Commit graph

1369 commits

Author SHA1 Message Date
Sebastian Noack 173b338567 Add -DVERSION flag for release version numbers 2017-04-26 15:56:46 +02:00
Calvin Lee 0dc7e9f514 Fix typo in sway(5) 2017-04-23 21:57:23 -06:00
Tomáš Čech 974be01e83
explicitly ignore unused return value
fixes issue#1182
2017-04-19 10:16:24 +02:00
Drew DeVault 94ad169eb6 Merge pull request #1181 from wasamasa/bugfix-initial-scratchpad-size
Use i3's dimensions for initial scratchpad views
2017-04-18 17:57:07 -04:00
Drew DeVault 35603b2341 Merge pull request #1178 from 4e554c4c/fork
Prevent sway from duplicating on a failed fork
2017-04-18 17:49:23 -04:00
Vasilij Schneidermann 0f31323659 Use i3's dimensions for initial scratchpad views
See https://github.com/i3/i3/blob/master/src/scratchpad.c#L196-L197
2017-04-18 23:47:09 +02:00
Calvin Lee cee26500a8 Prevent sway from duplicating on a failed fork
Also remove a useless `sway_log` and replace it with a pipe
2017-04-18 15:25:37 -06:00
Vasilij Schneidermann d4ac594264 Implement and document move [to] scratchpad 2017-04-18 21:41:28 +02:00
Jerzi Kaminsky 2ad8850398 Handle symlinks as IPC security targets
- When policies are allocated, the ipc target path goes
  through symlink resolution. The result is used as
  the canonical for matching pids to policies at runtime.
  In particular, this matches up with the target of
  the `/proc/<pid>/exe`.
- There's a possible race condition if this isn't done
  correctly, read below.

Originally, validate_ipc_target() always tried to resolve
its argument for symlinks, and returned a parogram target string
if it validates. This created a possible race condition with
security implications. The problem is that get_feature_policy()
first independently resolved the policy target in order to check
whether a policy already exists. If it didn't find any, it called
alloc_feature_policy() which called validate_ipc_target() which
resolved the policy target again. In the time between the two
checks, the symlink could be altered, and a lucky attacker could
fool the program into thinking that a policy doesn't exist
for a target, and then switch the symlink to point at another file.
At the very least this could allow him to create two policies
for the same program target, and possibly to bypass security
by associating the permissions for one target with another,
or force default permissions to apply to a target for which
a more specific rule has been configured. So we don't that.

Instead, the policy target is resolved once and that result is
used for the rest of the lookup/creation process.
2017-04-16 17:09:53 +03:00
Jerzi Kaminsky bcf9338ce7 Add validate_ipc_target() 2017-04-16 17:09:53 +03:00
Jerzi Kaminsky bfb99235e3 Move get_feature_policy to sway/security.c 2017-04-16 17:09:53 +03:00
Jerzi Kaminsky b4357a8eb6 Rename get_policy to get_feature_policy 2017-04-16 17:09:53 +03:00
Jerzi Kaminsky cf5e764c7f Disambiguate get_*_policy() and get_*_policy_mask() 2017-04-16 17:09:53 +03:00
Jerzi Kaminsky 6079e6f7e5 Fix style in sway-bar(5) manpage 2017-04-14 02:30:41 +03:00
Jerzi Kaminsky b463fb8adc Remain compat with libinput < 1.7.0 2017-04-14 02:30:41 +03:00
Drew DeVault b3541d9dc5 Implement more thourough nvidia config check 2017-04-12 10:04:44 -04:00
Drew DeVault b036ad9b54 Downgrade nvidia proprietary driver warning 2017-04-12 10:04:44 -04:00
Drew DeVault 5d3a02a7c6 Merge branch 'master' into pretty-print-swaymsg 2017-04-10 07:17:47 -04:00
Drew DeVault 7fee555a46 Merge pull request #1150 from JerziKaminsky/cmake_find_libcap
Add libcap check to CMake
2017-04-08 06:53:22 -04:00
Calvin Lee 154c6718c1 Add -t get_marks and use more i3-like marks
In i3 every mark is unique and one mark cannot be used in more than one
window, sway behavior has been amended to match this.
`swaymsg -t get_marks` will now return an array of all marks used in sway.

