mirror of
https://github.com/swaywm/sway.git
synced 2024-11-17 13:42:36 +00:00
Merge pull request #2730 from ivyl/remove_cap_leftovers
Remove libcap/prctl artifacts
This commit is contained in:
commit
7355959d7f
|
@ -449,8 +449,6 @@ void free_sway_variable(struct sway_variable *var);
|
||||||
*/
|
*/
|
||||||
char *do_var_replacement(char *str);
|
char *do_var_replacement(char *str);
|
||||||
|
|
||||||
struct cmd_results *check_security_config();
|
|
||||||
|
|
||||||
int input_identifier_cmp(const void *item, const void *data);
|
int input_identifier_cmp(const void *item, const void *data);
|
||||||
|
|
||||||
struct input_config *new_input_config(const char* identifier);
|
struct input_config *new_input_config(const char* identifier);
|
||||||
|
@ -471,7 +469,7 @@ struct seat_config *copy_seat_config(struct seat_config *seat);
|
||||||
|
|
||||||
void free_seat_config(struct seat_config *ic);
|
void free_seat_config(struct seat_config *ic);
|
||||||
|
|
||||||
struct seat_attachment_config *seat_attachment_config_new();
|
struct seat_attachment_config *seat_attachment_config_new(void);
|
||||||
|
|
||||||
struct seat_attachment_config *seat_config_get_attachment(
|
struct seat_attachment_config *seat_config_get_attachment(
|
||||||
struct seat_config *seat_config, char *identifier);
|
struct seat_config *seat_config, char *identifier);
|
||||||
|
|
|
@ -17,6 +17,6 @@ struct sway_debug {
|
||||||
|
|
||||||
extern struct sway_debug debug;
|
extern struct sway_debug debug;
|
||||||
|
|
||||||
void update_debug_tree();
|
void update_debug_tree(void);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
#include "sway/tree/container.h"
|
#include "sway/tree/container.h"
|
||||||
#include "sway/input/input-manager.h"
|
#include "sway/input/input-manager.h"
|
||||||
|
|
||||||
json_object *ipc_json_get_version();
|
json_object *ipc_json_get_version(void);
|
||||||
|
|
||||||
json_object *ipc_json_describe_disabled_output(struct sway_output *o);
|
json_object *ipc_json_describe_disabled_output(struct sway_output *o);
|
||||||
json_object *ipc_json_describe_node(struct sway_node *node);
|
json_object *ipc_json_describe_node(struct sway_node *node);
|
||||||
|
|
|
@ -50,7 +50,7 @@ struct swaybar_config {
|
||||||
} colors;
|
} colors;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct swaybar_config *init_config();
|
struct swaybar_config *init_config(void);
|
||||||
void free_config(struct swaybar_config *config);
|
void free_config(struct swaybar_config *config);
|
||||||
uint32_t parse_position(const char *position);
|
uint32_t parse_position(const char *position);
|
||||||
|
|
||||||
|
|
|
@ -1,18 +0,0 @@
|
||||||
#ifndef _SWAYBAR_DBUS_H
|
|
||||||
#define _SWAYBAR_DBUS_H
|
|
||||||
|
|
||||||
#include <stdbool.h>
|
|
||||||
#include <dbus/dbus.h>
|
|
||||||
extern DBusConnection *conn;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Should be called in main loop to dispatch events
|
|
||||||
*/
|
|
||||||
void dispatch_dbus();
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Initializes async dbus communication
|
|
||||||
*/
|
|
||||||
int dbus_init();
|
|
||||||
|
|
||||||
#endif /* _SWAYBAR_DBUS_H */
|
|
|
@ -1,10 +0,0 @@
|
||||||
#ifndef _SWAYBAR_SNI_WATCHER_H
|
|
||||||
#define _SWAYBAR_SNI_WATCHER_H
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Starts the sni_watcher, the watcher is practically a black box and should
|
|
||||||
* only be accessed though functions described in its spec
|
|
||||||
*/
|
|
||||||
int init_sni_watcher();
|
|
||||||
|
|
||||||
#endif /* _SWAYBAR_SNI_WATCHER_H */
|
|
|
@ -1,32 +0,0 @@
|
||||||
#ifndef _SWAYBAR_TRAY_H
|
|
||||||
#define _SWAYBAR_TRAY_H
|
|
||||||
|
|
||||||
#include <stdint.h>
|
|
||||||
#include <stdbool.h>
|
|
||||||
#include "swaybar/tray/dbus.h"
|
|
||||||
#include "swaybar/tray/sni.h"
|
|
||||||
#include "swaybar/bar.h"
|
|
||||||
#include "list.h"
|
|
||||||
|
|
||||||
extern struct tray *tray;
|
|
||||||
|
|
||||||
struct tray {
|
|
||||||
list_t *items;
|
|
||||||
};
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Processes a mouse event on the bar
