ente-policy-provider, ente-tmpfiles-compat, journald export format

- ente-policy-provider (nuevo): BusServer que se anuncia como POLKIT_DECISION_IFACE provider. Decode blob (pid_be|uid_be|action_id), consulta /etc/ente/policy.json (o defaults), responde [allow|deny]. Reglas con glob simple (foo.* / *.bar / *), require_uid/require_pid, audit flag para logging estructurado. Defaults conservadores: hostname/ timezone/locale set requieren uid 0. - ente-tmpfiles-compat (nuevo): aplica directivas de /usr/lib/tmpfiles.d, /etc/tmpfiles.d, /run/tmpfiles.d (last-wins). Soporta d/D/f/L/r/R/e. Orden: removes → creates → adjusts. lookup_uid resuelve usuarios via getpwnam. EPERM en chown silenciado en dev (esperado sin root). OneShot. - journald export format: ente-journalctl gana --output=export produce systemd journal export format compatible con `journalctl --input-format=export -m`. Fields: __CURSOR/__REALTIME_TIMESTAMP/_HOSTNAME/_TRANSPORT, native KEY=value preservados, syslog text → MESSAGE=. Filter de bytes seguros (ASCII printable + tab) para evitar export multipart binario. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 10:35:13 +00:00
parent 48e41331a1
commit 883c14dade
8 changed files with 667 additions and 8 deletions
@@ -156,6 +156,7 @@ fn synthesize_dev_seed() -> EntityCard {
        ("compat-resolved",  "target/debug/ente-resolved-compat"),
        ("compat-polkit",    "target/debug/ente-polkit-compat"),
        ("compat-machined",  "target/debug/ente-machined-compat"),
+        ("policy-provider",  "target/debug/ente-policy-provider"),
    ] {
        if let Some(card) = optional_native_card(
            label, bin,