mirrors
/
sway
mirror of https://github.com/swaywm/sway.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1117 from jnsaff/master 

Allow also 444 for security file mode
This commit is contained in:
Drew DeVault 2017-03-16 14:06:03 -04:00 committed by GitHub
parent 109f384771 8306b886e9
commit ec50b92bb4
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sway/config.c
View File

@ -547,8 +547,8 @@ bool load_main_config(const char *file, bool is_active) {
list_qsort(secconfigs, qstrcmp); list_qsort(secconfigs, qstrcmp);
for (int i = 0; i < secconfigs->length; ++i) { for (int i = 0; i < secconfigs->length; ++i) {
char *_path = secconfigs->items[i]; char *_path = secconfigs->items[i];
if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 || (s.st_mode & 0777) != 0644) { if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 || (((s.st_mode & 0777) != 0644) && (s.st_mode & 0777) != 0444)) {
sway_log(L_ERROR, "Refusing to load %s - it must be owned by root and mode 644", _path); sway_log(L_ERROR, "Refusing to load %s - it must be owned by root and mode 644 or 444", _path);
success = false; success = false;
} else { } else {
success = success && load_config(_path, config); success = success && load_config(_path, config);

2
sway/sway-security.7.txt
View File

@ -21,7 +21,7 @@ you must make a few changes external to sway first.
Configuration of security features is limited to files in the security directory Configuration of security features is limited to files in the security directory
(this is likely /etc/sway/security.d/*, but depends on your installation prefix). (this is likely /etc/sway/security.d/*, but depends on your installation prefix).
Files in this directory must be owned by root:root and chmod 644. The default Files in this directory must be owned by root:root and chmod 644 or 444. The default
security configuration is installed to /etc/sway/security.d/00-defaults, and security configuration is installed to /etc/sway/security.d/00-defaults, and
should not be modified - it will be updated with the latest recommended security should not be modified - it will be updated with the latest recommended security
defaults between releases. To override the defaults, you should add more files to defaults between releases. To override the defaults, you should add more files to