See #98
2017-04-07 11:37:51 -06:00
Scott Anderson 1b2cd93212 Removed explicitly setting file descriptors to -1 2017-04-08 00:45:31 +12:00
Drew DeVault 50a31a6c88 Fix dangling file descriptors (fixes #1152) 2017-04-07 07:55:35 -04:00
JerziKaminsky aa6bd85da1 Add libcap check to CMake
- Moved ``<sys/capability.h>`` include inside `__linux__` guard,
  because all uses are similarly guarded.
- <sys/capability.h> is part of an optional devel package, at least
  in fedora. CMake now explicitly checks that libcap devel files
  are available.
- Added libcap to the list of install packages in .travis.yml, to
  make the dependency explicit. travis-ci installs the package by
  default, which is why this hasn't surfaced previously.
2017-04-07 03:14:16 +03:00
Scott Anderson 3a32be67ed Added designated initaliser, to prevent any possible problem with
ordering
2017-04-07 00:34:33 +12:00
Scott Anderson fe54a6725e Changed regular expressions to use PCRE for i3 compatibility 2017-04-07 00:16:06 +12:00
Calvin Lee 069d37f987 Improve criteria handling
This commit changes how commands decide what container to act on.
Commands get the current container though `current_container`, a global
defined in sway/commands.c. If a criteria is given before a command,
then the following command will be run once for every container the
criteria matches with a reference to the matching container in
'current_container'. Commands should use this instead of
`get_focused_container()` from now on.

This commit also fixes a few (minor) mistakes made in implementing marks
such as non-escaped arrows in sway(5) and calling the "mark" command
"floating" by accident. It also cleans up `criteria.c` in a few places.
2017-04-05 22:07:23 -06:00
Calvin Lee 2445d27960 Impliment i3-style marks
This commit adds three commands to sway: `show_marks`, `mark` and
`unmark`. Marks are displayed right-aligned in the window border as i3
does. Marks may be found using criteria.

Fixes #1007
2017-04-03 11:48:37 -06:00
Drew DeVault ab7570d311 Update man page 2017-04-03 07:46:11 -04:00
Drew DeVault 60ce81e06a Add pretty printing to swaymsg
If stdout is a tty, it will pretty print unless -r (--raw) is given.

Sample outputs:

```
~/s/s/build > ./bin/swaymsg fullscreen toggle
Error: Permission denied for fullscreen toggle via IPC

~/s/s/build > ./bin/swaymsg -t get_workspaces
Workspace 3:三
  Output: DVI-I-1
  Layout: splith

Workspace 1:一 (off-screen)
  Output: HDMI-A-1
  Layout: splith

Workspace 5:五 (focused)
  Output: HDMI-A-1
  Layout: splith

~/s/s/build > ./bin/swaymsg -t get_inputs
Input device Metadot - Das Keyboard Das Keyboard
  Type: Keyboard
  Sway ID: 9456:320:Metadot_-_Das_Keyboard_Das_Keyb

Input device Wacom Intuos S 2 Pen
  Type: Tablet tool
  Sway ID: 1386:827:Wacom_Intuos_S_2

Input device Wacom Intuos S 2 Pad
  Type: Tablet pad
  Sway ID: 1386:827:Wacom_Intuos_S_2

Input device Logitech Gaming Mouse G502
  Type: Keyboard, Mouse
  Sway ID: 1133:49277:Logitech_Gaming_Mous

~/s/s/build > ./bin/swaymsg -t get_outputs
Output DVI-I-1
  Geometry: 1920x1080 @ 3840,0
  Scale factor: 1x
  Workspace: 3:三

Output DVI-D-1
  Geometry: 1920x1080 @ 0,0
  Scale factor: 1x
  Workspace: 4:四

Output HDMI-A-1
  Geometry: 1920x1080 @ 1920,0
  Scale factor: 1x
  Workspace: 5:五
```
2017-04-03 07:27:25 -04:00
Jarkko Oranen 924ed6464c Prevent "move next" and "move prev" commands from crashing
Fixes #1120

When the parent of a view is C_WORKSPACE and the movement direction
is either MOVE_PREV or MOVE_NEXT, the code would attempt to move the
views to the next output, but swayc_adjacent_output can't accept
non-directional movement commands and causes undefined behaviour and
a segfault.

If the code is simply skipped, we end up in an infinite loop.

Instead, we can allow containers whose parent is a C_WORKSPACE take the
path that handles MOVE_PREV and MOVE_NEXT, which behaves as you would
expect.

