From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/rustix/src/backend/linux_raw/prctl/mod.rs | 1 - .../rustix/src/backend/linux_raw/prctl/syscalls.rs | 21 --------------------- 2 files changed, 22 deletions(-) delete mode 100644 vendor/rustix/src/backend/linux_raw/prctl/mod.rs delete mode 100644 vendor/rustix/src/backend/linux_raw/prctl/syscalls.rs (limited to 'vendor/rustix/src/backend/linux_raw/prctl') diff --git a/vendor/rustix/src/backend/linux_raw/prctl/mod.rs b/vendor/rustix/src/backend/linux_raw/prctl/mod.rs deleted file mode 100644 index ef944f04..00000000 --- a/vendor/rustix/src/backend/linux_raw/prctl/mod.rs +++ /dev/null @@ -1 +0,0 @@ -pub(crate) mod syscalls; diff --git a/vendor/rustix/src/backend/linux_raw/prctl/syscalls.rs b/vendor/rustix/src/backend/linux_raw/prctl/syscalls.rs deleted file mode 100644 index 1410d512..00000000 --- a/vendor/rustix/src/backend/linux_raw/prctl/syscalls.rs +++ /dev/null @@ -1,21 +0,0 @@ -//! linux_raw syscalls supporting modules that use `prctl`. -//! -//! # Safety -//! -//! See the `rustix::backend` module documentation for details. -#![allow(unsafe_code, clippy::undocumented_unsafe_blocks)] - -use crate::backend::c; -use crate::backend::conv::{c_int, ret_c_int}; -use crate::io; - -#[inline] -pub(crate) unsafe fn prctl( - option: c::c_int, - arg2: *mut c::c_void, - arg3: *mut c::c_void, - arg4: *mut c::c_void, - arg5: *mut c::c_void, -) -> io::Result { - ret_c_int(syscall!(__NR_prctl, c_int(option), arg2, arg3, arg4, arg5)) -} -- cgit v1.2.3