Allow also 444 for security file mode

master
Jaanus Torp 8 years ago
parent 109f384771
commit 8306b886e9

@ -547,8 +547,8 @@ bool load_main_config(const char *file, bool is_active) {
list_qsort(secconfigs, qstrcmp); list_qsort(secconfigs, qstrcmp);
for (int i = 0; i < secconfigs->length; ++i) { for (int i = 0; i < secconfigs->length; ++i) {
char *_path = secconfigs->items[i]; char *_path = secconfigs->items[i];
if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 || (s.st_mode & 0777) != 0644) { if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 || (((s.st_mode & 0777) != 0644) && (s.st_mode & 0777) != 0444)) {
sway_log(L_ERROR, "Refusing to load %s - it must be owned by root and mode 644", _path); sway_log(L_ERROR, "Refusing to load %s - it must be owned by root and mode 644 or 444", _path);
success = false; success = false;
} else { } else {
success = success && load_config(_path, config); success = success && load_config(_path, config);

@ -21,7 +21,7 @@ you must make a few changes external to sway first.
Configuration of security features is limited to files in the security directory Configuration of security features is limited to files in the security directory
(this is likely /etc/sway/security.d/*, but depends on your installation prefix). (this is likely /etc/sway/security.d/*, but depends on your installation prefix).
Files in this directory must be owned by root:root and chmod 644. The default Files in this directory must be owned by root:root and chmod 644 or 444. The default
security configuration is installed to /etc/sway/security.d/00-defaults, and security configuration is installed to /etc/sway/security.d/00-defaults, and
should not be modified - it will be updated with the latest recommended security should not be modified - it will be updated with the latest recommended security
defaults between releases. To override the defaults, you should add more files to defaults between releases. To override the defaults, you should add more files to

Loading…
Cancel
Save