Commit graph

209 commits

Author SHA1 Message Date
emersion
9dae68eba5
Make it clear that being able to restore root is a failure 2018-11-01 18:49:42 +01:00
Ryan Dwyer
ebeb759873 Abort if proprietary drivers are in use
The idea here is we don't want users to be blissfully unaware that they
are running unsupported drivers. So we abort on startup, and force the
user to add a specific argument to bypass the check.
2018-10-21 00:01:09 +10:00
Drew DeVault
71aaa7e130 Remove unnecessary comment 2018-10-13 20:51:29 -04:00
Arkadiusz Hiler
eed0bc3ebd Add support for installing binaries with DT_RPATH
It's better to use DT_RPATH dynamic section of the elf binary to store
the paths of libraries to load instead of overwriting LD_LIBRARY_PATH
for the whole environment, causing surprises. This solution is much more
transparent and perfectly suitable for running contained installations
of wayland/wlroots/sway.

The code unsetting the LD_LIBRARY_PATH/LD_PRELOAD was also deleted as
it's a placebo security at best - we should trust the execution path
that leads us to running sway, and it's way too late to care about those
variables since we already started executing our compositor, thus we
would be compromised anyway.
2018-09-30 15:37:01 +03:00
Arkadiusz Hiler
1e70f7b19e Turn funcs() into funcs(void)
If they really do not take undefined number of arguments.
2018-09-30 14:09:05 +03:00
Arkadiusz Hiler
00dfb76832 Remove libcap/prctl artifacts
They seem like relics of the pasts, from when we were retaining the
ptrace cap.

Some translations still may need updates.
2018-09-30 13:39:26 +03:00
Ryan Dwyer
cb66bbea42 Allow running commands on containers without focusing them
This adds a `con` argument to `execute_command` which allows you to
specify the container to execute the command on. In most cases it leaves
it as `NULL` which makes it use the focused node. We only set it when
executing `for_window` criteria such as when a view maps. This means we
don't send unnecessary IPC focus events, and fixes a crash when the
criteria command is `move scratchpad` (because we can't give focus to a
hidden scratchpad container).

Each of the shell map handlers now check to see if the view has a
workspace. It won't have a workspace if criteria has moved it to the
scratchpad.
2018-09-23 08:39:11 +10:00
emersion
82f1393cbb swaybar: handle hotplugging
Don't kill and respawn swaybars on hotplug.
2018-09-20 18:37:51 +02:00
Ryan Dwyer
7586f150c0 Implement type safe arguments and demote sway_container
This commit changes the meaning of sway_container so that it only refers
to layout containers and view containers. Workspaces, outputs and the
root are no longer known as containers. Instead, root, outputs,
workspaces and containers are all a type of node, and containers come in
two types: layout containers and view containers.

In addition to the above, this implements type safe variables. This
means we use specific types such as sway_output and sway_workspace
instead of generic containers or nodes. However, it's worth noting that
in a few places places (eg. seat focus and transactions) referring to
them in a generic way is unavoidable which is why we still use nodes in
some places.

If you want a TL;DR, look at node.h, as well as the struct definitions
for root, output, workspace and container. Note that sway_output now
contains a workspaces list, and workspaces now contain a tiling and
floating list, and containers now contain a pointer back to the
workspace.

There are now functions for seat_get_focused_workspace and
seat_get_focused_container. The latter will return NULL if a workspace
itself is focused. Most other seat functions like seat_get_focus and
seat_set_focus now accept and return nodes.

In the config->handler_context struct, current_container has been
replaced with three pointers: node, container and workspace. node is the
same as what current_container was, while workspace is the workspace
that the node resides on and container is the actual container, which
may be NULL if a workspace itself is focused.

The global root_container variable has been replaced with one simply
called root, which is a pointer to the sway_root instance.

The way outputs are created, enabled, disabled and destroyed has
changed. Previously we'd wrap the sway_output in a container when it is
enabled, but as we don't have containers any more it needs a different
approach. The output_create and output_destroy functions previously
created/destroyed the container, but now they create/destroy the
sway_output. There is a new function output_disable to disable an output
without destroying it.

