mirror of
https://github.com/NickHu/sway
synced 2025-01-27 07:58:27 +01:00
Merge pull request #2730 from ivyl/remove_cap_leftovers
Remove libcap/prctl artifacts
This commit is contained in:
commit
7355959d7f
19 changed files with 23 additions and 142 deletions
|
@ -449,8 +449,6 @@ void free_sway_variable(struct sway_variable *var);
|
|||
*/
|
||||
char *do_var_replacement(char *str);
|
||||
|
||||
struct cmd_results *check_security_config();
|
||||
|
||||
int input_identifier_cmp(const void *item, const void *data);
|
||||
|
||||
struct input_config *new_input_config(const char* identifier);
|
||||
|
@ -471,7 +469,7 @@ struct seat_config *copy_seat_config(struct seat_config *seat);
|
|||
|
||||
void free_seat_config(struct seat_config *ic);
|
||||
|
||||
struct seat_attachment_config *seat_attachment_config_new();
|
||||
struct seat_attachment_config *seat_attachment_config_new(void);
|
||||
|
||||
struct seat_attachment_config *seat_config_get_attachment(
|
||||
struct seat_config *seat_config, char *identifier);
|
||||
|
|
|
@ -17,6 +17,6 @@ struct sway_debug {
|
|||
|
||||
extern struct sway_debug debug;
|
||||
|
||||
void update_debug_tree();
|
||||
void update_debug_tree(void);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
#include "sway/tree/container.h"
|
||||
#include "sway/input/input-manager.h"
|
||||
|
||||
json_object *ipc_json_get_version();
|
||||
json_object *ipc_json_get_version(void);
|
||||
|
||||
json_object *ipc_json_describe_disabled_output(struct sway_output *o);
|
||||
json_object *ipc_json_describe_node(struct sway_node *node);
|
||||
|
|
|
@ -50,7 +50,7 @@ struct swaybar_config {
|
|||
} colors;
|
||||
};
|
||||
|
||||
struct swaybar_config *init_config();
|
||||
struct swaybar_config *init_config(void);
|
||||
void free_config(struct swaybar_config *config);
|
||||
uint32_t parse_position(const char *position);
|
||||
|
||||
|
|
|
@ -1,18 +0,0 @@
|
|||
#ifndef _SWAYBAR_DBUS_H
|
||||
#define _SWAYBAR_DBUS_H
|
||||
|
||||
#include <stdbool.h>
|
||||
#include <dbus/dbus.h>
|
||||
extern DBusConnection *conn;
|
||||
|
||||
/**
|
||||
* Should be called in main loop to dispatch events
|
||||
*/
|
||||
void dispatch_dbus();
|
||||
|
||||
/**
|
||||
* Initializes async dbus communication
|
||||
*/
|
||||
int dbus_init();
|
||||
|
||||
#endif /* _SWAYBAR_DBUS_H */
|
|
@ -1,10 +0,0 @@
|
|||
#ifndef _SWAYBAR_SNI_WATCHER_H
|
||||
#define _SWAYBAR_SNI_WATCHER_H
|
||||
|
||||
/**
|
||||
* Starts the sni_watcher, the watcher is practically a black box and should
|
||||
* only be accessed though functions described in its spec
|
||||
*/
|
||||
int init_sni_watcher();
|
||||
|
||||
#endif /* _SWAYBAR_SNI_WATCHER_H */
|
|
@ -1,32 +0,0 @@
|
|||
#ifndef _SWAYBAR_TRAY_H
|
||||
#define _SWAYBAR_TRAY_H
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
#include "swaybar/tray/dbus.h"
|
||||
#include "swaybar/tray/sni.h"
|
||||
#include "swaybar/bar.h"
|
||||
#include "list.h"
|
||||
|
||||
extern struct tray *tray;
|
||||
|
||||
struct tray {
|
||||
list_t *items;
|
||||
};
|
||||
|
||||
/**
|
||||
* Processes a mouse event on the bar
|
||||
*/
|
||||
void tray_mouse_event(struct output *output, int x, int y,
|
||||
uint32_t button, uint32_t state);
|
||||
|
||||
uint32_t tray_render(struct output *output, struct config *config);
|
||||
|
||||
void tray_upkeep(struct bar *bar);
|
||||
|
||||
/**
|
||||
* Initializes the tray with D-Bus
|
||||
*/
|
||||
void init_tray(struct bar *bar);
|
||||
|
||||
#endif /* _SWAYBAR_TRAY_H */
|
|
@ -42,7 +42,6 @@ pango = dependency('pango')
|
|||
pangocairo = dependency('pangocairo')
|
||||
gdk_pixbuf = dependency('gdk-pixbuf-2.0', required: false)
|
||||
pixman = dependency('pixman-1')
|
||||
libcap = dependency('libcap', required: false)
|
||||
libinput = dependency('libinput', version: '>=1.6.0')
|
||||
libpam = cc.find_library('pam', required: false)
|
||||
systemd = dependency('libsystemd', required: false)
|
||||
|
|
|
@ -30,7 +30,7 @@ struct seat_config *new_seat_config(const char* name) {
|
|||
return seat;
|
||||
}
|
||||
|
||||
struct seat_attachment_config *seat_attachment_config_new() {
|
||||
struct seat_attachment_config *seat_attachment_config_new(void) {
|
||||
struct seat_attachment_config *attachment =
|
||||
calloc(1, sizeof(struct seat_attachment_config));
|
||||
if (!attachment) {
|
||||
|
|
|
@ -120,7 +120,7 @@ static int draw_node(cairo_t *cairo, struct sway_node *node,
|
|||
return height;
|
||||
}
|
||||
|
||||
void update_debug_tree() {
|
||||
void update_debug_tree(void) {
|
||||
if (!debug.render_tree) {
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
// when dragging to the edge of a layout container.
