytes, - old_stack_limit: get_stack_limit(), - } - } - - pub fn stack_area(&self) -> (*mut u8, usize) { - (self.new_stack, self.stack_bytes) - } -} - -impl Drop for StackRestoreGuard { - fn drop(&mut self) { - unsafe { - std::alloc::dealloc( - self.new_stack, - std::alloc::Layout::from_size_align_unchecked(self.stack_bytes, ALIGNMENT), - ); - } - set_stack_limit(self.old_stack_limit); - } -} |