Skip to content

feat: implement getgroups and setgroups syscalls #621

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wdcui wants to merge 2 commits into from
Closed

feat: implement getgroups and setgroups syscalls #621

wdcui wants to merge 2 commits into from

Conversation

@wdcui
Copy link
Member

@wdcui wdcui commented Feb 2, 2026

Summary

Add support for getgroups(2) and setgroups(2) syscalls to manage supplementary group IDs.

Changes

  • Add Getgroups and Setgroups variants to SyscallRequest enum
  • Add supplementary_groups field to Credentials struct
  • Change Task.credentials to RefCell<Arc<Credentials>> for interior mutability
  • Implement sys_getgroups() and sys_setgroups() methods
  • Add NGROUPS_MAX (65536) constant for validation
  • Add 6 unit tests for comprehensive coverage

Error handling

  • getgroups: EINVAL for negative size or buffer too small; EFAULT for invalid pointer
  • setgroups: EINVAL for size > NGROUPS_MAX; EFAULT for invalid pointer

Testing

  • Added 6 unit tests:
    • test_getgroups_empty - Verifies empty initial state
    • test_setgroups_and_getgroups - Verifies round-trip set/get
    • test_getgroups_einval_buffer_too_small - Buffer validation
    • test_setgroups_empty - Empty groups handling
    • test_getgroups_negative_size - Negative size validation
    • test_setgroups_too_many - NGROUPS_MAX validation

Related

This addresses P0 syscall support as mentioned in #360.

wdcui added 2 commits February 2, 2026 01:20
@wdcui
feat: implement getgroups and setgroups syscalls
948c220 
Add support for getgroups(2) and setgroups(2) syscalls to manage
supplementary group IDs.

Changes:
- Add Getgroups and Setgroups variants to SyscallRequest enum
- Add supplementary_groups field to Credentials struct
- Change Task.credentials to RefCell<Arc<Credentials>> for mutability
- Implement sys_getgroups() and sys_setgroups() methods
- Add NGROUPS_MAX (65536) constant for validation
- Add 6 unit tests for comprehensive coverage

Error handling:
- getgroups: EINVAL for negative size or buffer too small
- setgroups: EINVAL for size > NGROUPS_MAX
- Both: EFAULT for invalid pointers
@wdcui
fix: add EPERM check and fix setgroups signature per review
e37de95 
Based on code review feedback:
- Add EPERM check for CAP_SETGID (requires euid == 0 since capabilities not implemented)
- Change setgroups size parameter from usize to i32 to match kernel syscall signature
- Add test for negative size in setgroups
- Add documentation about thread-sharing limitation

Security: setgroups now properly requires root privileges to prevent
privilege escalation attacks.
@github-actions
Copy link

github-actions bot commented Feb 2, 2026

🤖 SemverChecks 🤖 ⚠️ Potential breaking API changes detected ⚠️

Click for details 
--- failure enum_no_repr_variant_discriminant_changed: enum variant had its discriminant change value ---

Description:
The enum's variant had its discriminant value change. This breaks downstream code that used its value via a numeric cast like `as isize`.
        ref: https://doc.rust-lang.org/reference/items/enumerations.html#assigning-discriminant-values
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.46.0/src/lints/enum_no_repr_variant_discriminant_changed.ron

Failed in:
  variant SyscallRequest::Sysinfo 82 -> 84 in /home/runner/work/litebox/litebox/litebox_common_linux/src/lib.rs:2232
  variant SyscallRequest::CapGet 83 -> 85 in /home/runner/work/litebox/litebox/litebox_common_linux/src/lib.rs:2235
  variant SyscallRequest::GetDirent64 84 -> 86 in /home/runner/work/litebox/litebox/litebox_common_linux/src/lib.rs:2239
  variant SyscallRequest::SchedGetAffinity 85 -> 87 in /home/runner/work/litebox/litebox/litebox_common_linux/src/lib.rs:2244
  variant SyscallRequest::SchedYield 86 -> 88 in /home/runner/work/litebox/litebox/litebox_common_linux/src/lib.rs:2249
  variant SyscallRequest::Futex 87 -> 89 in /home/runner/work/litebox/litebox/litebox_common_linux/src/lib.rs:2250
  variant SyscallRequest::Execve 88 -> 90 in /home/runner/work/litebox/litebox/litebox_common_linux/src/lib.rs:2253
  variant SyscallRequest::Umask 89 -> 91 in /home/runner/work/litebox/litebox/litebox_common_linux/src/lib.rs:2258
  variant SyscallRequest::Prctl 90 -> 92 in /home/runner/work/litebox/litebox/litebox_common_linux/src/lib.rs:2261
  variant SyscallRequest::Alarm 91 -> 93 in /home/runner/work/litebox/litebox/litebox_common_linux/src/lib.rs:2264
  variant SyscallRequest::SetITimer 92 -> 94 in /home/runner/work/litebox/litebox/litebox_common_linux/src/lib.rs:2267

@wdcui wdcui closed this Feb 2, 2026
@wdcui wdcui deleted the wdcui/getgroups-setgroups branch February 2, 2026 22:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wdcui