Containers have a new view property. If this is populated then the
container is a view container, otherwise it's a layout container. Like
before, this property is immutable for the life of the container.

Containers have both a `sway_container *parent` and
`sway_workspace *workspace`. As we use specific types now, parent cannot
point to a workspace so it'll be NULL for containers which are direct
children of the workspace. The workspace property is set for all
containers, except those which are hidden in the scratchpad as they have
no workspace.

In some cases we need to refer to workspaces in a container-like way.
For example, workspaces have layout and children, but when using
specific types this makes it difficult. Likewise, it's difficult for a
container to get its parent's layout when the parent could be another
container or a workspace. To make it easier, some helper functions have
been created: container_parent_layout and container_get_siblings.

container_remove_child has been renamed to container_detach and
container_replace_child has been renamed to container_replace.

`container_handle_fullscreen_reparent(con, old_parent)` has had the
old_parent removed. We now unfullscreen the workspace when detaching the
container, so this function is simplified and only needs one argument
now.

container_notify_subtree_changed has been renamed to
container_update_representation. This is more descriptive of its
purpose. I also wanted to be able to call it with whatever container was
changed rather than the container's parent, which makes bubbling up to
the workspace easier.

There are now state structs per node thing. ie. sway_output_state,
sway_workspace_state and sway_container_state.

The focus, move and layout commands have been completely refactored to
work with the specific types. I considered making these a separate PR,
but I'd be backporting my changes only to replace them again, and it's
easier just to test everything at once.
2018-09-05 18:01:43 +10:00
sghctoma
67188b7cba Enable privilege dropping of FreeBSD
Privilege dropping works on FreeBSD too, so only the caps parts need to
be Linux-only.
2018-08-30 10:33:48 +02:00
Ryan Dwyer
5dbbab7bdc Remove layout.c
When we have type safety we'll need to have functions for
workspace_add_tiling and so on. This means the existing container
functions will be just for containers, so they are being moved to
container.c. At this point layout.c doesn't contain much else, so I've
relocated everything and removed the file.

* container_swap and its static functions have been moved to the swap
command and made static.
* container_recursive_resize has been moved to the resize command and
made static.
* The following have been moved to container.c:
    * container_handle_fullscreen_reparent
    * container_insert_child
    * container_add_sibling
    * container_add_child
    * container_remove_child
    * container_replace_child
    * container_split
* enum movement_direction and sway_dir_to_wlr have been moved to util.c.

Side note: Several commands included layout.h which then included
root.h. With layout.h gone, root.h has to be included by those commands.
2018-08-26 12:05:16 +10:00
Ryan Dwyer
f9563d88f3 Use enum for damage debug options 2018-08-19 16:17:24 +10:00
Ryan Dwyer
8d1dd03823 Standardise debug variables
This makes all debug options stored in a single struct rather than in
various places, changes/fixes the behaviour of existing options, and
introduces some new options.

* Fixes damage issues with `-Drender-tree` texture (by removing scissor)
* Offsets the render tree overlay's `y` position for those who have
swaybar at the top
* Replaces `-Ddamage=rerender` with `-Dnodamage`
* Replaces `-Ddamage=highlight` with `-Dhighlight-damage`
* Replaces `-Dtxn-debug` with `-Dtxn-wait`
* Introduces `-Dnoatomic`
* Removes the `create_time` and `ms_arranging` figures from transactions
and the log message. Transactions are created after arranging and the
create time is of no significance.
* Fixes `-Dtxn-debug` (now `-Dtxn-wait`) not working.
2018-08-19 16:17:24 +10:00
Drew DeVault
db0fa066e5 Remove obsolete security sanity check 2018-08-09 08:45:32 -04:00
Ryan Dwyer
04489ff420 Separate root-related code
This creates a root.c and moves bits and pieces from elsewhere into it.

