Drew DeVault
7784f1a905
Handle allocation failures in security code
...
Note that such errors are generally going to be fatal
8 years ago
Drew DeVault
31b002b6d5
Handle IPC server allocation failures
8 years ago
Drew DeVault
8cef81d6f2
Handle some more memory allocation failures
8 years ago
Drew DeVault
d75a747a3d
Handle config-related allocation failures
8 years ago
Drew DeVault
248df18c24
Handle allocation failure in commands
8 years ago
Drew DeVault
8691ff1b63
Handle border-related malloc failures
8 years ago
Drew DeVault
ad7f68585b
Always log filename and line number
8 years ago
Drew DeVault
4c6c65e70c
Handle malloc failures from read_line
8 years ago
Drew DeVault
9ad1e6b40f
Handle malloc failure in ipc_recv_response
8 years ago
Drew DeVault
6c0fc20936
Merge pull request #991 from barfoo1/registry_fix
...
minor logic error in registry.c:seat_handle_capabilities()
8 years ago
barfoo1
dc6942d10d
minor logic error
8 years ago
Drew DeVault
6350752d6b
Merge pull request #985 from myfreeweb/master
...
Fix build on FreeBSD
8 years ago
Greg V
da26d69cb1
Fix build on FreeBSD
...
- Make sure CMake always finds absolute paths for Cairo, Pango and GdkPixbuf
- Add forgotten json-c include path to swaymsg/CMakeLists.txt
- Disable -Werror because of assert warnings
- Add correct /proc/pid/file path for FreeBSD
- Use libepoll-shim on FreeBSD
- Only use Linux capabilities on, well, Linux
8 years ago
Drew DeVault
d93e53fd4b
Use return value of write
8 years ago
Drew DeVault
979878d8af
Decrement expected_len
8 years ago
Drew DeVault
cb0ca3c301
Change name of ld-library-path cmake variable
8 years ago
Drew DeVault
49fe25c106
Mention setcap in manual install instructions
8 years ago
Drew DeVault
1d39c22a38
Add link to security features issue in readme
8 years ago
Drew DeVault
1a509dcc29
Fix to sway-security(7)
8 years ago
Drew DeVault
cdecf3c495
Drop restart command from sanity check
...
Since we don't actually have one of those
8 years ago
Drew DeVault
6604bb67ea
Fix minor issues with default security config
8 years ago
D.B
35b8d185ac
fix layout switching (was broken because of workspace_layout)
...
For workspace containers, swayc_change_layout also changes ->layout alongside
->workspace_layout when it's a sensible thing to do. There is an additional test
for 'layout toggle' command which ensures that containers will be tiled
horizontally after toggling from tabbed or stacked.
8 years ago
D.B
4762bcb3b9
wrap some views under workspaces
...
If workspace layout is set to tabbed or stacked, its C_VIEW children
should get wrapped in a container. Alongside that, move_container was
modified to retain previous functionality.
8 years ago
D.B
6fb4b6737a
add workspace_layout to container
...
Add swayc_change_layout function, which changes either layout or
workspace_layout, depending on the container type.
8 years ago
Drew DeVault
5778c59a2f
Merge pull request #981 from SirCmpwn/security
...
Security features
8 years ago
Drew DeVault
e7a764fdf4
Disallow everything by default
...
And update config.d/security to configure sane defaults
8 years ago
Drew DeVault
93d99f3712
Fix use-after-free
8 years ago
Drew DeVault
d2d6fcd1ff
Fix clang issues
8 years ago
Drew DeVault
8577095db7
Check for CAP_SYS_PTRACE
8 years ago
Drew DeVault
d353da248b
Add ipc connection feature policy controls
8 years ago
Drew DeVault
62dad7148f
Enforce IPC security policy
8 years ago
Drew DeVault
c8dc4925d1
Add IPC security policy command handlers
8 years ago
Drew DeVault
e9e1a6a409
Add IPC policy to config
...
Also reduces enum abuse, cc @minus7
8 years ago
Drew DeVault
0a1b211e09
Drop -Denable-binding-event
8 years ago
Drew DeVault
25a4a85a59
Run config files through sed and install to /etc
8 years ago
Drew DeVault
751e6d2ab2
Clarify lock permission consequences
8 years ago
Drew DeVault
0c8dc0e6df
Clarify that executable has to be a full path
8 years ago
Drew DeVault
c61746a15b
Soften up environment security
...
So no one gets their feewings hurt
8 years ago
Drew DeVault
a4e92ad272
Deal with LD_LIBRARY_PATH
8 years ago
Drew DeVault
1a143e601b
Clarify when keyboard/mouse features work
8 years ago
Drew DeVault
4d312f753c
Add docs on what features sway programs require
8 years ago
Drew DeVault
3dbeb9c35c
Add sway-security(7)
8 years ago
Drew DeVault
10c2125040
Unset LD_PRELOAD on startup (before dropping root)
...
LD_PRELOAD enables keyloggers to easily be made. This solution isn't
perfect - really a secure system wouldn't have LD_PRELOAD at all. It was
a stupid idea in the first place.
8 years ago
Drew DeVault
04fc10feeb
Flesh out security_sanity_check
8 years ago
Drew DeVault
39cf9a82f7
Enforce command policies
8 years ago
Drew DeVault
f23880b1fd
Add support for command policies in config file
8 years ago
Drew DeVault
0d395681fe
Enforce mouse permissions
8 years ago
Drew DeVault
8aeeacf178
Enforce keyboard permissions
8 years ago
Drew DeVault
ffdbb9d050
Enforce fullscreen permissions
8 years ago
Drew DeVault
dc4b57c868
Shut Clang up
8 years ago