lib: Add per-user packet pools

The IRMd will now check the user UID and GID for privileged access, avoiding unprivileged users being able to disrupt all IPC (e.g. by shm_open the single pool and corrupting its metadata). Non-privileged users are now limited to a PUP (per-user pool) for sending/receiving packets. It is still created by the IRMd, but owned by the user (uid) with 600 permissions. It does not add additional copies for local IPC between their own processes (i.e. over the local IPCP), but packets between processes owned by a different user or destined over the network (other IPCPs) will incur a copy when crossing the PUP / PUP or the PUP / GSPP boundary. Privileged users and users in the ouroboros group still have direct access to the GSPP (globally shared private pool) for packet transfer that will avoid additional copies when processing packets between processes owned by different users and to the network. This aligns the security model with UNIX trust domains defined by UID and GID by leveraging file permission on the pools in shared memory. ┌─────────────────────────────────────────────────────────────┐ │ Source Pool │ Dest Pool │ Operation │ Copies │ ├─────────────────────────────────────────────────────────────┤ │ GSPP │ GSPP │ Zero-copy │ 0 │ │ PUP.uid │ PUP.uid │ Zero-copy │ 0 │ │ PUP.uid1 │ PUP.uid2 │ memcpy() │ 1 │ │ PUP.uid │ GSPP │ memcpy() │ 1 │ │ GSPP │ PUP.uid │ memcpy() │ 1 │ └─────────────────────────────────────────────────────────────┘ This also renames the struct ai ("application instance") in dev.c to struct proc (process). Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
author: Dimitri Staessens <dimitri@ouroboros.rocks> 2026-01-26 22:02:50 +0100
committer: Sander Vrijders <sander@ouroboros.rocks> 2026-02-02 08:15:15 +0100
commit: b1687570df3e080c961cdcc0d59b708cfbdf955e (patch)
tree: caf93583ab36ab2b62b95fcfbea4b63e29857e0d /src/irmd/reg/pool.c
parent: 37e3dbdd8206e4f0f03fab13ff3f38aa932be065 (diff)
download: ouroboros-b1687570df3e080c961cdcc0d59b708cfbdf955e.tar.gz
ouroboros-b1687570df3e080c961cdcc0d59b708cfbdf955e.zip
1 files changed, 101 insertions, 0 deletions
diff --git a/src/irmd/reg/pool.c b/src/irmd/reg/pool.c
new file mode 100644
index 00000000..fd983db8
--- /dev/null
+++ b/src/irmd/reg/pool.c
@@ -0,0 +1,101 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2026
+ *
+ * The IPC Resource Manager - Registry - Per-User Pools
+ *
+ *    Dimitri Staessens <dimitri@ouroboros.rocks>
+ *    Sander Vrijders   <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#define _POSIX_C_SOURCE 200809L
+
+#define OUROBOROS_PREFIX "reg/pool"
+
+#include <ouroboros/logs.h>
+#include <ouroboros/ssm_pool.h>
+
+#include "pool.h"
+
+#include <assert.h>
+#include <stdlib.h>
+
+struct reg_pool * reg_pool_create(uid_t uid,
+                                  gid_t gid)
+{
+        struct reg_pool * pool;
+
+        pool = malloc(sizeof(*pool));
+        if (pool == NULL) {
+                log_err("Failed to malloc pool.");
+                goto fail_malloc;
+        }
+
+        pool->ssm = ssm_pool_create(uid, gid);
+        if (pool->ssm == NULL) {
+                log_err("Failed to create PUP for uid %d.", uid);
+                goto fail_ssm;
+        }
+
+        list_head_init(&pool->next);
+        pool->uid      = uid;
+        pool->gid      = gid;
+        pool->refcount = 1;
+
+        log_dbg("Created PUP for uid %d gid %d.", uid, gid);
+
+        return pool;
+
+ fail_ssm:
+        free(pool);
+ fail_malloc:
+        return NULL;
+}
+
+void reg_pool_destroy(struct reg_pool * pool)
+{
+        assert(pool != NULL);
+        assert(pool->refcount == 0);
+
+        log_dbg("Destroying PUP for uid %d.", pool->uid);
+
+        ssm_pool_destroy(pool->ssm);
+
+        assert(list_is_empty(&pool->next));
+
+        free(pool);
+}
+
+void reg_pool_ref(struct reg_pool * pool)
+{
+        assert(pool != NULL);
+        assert(pool->refcount > 0);
+
+        pool->refcount++;
+
+        log_dbg("PUP uid %d refcount++ -> %zu.", pool->uid, pool->refcount);
+}
+
+int reg_pool_unref(struct reg_pool * pool)
+{
+        assert(pool != NULL);
+        assert(pool->refcount > 0);
+
+        pool->refcount--;
+
+        log_dbg("PUP uid %d refcount-- -> %zu.", pool->uid, pool->refcount);
+
+        return pool->refcount == 0 ? 0 : 1;
+}
author	Dimitri Staessens <dimitri@ouroboros.rocks>	2026-01-26 22:02:50 +0100
committer	Sander Vrijders <sander@ouroboros.rocks>	2026-02-02 08:15:15 +0100
commit	b1687570df3e080c961cdcc0d59b708cfbdf955e (patch)
tree	caf93583ab36ab2b62b95fcfbea4b63e29857e0d /src/irmd/reg/pool.c
parent	37e3dbdd8206e4f0f03fab13ff3f38aa932be065 (diff)
download	ouroboros-b1687570df3e080c961cdcc0d59b708cfbdf955e.tar.gz ouroboros-b1687570df3e080c961cdcc0d59b708cfbdf955e.zip