* layout_init has been renamed to root_create and moved into root.c
* root_destroy has been created and is called on shutdown
* scratchpad code has been moved into root.c, because hidden scratchpad
containers are stored in the root struct
2018-08-04 14:01:20 +10:00
Brian Ashworth
a7f7d4a488 Write to swaynag pipe fd directly on config errors 2018-08-03 10:37:35 -04:00
Brian Ashworth
f9a6407111 Show swaynag on config errors 2018-08-03 10:37:35 -04:00
Ian Fan
e8b179e313 ipc: add shutdown event 2018-08-01 16:57:14 +01:00
Brian Ashworth
ec65286606 Fix deferred command handling 2018-07-19 01:39:58 -04:00
Ryan Dwyer
a120d4c79f Make focus part of transactions
Rather than maintain copies of the entire focus stack, this PR
transactionises the focus by introducing two new properties to the
container state and using those when rendering.

* `bool focused` means this container has actual focus. Only one
container should have this equalling true in its current state.
* `struct sway_container *focus_inactive_child` points to the immediate
child that was most recently focused (eg. for tabbed and stacked
containers).
2018-07-15 22:08:26 +10:00
Drew DeVault
b1afcc69fa Add extended debugging flags
We currently have several ways of setting debug flags, including command
line arguments, environment variables, and compile-time macros. This
replaces the lot with command line flags.
2018-07-14 20:44:32 -04:00
emersion
63b4bf5000
Update for swaywm/wlroots#1126 2018-07-09 22:54:30 +01:00
Dominique Martinet
7ef08ffbe6 pango/cairo: set default font map to NULL to free it 2018-07-05 13:11:06 +09:00
Dominique Martinet
b0918b1058 ipc-server: add display destroy listener and remove ipc_terminate
wl_event_source_remove() is illegal after display has been destroyed,
so just destroy everything when we still can.

==20392==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000001240 at pc 0x00000048e86e bp 0x7ffe4b557e00 sp 0x7ffe4b557df0
READ of size 8 at 0x607000001240 thread T0
    #0 0x48e86d in wl_list_insert ../common/list.c:149
    #1 0x7fdf673d4d7d in wl_event_source_remove src/event-loop.c:487
    #2 0x41b742 in ipc_terminate ../sway/ipc-server.c:94
    #3 0x40b1ad in main ../sway/main.c:440
    #4 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308
    #5 0x409359 in _start (/opt/wayland/bin/sway+0x409359)

0x607000001240 is located 48 bytes inside of 72-byte region [0x607000001210,0x607000001258)
freed by thread T0 here:
    #0 0x7fdf692c4880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
    #1 0x7fdf673d371a in wl_display_destroy src/wayland-server.c:1097

previously allocated by thread T0 here:
    #0 0x7fdf692c4c48 in malloc (/lib64/libasan.so.5+0xeec48)
    #1 0x7fdf673d4d9e in wl_event_loop_create src/event-loop.c:522
    #2 0x40acb2 in main ../sway/main.c:363
    #3 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308
2018-07-04 18:47:11 +09:00
Dominique Martinet
c092f1fe6a startup: move setenv WAYLAND_DISPLAY before config execs
We would previously run all config commands without the environment,
which would appear to work as our socket name is the default one, but
wayland clients would start up in the wrong sway session.

(This explains why 'sometimes' my swayidle processes wouldn't die with
sway, as they weren't listening to the correct socket)
2018-07-04 13:52:26 +09:00
Dominique Martinet
1b7f554474 log_kernel: s/fclose/pclose/ (for popen'd FILE)
With recent glibc the functions are strictly identical, but this might
not be true for all libc implementations