|
|
||||||
*/
|
|
||||||
void tray_mouse_event(struct output *output, int x, int y,
|
|
||||||
uint32_t button, uint32_t state);
|
|
||||||
|
|
||||||
uint32_t tray_render(struct output *output, struct config *config);
|
|
||||||
|
|
||||||
void tray_upkeep(struct bar *bar);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Initializes the tray with D-Bus
|
|
||||||
*/
|
|
||||||
void init_tray(struct bar *bar);
|
|
||||||
|
|
||||||
#endif /* _SWAYBAR_TRAY_H */
|
|
|
@ -42,7 +42,6 @@ pango = dependency('pango')
|
||||||
pangocairo = dependency('pangocairo')
|
pangocairo = dependency('pangocairo')
|
||||||
gdk_pixbuf = dependency('gdk-pixbuf-2.0', required: false)
|
gdk_pixbuf = dependency('gdk-pixbuf-2.0', required: false)
|
||||||
pixman = dependency('pixman-1')
|
pixman = dependency('pixman-1')
|
||||||
libcap = dependency('libcap', required: false)
|
|
||||||
libinput = dependency('libinput', version: '>=1.6.0')
|
libinput = dependency('libinput', version: '>=1.6.0')
|
||||||
libpam = cc.find_library('pam', required: false)
|
libpam = cc.find_library('pam', required: false)
|
||||||
systemd = dependency('libsystemd', required: false)
|
systemd = dependency('libsystemd', required: false)
|
||||||
|
|
|
@ -30,7 +30,7 @@ struct seat_config *new_seat_config(const char* name) {
|
||||||
return seat;
|
return seat;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct seat_attachment_config *seat_attachment_config_new() {
|
struct seat_attachment_config *seat_attachment_config_new(void) {
|
||||||
struct seat_attachment_config *attachment =
|
struct seat_attachment_config *attachment =
|
||||||
calloc(1, sizeof(struct seat_attachment_config));
|
calloc(1, sizeof(struct seat_attachment_config));
|
||||||
if (!attachment) {
|
if (!attachment) {
|
||||||
|
|
|
@ -120,7 +120,7 @@ static int draw_node(cairo_t *cairo, struct sway_node *node,
|
||||||
return height;
|
return height;
|
||||||
}
|
}
|
||||||
|
|
||||||
void update_debug_tree() {
|
void update_debug_tree(void) {
|
||||||
if (!debug.render_tree) {
|
if (!debug.render_tree) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
// when dragging to the edge of a layout container.
|
// when dragging to the edge of a layout container.
|
||||||
#define DROP_LAYOUT_BORDER 30
|
#define DROP_LAYOUT_BORDER 30
|
||||||
|
|
||||||
static uint32_t get_current_time_msec() {
|
static uint32_t get_current_time_msec(void) {
|
||||||
struct timespec now;
|
struct timespec now;
|
||||||
clock_gettime(CLOCK_MONOTONIC, &now);
|
clock_gettime(CLOCK_MONOTONIC, &now);
|
||||||
return now.tv_nsec / 1000;
|
return now.tv_nsec / 1000;
|
||||||
|
|
|
@ -42,7 +42,7 @@ static const char *ipc_json_orientation_description(enum sway_container_layout l
|
||||||
return "none";
|
return "none";
|
||||||
}
|
}
|
||||||
|
|
||||||
json_object *ipc_json_get_version() {
|
json_object *ipc_json_get_version(void) {
|
||||||
int major = 0, minor = 0, patch = 0;
|
int major = 0, minor = 0, patch = 0;
|
||||||
json_object *version = json_object_new_object();
|
json_object *version = json_object_new_object();
|
||||||
|
|
||||||
|
|
73
sway/main.c
73
sway/main.c
|
@ -12,10 +12,6 @@
|
||||||
#include <sys/wait.h>
|
#include <sys/wait.h>
|
||||||
#include <sys/un.h>
|
#include <sys/un.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#ifdef __linux__
|
|
||||||
#include <sys/capability.h>
|
|
||||||
#include <sys/prctl.h>
|
|
||||||
#endif
|
|
||||||
#include <wlr/util/log.h>
|
#include <wlr/util/log.h>
|
||||||
#include "sway/commands.h"
|
#include "sway/commands.h"
|
||||||
#include "sway/config.h"
|
#include "sway/config.h"
|
||||||
|
@ -45,7 +41,7 @@ void sig_handler(int signal) {
|
||||||
sway_terminate(EXIT_SUCCESS);
|
sway_terminate(EXIT_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
void detect_raspi() {
|
void detect_raspi(void) {
|
||||||
bool raspi = false;
|
bool raspi = false;
|
||||||
FILE *f = fopen("/sys/firmware/devicetree/base/model", "r");
|
FILE *f = fopen("/sys/firmware/devicetree/base/model", "r");
|
||||||
if (!f) {
|
if (!f) {
|
||||||
|