|
||||
#define DROP_LAYOUT_BORDER 30
|
||||
|
||||
static uint32_t get_current_time_msec() {
|
||||
static uint32_t get_current_time_msec(void) {
|
||||
struct timespec now;
|
||||
clock_gettime(CLOCK_MONOTONIC, &now);
|
||||
return now.tv_nsec / 1000;
|
||||
|
|
|
@ -42,7 +42,7 @@ static const char *ipc_json_orientation_description(enum sway_container_layout l
|
|||
return "none";
|
||||
}
|
||||
|
||||
json_object *ipc_json_get_version() {
|
||||
json_object *ipc_json_get_version(void) {
|
||||
int major = 0, minor = 0, patch = 0;
|
||||
json_object *version = json_object_new_object();
|
||||
|
||||
|
|
73
sway/main.c
73
sway/main.c
|
@ -12,10 +12,6 @@
|
|||
#include <sys/wait.h>
|
||||
#include <sys/un.h>
|
||||
#include <unistd.h>
|
||||
#ifdef __linux__
|
||||
#include <sys/capability.h>
|
||||
#include <sys/prctl.h>
|
||||
#endif
|
||||
#include <wlr/util/log.h>
|
||||
#include "sway/commands.h"
|
||||
#include "sway/config.h"
|
||||
|
@ -45,7 +41,7 @@ void sig_handler(int signal) {
|
|||
sway_terminate(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
void detect_raspi() {
|
||||
void detect_raspi(void) {
|
||||
bool raspi = false;
|
||||
FILE *f = fopen("/sys/firmware/devicetree/base/model", "r");
|
||||
if (!f) {
|
||||
|
@ -85,7 +81,7 @@ void detect_raspi() {
|
|||
}
|
||||
}
|
||||
|
||||
void detect_proprietary() {
|
||||
void detect_proprietary(void) {
|
||||
FILE *f = fopen("/proc/modules", "r");
|
||||
if (!f) {
|
||||
return;
|
||||
|
@ -120,7 +116,7 @@ void run_as_ipc_client(char *command, char *socket_path) {
|
|||
close(socketfd);
|
||||
}
|
||||
|
||||
static void log_env() {
|
||||
static void log_env(void) {
|
||||
const char *log_vars[] = {
|
||||
"PATH",
|
||||
"LD_LIBRARY_PATH",
|
||||
|
@ -135,7 +131,7 @@ static void log_env() {
|
|||
}
|
||||
}
|
||||
|
||||
static void log_distro() {
|
||||
static void log_distro(void) {
|
||||
const char *paths[] = {
|
||||
"/etc/lsb-release",
|
||||
"/etc/os-release",
|
||||
|
@ -162,7 +158,7 @@ static void log_distro() {
|
|||
}
|
||||
}
|
||||
|
||||
static void log_kernel() {
|
||||
static void log_kernel(void) {
|
||||
FILE *f = popen("uname -a", "r");
|
||||
if (!f) {
|
||||
wlr_log(WLR_INFO, "Unable to determine kernel version");
|
||||
|
@ -181,28 +177,8 @@ static void log_kernel() {
|
|||
pclose(f);
|
||||
}
|
||||
|
||||
static void executable_sanity_check() {
|
||||
#ifdef __linux__
|
||||
struct stat sb;
|
||||
char *exe = realpath("/proc/self/exe", NULL);
|
||||
stat(exe, &sb);
|
||||
// We assume that cap_get_file returning NULL implies ENODATA
|
||||
if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) {
|
||||
wlr_log(WLR_ERROR,
|
||||
"sway executable has both the s(g)uid bit AND file caps set.");
|
||||
wlr_log(WLR_ERROR,
|
||||
"This is strongly discouraged (and completely broken).");
|
||||
wlr_log(WLR_ERROR,
|
||||
"Please clear one of them (either the suid bit, or the file caps).");
|
||||
wlr_log(WLR_ERROR,
|
||||
"If unsure, strip the file caps.");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
free(exe);
|
||||
#endif
|
||||
}
|
||||
|
||||
static void drop_permissions(bool keep_caps) {
|
||||
static void drop_permissions(void) {
|
||||
if (getuid() != geteuid() || getgid() != getegid()) {
|
||||
if (setgid(getgid()) != 0) {
|
||||
wlr_log(WLR_ERROR, "Unable to drop root");
|
||||
|
@ -217,20 +193,6 @@ static void drop_permissions(bool keep_caps) {
|
|||
wlr_log(WLR_ERROR, "Root privileges can be restored.");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#ifdef __linux__
|
||||
if (keep_caps) {
|
||||
// Drop every cap except CAP_SYS_PTRACE
|
||||
cap_t caps = cap_init();
|
||||
cap_value_t keep = CAP_SYS_PTRACE;
|
||||
wlr_log(WLR_INFO, "Dropping extra capabilities");