Found through static analysis.
2018-07-02 08:03:41 +09:00
Tobias Blass
a5c091e302 Perform (partial) server initialization before dropping privileges.
Some operations during backend creation (e.g. becoming DRM master)
require CAP_SYS_ADMIN privileges. At this point, sway has dropped them
already, though. This patch splits the privileged part of server_init
into its own function and calls it before dropping its privileges.
This fixes the bug with minimal security implications.
2018-06-19 00:19:57 +02:00
Tobias Blass
d6d292897f Remove suspicious unconditional return
This return effectively disables the log_kernel function
2018-06-05 23:27:35 +02:00
Dominique Martinet
89ae1792b5 sway: run commands without waiting for Xwayland
Xwayland is lazy now, there is no need to wait at all
2018-05-16 16:50:56 +09:00
Drew DeVault
603e0e42c5 Add debug tree view 2018-04-06 11:49:27 -04:00
Tony Crisci
f7a20726fc temporarily add LD_LIBRARY_PATH stuff 2018-03-31 15:37:16 -04:00
Tony Crisci
dc8c9fbeb6 Revert "Merge pull request #1653 from swaywm/revert-1647-refactor-tree"
This reverts commit 472e81f35d, reversing
changes made to 6b7841b11f.
2018-03-29 23:41:33 -04:00
Drew DeVault
d0c7f66e95
Revert "Refactor tree" 2018-03-29 23:29:29 -04:00
Tony Crisci
ed2cedb544 rename layout init 2018-03-29 17:13:37 -04:00
Tony Crisci
874f009866 move tree includes to their own directory 2018-03-29 14:21:42 -04:00
Dominique Martinet
f5b33cb4b6 fix typos in comments/messages; add shutting down message 2018-01-05 00:07:34 +01:00
Calvin Lee
7196f59db0 Consolidate WLR and Sway logging
See #1390
2017-12-31 14:32:28 -07:00
Tony Crisci
9fa70ce426 Merge branch 'wlroots' into feature/input 2017-12-16 07:33:23 -05:00
Tony Crisci
9eecbb5d8a xkb config 2017-12-15 05:22:51 -05:00
Tony Crisci
9333a7eb53 working xcursor 2017-12-09 14:06:00 -05:00
emersion
aaae59026f
Add output config 2017-12-06 12:36:06 +01:00
emersion
90f7f1a0e6
Add minimal config subsystem 2017-12-05 10:40:55 +01:00
Tony Crisci
7152075681 log env after ipc init 2017-12-02 07:49:23 -05:00
Tony Crisci
9696f50eba remove nvidia support claim 2017-11-28 05:40:00 -05:00
Drew DeVault
7753a0ec75 Wire up IPC server 2017-11-22 21:37:07 -05:00
Drew DeVault
db4fb1c85c Add outputs to the tree 2017-11-19 17:04:28 -05:00
Drew DeVault
733993a651 Move everything to sway/old/ 2017-11-18 11:22:02 -05:00
Drew DeVault
7eafcc75f6 Initialize outputs from backend and add to tree 2017-11-11 11:58:43 -05:00
Drew DeVault
7c448b4081 Fire up the wlroots backend and run the event loop 2017-11-11 09:08:50 -05:00
Dan Robertson
88d042ec49
nvidia: Validate the nvidia_drm module options
When the proprietary nvidia driver is used, ensure the modeset option is
set instead of checking /proc/cmdline for nvidia-drm.modeset=1.
2017-10-24 22:35:31 +00:00
azarus
5987f19eb2 Check for Raspberry Pi 2017-08-14 22:29:21 +02:00
johalun
7fef283044 FreeBSD fixes
Increase _POSIX_SOURCE value where needed.
Increase _XOPEN_SOURCE value where needed.
Conditionally link to libcap (only on Linux).
Possibly some trailing whitespace fixes (automatic).
2017-06-06 09:45:50 +02:00
Mykyta Holubakha
93cf21fb9a Terminate when both suid bit and filecaps are set 2017-05-11 19:33:57 +03:00
Mykyta Holubakha
f736198c31 Initialise logging earlier 2017-05-11 19:29:25 +03:00
Sebastian Noack
173b338567 Add -DVERSION flag for release version numbers 2017-04-26 15:56:46 +02:00
Drew DeVault
b3541d9dc5 Implement more thourough nvidia config check 2017-04-12 10:04:44 -04:00
Drew DeVault
b036ad9b54 Downgrade nvidia proprietary driver warning 2017-04-12 10:04:44 -04:00
JerziKaminsky
aa6bd85da1 Add libcap check to CMake
- Moved ``<sys/capability.h>`` include inside `__linux__` guard,
  because all uses are similarly guarded.
- <sys/capability.h> is part of an optional devel package, at least
