This ensures that those surprised by the deprecation of SUID operation
receive an error rather than accidentally having sway run as root.
This detection will be removed in a future release.
Try to gain SCHED_RR (round-robin) realtime scheduling privileges before
starting the server. This requires CAP_SYS_NICE on Linux systems.
We additionally register a pthread_atfork callback which resets the
scheduling class back to SCHED_OTHER (the Linux system default).
Due to CAP_SYS_NICE, setting RLIMIT_RTPRIO has no effect on the process
as documented within man 7 sched (from Linux):
Privileged (CAP_SYS_NICE) threads ignore the RLIMIT_RTPRIO limit;
as with older kernels, they can make arbitrary changes to
scheduling policy and priority. See getrlimit(2) for further
information on RLIMIT_RTPRIO
Note that this requires the sway distribution packagers to set the
CAP_SYS_NICE capability on the sway binary.
Supersedes #6992
SUID privilege drop is needed for the "builtin"-backend of libseat,
which copied our old "direct" backend behavior for the sake of
compatibility and ease of transition.
libseat now has a better alternative in the form of seatd-launch. It
uses the normal seatd daemon and libseat backend and takes care of SUID
for us.
Add a soft deprecation warning to highlight our future intent of
removing this code. The deprecation cycle is needed to avoid surprises
when sway no longer drops privileges.
Proprietary drivers require --unsupported-gpu to be allowed, and IPCs
require no option to be passed.
The only way to satisfy both is to run IPCs before checking for
proprietary drivers.
Wayland compositors handle many file descriptors: client
connections, DMA-BUFs, sync_files, wl_data_device pipes, and so
on. Bump the limit to the max.
Closes: https://github.com/swaywm/sway/issues/6285
Nvidia has historically been a bad actor in the open-source graphics
ecosystem because they required a special EGLStreams code-path
instead of exposing the de-facto standard GBM API. However, with
their upcoming release they now support GBM as well.
This is a push in the right direction for Nvidia, so there's no
reason we should be more hostile to them than to any other proprietary
driver. Let's remove the --my-next-gpu-wont-be-nvidia flag, and advise
users to use --unsupported-gpu now.
Note, proprietary Nvidia drivers are still unsupported by the Sway
project (just like all other proprietary drivers).
Can be useful to make sure a bugfix is included. In the future maybe
the wlroots version string could include a commit hash when built
from source, too.
Instead of letting wlroots print messages to stdout, route debugging
messages into Sway's logging functions. This allows a more consistent
output (e.g. if Sway or wlroots changes its output style, they don't get
out-of-sync).
I also added a [wlr] prefix to wlroots messages, not yet sure it's a
good thing.
If the environment variable is not defined, getenv returns NULL.
Passing a NULL pointer to the "%s" format specifier is undefined
behavior. Even if some implementations output "(null)", an empty
string is nicer.
This makes it so invalid configs will return the exit code 1 when the
validation flag is given. This also reduces the log level to SWAY_ERROR,
which makes it so only the errors are shown. If someone wants more
verbose output, the can use the -V/--verbose or -d/--debug flags.
Additionally, this also makes it so swaybg will not be spawned when
validating the config.
It looks like the code to drop privileges may have been broken via
commit 37f0e1f. That commit reverted the correct order from #911, which
first drops the gid then the uid. If setuid is called first then the
target user may not have the ability to setgid.
This adds the logic to defer binding execution while sway is still
initializing. Without this, the binding command would be executed, but
the command handler would return CMD_DEFER, which was being treated as
a failure to run. To avoid partial executions, this will defer all
bindings while config->active is false.
Fixes memory leaks in the form of:
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7f5f7c2f4f30 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedf30)
#1 0x563c799569f2 in ipc_recv_response ../common/ipc-client.c:94
#2 0x563c79957062 in ipc_single_command ../common/ipc-client.c:138
#3 0x563c798a56cc in run_as_ipc_client ../sway/main.c:127
#4 0x563c798a6a3a in main ../sway/main.c:349
#5 0x7f5f7b4d609a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
Fixes memory leaks in the form of:
Direct leak of 20 byte(s) in 1 object(s) allocated from:
#0 0x7f5f7c2f4f30 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedf30)
#1 0x563c7995b36a in join_args ../common/stringop.c:268
#2 0x563c798a6a1a in main ../sway/main.c:348
#3 0x7f5f7b4d609a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
This aborts sway and displays an error message about XDG_RUNTIME_DIR
not being set without initializing the wl_display or logging any other
information.
When both options and positional arguments are given, sway would print
the error `Don't use options with the IPC client`. Over the past
several months, it seems like users are including this error message in
issues instead of a debug log due to not understanding that the error
message means there is an issue with their command.
This makes the error message more verbose and will hopefully make it so
more users understand that the message is not a bug in sway, but with
the command used.
This cleans up the log when sway fails to read a config file. The
following changes have been made:
- A missing error message has been added to the log when the config file
is a directory instead of a regular file
- In main, `goto` statements have been added after the `sway_terminate`
calls instead of wrapping every block in `if (!terminate_request)`
- Unnecessary NULL-checks around calls to free in `main` have been
removed
- Deferred command execution has been extracted to a separate function
and the `Running deferred commands` log message will not be shown when
there are no deferred commands.
This commit mostly duplicates the wlr_log functions, although
with a sway_* prefix. (This is very similar to PR #2009.)
However, the logging function no longer needs to be replaceable,
so sway_log_init's second argument is used to set the exit
callback for sway_abort.
wlr_log_init is still invoked in sway/main.c
This commit makes it easier to remove the wlroots dependency for
the helper programs swaymsg, swaybg, swaybar, and swaynag.
In `sway_terminate`, `ipc_event_shutdown` was being sent regardless
which mode sway was running in. When running as an ipc client,
`sway_terminate` should just exit
This matches i3's behavior of returning a list of results that contain
the result of each command that was executed. Additionally, the
`parse_error` attribute has been added to the IPC JSON reply.
The idea here is we don't want users to be blissfully unaware that they
are running unsupported drivers. So we abort on startup, and force the
user to add a specific argument to bypass the check.
It's better to use DT_RPATH dynamic section of the elf binary to store
the paths of libraries to load instead of overwriting LD_LIBRARY_PATH
for the whole environment, causing surprises. This solution is much more
transparent and perfectly suitable for running contained installations
of wayland/wlroots/sway.
The code unsetting the LD_LIBRARY_PATH/LD_PRELOAD was also deleted as
it's a placebo security at best - we should trust the execution path
that leads us to running sway, and it's way too late to care about those
variables since we already started executing our compositor, thus we
would be compromised anyway.