From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/rustix/src/backend/linux_raw/pid/syscalls.rs | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 vendor/rustix/src/backend/linux_raw/pid/syscalls.rs (limited to 'vendor/rustix/src/backend/linux_raw/pid/syscalls.rs') diff --git a/vendor/rustix/src/backend/linux_raw/pid/syscalls.rs b/vendor/rustix/src/backend/linux_raw/pid/syscalls.rs deleted file mode 100644 index 49aaf43e..00000000 --- a/vendor/rustix/src/backend/linux_raw/pid/syscalls.rs +++ /dev/null @@ -1,18 +0,0 @@ -//! linux_raw syscalls for PIDs -//! -//! # Safety -//! -//! See the `rustix::backend` module documentation for details. -#![allow(unsafe_code, clippy::undocumented_unsafe_blocks)] - -use crate::backend::conv::ret_usize_infallible; -use crate::pid::{Pid, RawPid}; - -#[inline] -#[must_use] -pub(crate) fn getpid() -> Pid { - unsafe { - let pid = ret_usize_infallible(syscall_readonly!(__NR_getpid)) as RawPid; - Pid::from_raw_unchecked(pid) - } -} -- cgit v1.2.3