  in fedora. CMake now explicitly checks that libcap devel files
  are available.
- Added libcap to the list of install packages in .travis.yml, to
  make the dependency explicit. travis-ci installs the package by
  default, which is why this hasn't surfaced previously.
2017-04-07 03:14:16 +03:00
Drew DeVault
9aed9d9359 UnGNUify the codebase 2017-03-10 23:41:24 -05:00
Drew DeVault
407ebe9cd3 Move env logging to earlier than wlc_init 2017-02-23 08:32:11 -05:00
Drew DeVault
126ce571da Read configs from /etc/sway/security.d/* 2017-02-20 07:51:31 -05:00
Mykyta Holubakha
138bcd0cfa Unset LD_LIBRARY_PATH, unless specified 2017-01-16 01:05:05 +02:00
Mykyta Holubakha
d9ba61d7e9 Log capability dropping 2017-01-12 04:35:09 +02:00
Mykyta Holubakha
ea1313d80d Keep CAP_SYS_PTRACE with suid binary 2017-01-12 04:25:27 +02:00
Drew DeVault
1172566d4e Change how security config is loaded 2016-12-17 15:21:57 -05:00
Drew DeVault
4c6c65e70c Handle malloc failures from read_line 2016-12-15 19:01:40 -05:00
Greg V
da26d69cb1 Fix build on FreeBSD
- Make sure CMake always finds absolute paths for Cairo, Pango and GdkPixbuf
- Add forgotten json-c include path to swaymsg/CMakeLists.txt
- Disable -Werror because of assert warnings
- Add correct /proc/pid/file path for FreeBSD
- Use libepoll-shim on FreeBSD
- Only use Linux capabilities on, well, Linux
2016-12-09 19:32:07 +03:00
Drew DeVault
979878d8af Decrement expected_len 2016-12-04 10:55:11 -05:00
Drew DeVault
cdecf3c495 Drop restart command from sanity check
Since we don't actually have one of those
2016-12-04 09:37:24 -05:00
Drew DeVault
8577095db7 Check for CAP_SYS_PTRACE 2016-12-02 18:37:01 -05:00
Drew DeVault
a4e92ad272 Deal with LD_LIBRARY_PATH 2016-12-02 10:23:30 -05:00
Drew DeVault
10c2125040 Unset LD_PRELOAD on startup (before dropping root)
LD_PRELOAD enables keyloggers to easily be made. This solution isn't
perfect - really a secure system wouldn't have LD_PRELOAD at all. It was
a stupid idea in the first place.
2016-12-02 08:47:47 -05:00
Drew DeVault
04fc10feeb Flesh out security_sanity_check 2016-12-02 08:42:26 -05:00
Drew DeVault
dc4b57c868 Shut Clang up 2016-12-01 21:58:38 -05:00
Drew DeVault
5831f7ab68 Write example security config, start on code 2016-12-01 19:27:35 -05:00
Drew DeVault
d3e55f88ec Log LD_LIBRARY_PATH 2016-10-27 11:05:04 -04:00
Drew DeVault
78b65e2317 Remove duplicate redhat-release line 2016-10-27 10:57:18 -04:00
Drew DeVault
7aef6e66ae Log uname -a on startup 2016-10-27 10:50:22 -04:00
Drew DeVault
6ad2186f0e Log contents of distro version files 2016-10-27 10:48:46 -04:00
Drew DeVault
0d6cbcacbe Log important env vars on startup 2016-10-27 10:37:16 -04:00
Patrick Sauter
153620aefe moved ipc_init above config file processing.
This is necessary because commands in the config file (mode for
instance) emit ipc events, and if ipc_init has not been called the
ipc_clients_list is not initialized, and we segfault.  This fixes that
bug.
2016-10-02 17:29:40 -05:00
D.B
5e585f9603 Split setgid and setuid, add privilege check
This commit deals with issue #884. I consulted the following sources:
https://www.securecoding.cert.org/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
and
https://www.securecoding.cert.org/confluence/display/c/POS37-C.+Ensure+that+privilege+relinquishment+is+successful
2016-09-20 16:25:32 +02:00
Drew DeVault
416417a54c Reorganize includes 2016-09-01 08:18:37 -04:00
Daniel Lockyer
c9d634414a sway/main.c: simplify free'ing by switching to the helper method 2016-05-05 23:30:28 +01:00
Drew DeVault
54c635ca16 Update to wlc 0.0.2 2016-04-16 10:22:50 -04:00
Mikkel Oscar Lyderik
71a5350b68 Implement include command
The include command (`include <path>`) makes it possible to include sub
config files from the main config file (or from within other sub config
files).