@ -85,7 +81,7 @@ void detect_raspi() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void detect_proprietary() {
|
void detect_proprietary(void) {
|
||||||
FILE *f = fopen("/proc/modules", "r");
|
FILE *f = fopen("/proc/modules", "r");
|
||||||
if (!f) {
|
if (!f) {
|
||||||
return;
|
return;
|
||||||
|
@ -120,7 +116,7 @@ void run_as_ipc_client(char *command, char *socket_path) {
|
||||||
close(socketfd);
|
close(socketfd);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void log_env() {
|
static void log_env(void) {
|
||||||
const char *log_vars[] = {
|
const char *log_vars[] = {
|
||||||
"PATH",
|
"PATH",
|
||||||
"LD_LIBRARY_PATH",
|
"LD_LIBRARY_PATH",
|
||||||
|
@ -135,7 +131,7 @@ static void log_env() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void log_distro() {
|
static void log_distro(void) {
|
||||||
const char *paths[] = {
|
const char *paths[] = {
|
||||||
"/etc/lsb-release",
|
"/etc/lsb-release",
|
||||||
"/etc/os-release",
|
"/etc/os-release",
|
||||||
|
@ -162,7 +158,7 @@ static void log_distro() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void log_kernel() {
|
static void log_kernel(void) {
|
||||||
FILE *f = popen("uname -a", "r");
|
FILE *f = popen("uname -a", "r");
|
||||||
if (!f) {
|
if (!f) {
|
||||||
wlr_log(WLR_INFO, "Unable to determine kernel version");
|
wlr_log(WLR_INFO, "Unable to determine kernel version");
|
||||||
|
@ -181,28 +177,8 @@ static void log_kernel() {
|
||||||
pclose(f);
|
pclose(f);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void executable_sanity_check() {
|
|
||||||
#ifdef __linux__
|
|
||||||
struct stat sb;
|
|
||||||
char *exe = realpath("/proc/self/exe", NULL);
|
|
||||||
stat(exe, &sb);
|
|
||||||
// We assume that cap_get_file returning NULL implies ENODATA
|
|
||||||
if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) {
|
|
||||||
wlr_log(WLR_ERROR,
|
|
||||||
"sway executable has both the s(g)uid bit AND file caps set.");
|
|
||||||
wlr_log(WLR_ERROR,
|
|
||||||
"This is strongly discouraged (and completely broken).");
|
|
||||||
wlr_log(WLR_ERROR,
|
|
||||||
"Please clear one of them (either the suid bit, or the file caps).");
|
|
||||||
wlr_log(WLR_ERROR,
|
|
||||||
"If unsure, strip the file caps.");
|
|
||||||
exit(EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
free(exe);
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
static void drop_permissions(bool keep_caps) {
|
static void drop_permissions(void) {
|
||||||
if (getuid() != geteuid() || getgid() != getegid()) {
|
if (getuid() != geteuid() || getgid() != getegid()) {
|
||||||
if (setgid(getgid()) != 0) {
|
if (setgid(getgid()) != 0) {
|
||||||
wlr_log(WLR_ERROR, "Unable to drop root");
|
wlr_log(WLR_ERROR, "Unable to drop root");
|
||||||
|
@ -217,20 +193,6 @@ static void drop_permissions(bool keep_caps) {
|
||||||
wlr_log(WLR_ERROR, "Root privileges can be restored.");
|
wlr_log(WLR_ERROR, "Root privileges can be restored.");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
#ifdef __linux__
|
|
||||||
if (keep_caps) {
|
|
||||||
// Drop every cap except CAP_SYS_PTRACE
|
|
||||||
cap_t caps = cap_init();
|
|
||||||
cap_value_t keep = CAP_SYS_PTRACE;
|
|
||||||
wlr_log(WLR_INFO, "Dropping extra capabilities");
|
|
||||||
if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) ||
|
|
||||||
cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) ||
|
|
||||||
cap_set_proc(caps)) {
|
|
||||||
wlr_log(WLR_ERROR, "Failed to drop extra capabilities");
|
|
||||||
exit(EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void enable_debug_flag(const char *flag) {
|
void enable_debug_flag(const char *flag) {
|
||||||
|
@ -347,7 +309,7 @@ int main(int argc, char **argv) {
|
||||||
wlr_log(WLR_ERROR, "Don't use options with the IPC client");
|
wlr_log(WLR_ERROR, "Don't use options with the IPC client");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
drop_permissions(false);
|
drop_permissions();
|
||||||
char *socket_path = getenv("SWAYSOCK");
|
char *socket_path = getenv("SWAYSOCK");
|
||||||
if (!socket_path) {
|
if (!socket_path) {
|
||||||