|
||||
if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) ||
|
||||
cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) ||
|
||||
cap_set_proc(caps)) {
|
||||
wlr_log(WLR_ERROR, "Failed to drop extra capabilities");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
void enable_debug_flag(const char *flag) {
|
||||
|
@ -347,7 +309,7 @@ int main(int argc, char **argv) {
|
|||
wlr_log(WLR_ERROR, "Don't use options with the IPC client");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
drop_permissions(false);
|
||||
drop_permissions();
|
||||
char *socket_path = getenv("SWAYSOCK");
|
||||
if (!socket_path) {
|
||||
wlr_log(WLR_ERROR, "Unable to retrieve socket path");
|
||||
|
@ -358,34 +320,17 @@ int main(int argc, char **argv) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
executable_sanity_check();
|
||||
bool suid = false;
|
||||
|
||||
if (!server_privileged_prepare(&server)) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
#if defined(__linux__) || defined(__FreeBSD__)
|
||||
if (getuid() != geteuid() || getgid() != getegid()) {
|
||||
#ifdef __linux__
|
||||
// Retain capabilities after setuid()
|
||||
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
|
||||
wlr_log(WLR_ERROR, "Cannot keep caps after setuid()");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
suid = true;
|
||||
}
|
||||
#endif
|
||||
|
||||
log_kernel();
|
||||
log_distro();
|
||||
detect_proprietary();
|
||||
detect_raspi();
|
||||
|
||||
#if defined(__linux__) || defined(__FreeBSD__)
|
||||
drop_permissions(suid);
|
||||
#endif
|
||||
drop_permissions();
|
||||
|
||||
// handle SIGTERM signals
|
||||
signal(SIGTERM, sig_handler);
|
||||
|
||||
|
|
|
@ -164,7 +164,6 @@ sway_deps = [
|
|||
cairo,
|
||||
gdk_pixbuf,
|
||||
jsonc,
|
||||
libcap,
|
||||
libinput,
|
||||
math,
|
||||
pango,
|
||||
|
|
|
@ -593,7 +593,7 @@ void container_update_representation(struct sway_container *con) {
|
|||
}
|
||||
}
|
||||
|
||||
size_t container_titlebar_height() {
|
||||
size_t container_titlebar_height(void) {
|
||||
return config->font_height + TITLEBAR_V_PADDING * 2;
|
||||
}
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ uint32_t parse_position(const char *position) {
|
|||
}
|
||||
}
|
||||
|
||||
struct swaybar_config *init_config() {
|
||||
struct swaybar_config *init_config(void) {
|
||||
struct swaybar_config *config = calloc(1, sizeof(struct swaybar_config));
|
||||
config->status_command = NULL;
|
||||
config->pango_markup = false;
|
||||
|
|
|
@ -92,7 +92,7 @@ static int release_lock(void *data) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
void acquire_sleep_lock() {
|
||||
void acquire_sleep_lock(void) {
|
||||
sd_bus_message *msg = NULL;
|
||||
sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
struct sd_bus *bus;
|
||||
|
@ -161,7 +161,7 @@ static int dbus_event(int fd, uint32_t mask, void *data) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
void setup_sleep_listener() {
|
||||
void setup_sleep_listener(void) {
|
||||
struct sd_bus *bus;
|
||||
|
||||
int ret = sd_bus_default_system(&bus);
|
||||
|
|
|
@ -32,7 +32,7 @@ void sway_terminate(int exit_code) {
|
|||
exit(exit_code);
|
||||
}
|
||||
|
||||
static void daemonize() {
|
||||
static void daemonize(void) {
|
||||
int fds[2];
|
||||
if (pipe(fds) != 0) {
|
||||
wlr_log(WLR_ERROR, "Failed to pipe");
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
#include "util.h"
|
||||
#include "wlr-layer-shell-unstable-v1-client-protocol.h"
|
||||
|
||||
static char *read_from_stdin() {
|
||||
static char *read_from_stdin(void) {
|
||||
char *buffer = NULL;
|
||||
while (!feof(stdin)) {
|
||||
char *line = read_line(stdin);
|
||||
|
|
Loading…
Add table
Reference in a new issue