The include command uses the following rules for including config files:

* the `path` can be either a full path or a path that is relative to the
  parent config. Shell expansion is supported, so it's possible to do
  `include ~/.config/sway.d/*`.
* The same config file can only be included once (to prevent include
  cycles). If a config is included multiple times it will just be
  ignored after it has been included once.
* Including a sub config file is the same as inserting the content of
  that file into the parent config, thus rules about overwriting
  bindsyms etc. works the same as for a single config.

Implement #542
2016-03-26 16:37:50 +01:00
Mikkel Oscar Lyderik
938ff29b7b Gracefully exit when config is not found
This makes sure that sway will gracefully exit if the config is not
found or sway is unable to read it.
2016-03-24 22:20:25 +01:00
Drew DeVault
06107bb44e Make the nvidia warning louder 2016-03-24 16:48:53 -04:00
Drew DeVault
fd061d4dc4 Don't set WLC_DIM on startup 2016-03-24 14:09:18 -04:00
Drew DeVault
5c85c018b4 Update to new WLC API 2016-03-24 14:08:53 -04:00
Mikkel Oscar Lyderik
67bbcceba1 Free config before exiting sway.
Apart from freeing the sway_config struct, this also terminates the
swaybars spawned by sway, since they are linked by PID to the bar config
structs.
2016-02-27 22:13:15 +01:00
Mikkel Oscar Lyderik
5e253fdd9a Correctly exit sway on errors.
Calling `exit` in sway_terminate prevents sway from correctly shutting
down (freeing data, cleanly terminating the ipc server, etc.).

A better way is to exit straight away if the failure occurs before
`wlc_run` and use sway_abort as usual if it occur when wlc is running.
2016-02-26 09:42:21 +01:00
Yacine Hmito
c400ca8f88 Fix for when sway_abort doesn't exit
sway_terminate does an exit in case wlc_terminate doesn't
2016-02-25 23:46:27 +01:00
Yacine Hmito
e239fbbd88 No options when using sway as IPC client
Sway used to attempt sending an IPC command composed of every argument
after the first non-option argument encountered.
Now, raises an error if an option is encountered before the intended command.
Some options such as -h or -v take effect when parsing, so they still
apply.
2016-02-25 23:04:59 +01:00
Yacine Hmito
179192e222 Removed p as a valid CLI option
The get-socketpath long option had an undocumented short alternative
as `p`. It has been removed.
However, the code in the options array is still the 'p' char.
2016-02-25 21:50:24 +01:00
crondog
cd0eaf00da Prevent ipc from crashing sway 2016-01-22 12:29:18 +11:00
Cole Mickens
28081b7689 libinput 2016-01-19 06:51:36 -08:00
Mikkel Oscar Lyderik
2e0ef533f2 Init layout before checking config 2016-01-05 19:16:46 +01:00
Mikkel Oscar Lyderik
16b8c2e915 Handle SIGTERM sent to sway
This makes sway handle and gracefully shut down everything when
receiving a SIGTERM.

Fix #416
2015-12-29 13:03:53 +01:00
Streetwalrus Einstein
774ffbe0d5 Detect proprietary AMD drivers too 2015-12-14 18:13:44 +02:00