wlr_log(WLR_ERROR, "Unable to retrieve socket path");
|
wlr_log(WLR_ERROR, "Unable to retrieve socket path");
|
||||||
|
@ -358,34 +320,17 @@ int main(int argc, char **argv) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
executable_sanity_check();
|
|
||||||
bool suid = false;
|
|
||||||
|
|
||||||
if (!server_privileged_prepare(&server)) {
|
if (!server_privileged_prepare(&server)) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(__linux__) || defined(__FreeBSD__)
|
|
||||||
if (getuid() != geteuid() || getgid() != getegid()) {
|
|
||||||
#ifdef __linux__
|
|
||||||
// Retain capabilities after setuid()
|
|
||||||
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
|
|
||||||
wlr_log(WLR_ERROR, "Cannot keep caps after setuid()");
|
|
||||||
exit(EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
suid = true;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
log_kernel();
|
log_kernel();
|
||||||
log_distro();
|
log_distro();
|
||||||
detect_proprietary();
|
detect_proprietary();
|
||||||
detect_raspi();
|
detect_raspi();
|
||||||
|
|
||||||
#if defined(__linux__) || defined(__FreeBSD__)
|
drop_permissions();
|
||||||
drop_permissions(suid);
|
|
||||||
#endif
|
|
||||||
// handle SIGTERM signals
|
// handle SIGTERM signals
|
||||||
signal(SIGTERM, sig_handler);
|
signal(SIGTERM, sig_handler);
|
||||||
|
|
||||||
|
|
|
@ -164,7 +164,6 @@ sway_deps = [
|
||||||
cairo,
|
cairo,
|
||||||
gdk_pixbuf,
|
gdk_pixbuf,
|
||||||
jsonc,
|
jsonc,
|
||||||
libcap,
|
|
||||||
libinput,
|
libinput,
|
||||||
math,
|
math,
|
||||||
pango,
|
pango,
|
||||||
|
|
|
@ -593,7 +593,7 @@ void container_update_representation(struct sway_container *con) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t container_titlebar_height() {
|
size_t container_titlebar_height(void) {
|
||||||
return config->font_height + TITLEBAR_V_PADDING * 2;
|
return config->font_height + TITLEBAR_V_PADDING * 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@ uint32_t parse_position(const char *position) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
struct swaybar_config *init_config() {
|
struct swaybar_config *init_config(void) {
|
||||||
struct swaybar_config *config = calloc(1, sizeof(struct swaybar_config));
|
struct swaybar_config *config = calloc(1, sizeof(struct swaybar_config));
|
||||||
config->status_command = NULL;
|
config->status_command = NULL;
|
||||||
config->pango_markup = false;
|
config->pango_markup = false;
|
||||||
|
|
|
@ -92,7 +92,7 @@ static int release_lock(void *data) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void acquire_sleep_lock() {
|
void acquire_sleep_lock(void) {
|
||||||
sd_bus_message *msg = NULL;
|
sd_bus_message *msg = NULL;
|
||||||
sd_bus_error error = SD_BUS_ERROR_NULL;
|
sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||||
struct sd_bus *bus;
|
struct sd_bus *bus;
|
||||||
|
@ -161,7 +161,7 @@ static int dbus_event(int fd, uint32_t mask, void *data) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void setup_sleep_listener() {
|
void setup_sleep_listener(void) {
|
||||||
struct sd_bus *bus;
|
struct sd_bus *bus;
|
||||||
|
|
||||||
int ret = sd_bus_default_system(&bus);
|
int ret = sd_bus_default_system(&bus);
|
||||||
|
|
|
@ -32,7 +32,7 @@ void sway_terminate(int exit_code) {
|
||||||
exit(exit_code);
|
exit(exit_code);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void daemonize() {
|
static void daemonize(void) {
|
||||||
int fds[2];
|
int fds[2];
|
||||||
if (pipe(fds) != 0) {
|
if (pipe(fds) != 0) {
|
||||||
wlr_log(WLR_ERROR, "Failed to pipe");
|
wlr_log(WLR_ERROR, "Failed to pipe");
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
#include "wlr-layer-shell-unstable-v1-client-protocol.h"
|
#include "wlr-layer-shell-unstable-v1-client-protocol.h"
|
||||||
|
|
||||||
static char *read_from_stdin() {
|
static char *read_from_stdin(void) {
|
||||||
char *buffer = NULL;
|
char *buffer = NULL;
|
||||||
while (!feof(stdin)) {
|
while (!feof(stdin)) {
|
||||||
char *line = read_line(stdin);
|
char *line = read_line(stdin);
|
||||||
|
|
Loading…
Reference in a new issue