I'm not certain that this fix is entirely correct as the desired behaviour
of move_container is not very well defined, but it seems to work.
2017-03-19 16:58:39 +02:00
Jarkko Oranen d7350915d9 The default layout of a workspace should follow the output
Hardcoding it to L_HORIZ does not make sense to me,
as you get the unexpected behaviour that windows will be
arranged horizontally until you switch the layout.
2017-03-19 16:57:05 +02:00
Zandr Martin 2d46fc5602
prevent fullscreen focus thievery
I believe this fixes #1102
2017-03-18 17:55:50 -04:00
Zandr Martin baa17ec696
remove unnecessary todo item
As best I can tell this todo was intended to add workspace movement to
the given output with the `workspace <ws> output <op>` command, but i3
does not behave this way.
2017-03-18 17:26:59 -04:00
Jarkko Oranen f6196b7e9a Fix off-by-one error when checking workspace_layout arguments 2017-03-18 22:24:44 +02:00
Jaanus Torp 8306b886e9 Allow also 444 for security file mode 2017-03-16 15:12:22 +00:00
Zandr Martin b507462d1c
Merge branch 'master' of git://github.com/SirCmpwn/sway into new-command-aliases 2017-03-13 07:35:12 -04:00
John Chen a0711d9c94 Fix trivial typo in sway.5.txt (right_ -> _right_)
as title
2017-03-13 10:32:27 +08:00
Drew DeVault 9aed9d9359 UnGNUify the codebase 2017-03-10 23:41:24 -05:00
Drew DeVault 74d4f1bec9 Further indentation corrections 2017-03-10 21:41:14 -05:00
Zandr Martin 18450dd16a
deprecate new_window and new_float commands 2017-03-09 14:56:15 -05:00
Zandr Martin 8684b9ecca
fix workspace output assignment 2017-03-08 14:30:01 -05:00
Calvin Lee d47d3d78de Fix #1099: Allow spaces in worspace names
This commit allows unquoted spaces in worspace names in order to keep
compatability with i3. The names _must not_ contain the string "output"
which is documented in 'sway.5' because how sway detects the `move
<workspace> output <output>` command. Also I documented that "number"
may be used before the worspace name without affecting how the name is
evaluated.
2017-03-01 11:35:47 -07:00
Calvin Lee 032907e9d2 Clarify move documentation for floating containers 2017-03-01 11:00:56 -07:00
Calvin Lee b35782bcad i3 feature support: Moving flotaing containers
This commit lets the 'move' command apply to floating containers as well
as tiled ones. The command may be appended with a number of pixels and
then optionally the string `px` (like '10 px') in order to move the
container more or fewer than the standard ten pixels.
2017-03-01 11:00:16 -07:00
Drew DeVault 407ebe9cd3 Move env logging to earlier than wlc_init 2017-02-23 08:32:11 -05:00
Drew DeVault 126ce571da Read configs from /etc/sway/security.d/* 2017-02-20 07:51:31 -05:00
Drew DeVault eabfb6c559 Add * policies and fix bug 2017-02-20 06:48:33 -05:00
Drew DeVault 1980a08358 Enforce new IPC policies 2017-02-20 06:33:04 -05:00
Drew DeVault b10721b89e Add initial support code for new IPC security 2017-02-20 06:11:56 -05:00
Drew DeVault 7dbecdde95 Revise IPC security configuration 2017-02-19 02:56:59 -05:00
Zandr Martin c6f971d108
use absolute view geometry to calculate position 2017-02-14 14:03:56 -05:00
Mykyta Holubakha 4eae9b33e8
xdg-positioner: log window placement 2017-02-06 02:59:23 +02:00
Mykyta Holubakha 006bd0bc3f
Handle xdg-positioner stuff 2017-02-06 02:59:23 +02:00
Drew DeVault b3c0aa3a9e Merge pull request #1055 from Hummer12007/positioner
Properly place windows with xdg-positioner
2017-01-19 06:19:08 -05:00
Mykyta Holubakha 7520607b8d Properly place windows with xdg-positioner 2017-01-19 12:31:43 +02:00
Drew DeVault 7cc6f288d9 Merge pull request #1053 from Hummer12007/__focused__
Support __focused__ as a valid criterion
2017-01-18 22:54:19 -05:00
Mykyta Holubakha 28278864b4 Support __focused__ as a valid criterion
This reflects i3 behavior (see i3/i3#1770)

Scrapping focused support will probably break some existing configs
2017-01-19 03:58:31 +02:00
Mykyta Holubakha d443bce6fe Display instance (if present) in nested layouts 2017-01-19 03:45:23 +02:00
Mykyta Holubakha e714fbcbec Add window instance support 2017-01-19 03:14:59 +02:00
Frantisek Fladung 33a709cae9 add hide_edge_borders smart to sway.5 manual 2017-01-17 11:46:58 +01:00
Mykyta Holubakha 138bcd0cfa Unset LD_LIBRARY_PATH, unless specified 2017-01-16 01:05:05 +02:00
wil a90dddea40 [fix] handle auto layout of empty container 2017-01-14 19:48:41 +01:00
wil 71b386964a replaced "bot" with "bottom" in auto layout commands 2017-01-14 19:41:00 +01:00
wil b74870f516 Improved behavior of insert/remove child in auto layouts
Previous implementation would not preserve dimension of groups
along the major axis. This should avoid weird behavior when
using container motion commands.
2017-01-14 19:41:00 +01:00
willakat 4c06a10004 Merge branch 'master' into master 2017-01-14 19:40:02 +01:00
Daniel Kessler eda4bad725 Add output wrapping
This fixes issue #733. Now if the user focuses output right but is at
the rightmost monitor, the focus will wrap the the leftmost monitor.
This commit adds a new function, swayc_opposite_output, which selects
the opposite output given a position and a direction. Now, when calling
output_by_name, we first check if there is an adjacent output to switch
to. If that fails, we call swayc_opposite_output to handle wrapping.
2017-01-13 16:06:10 -08:00
Drew DeVault c1e6cc3257 Merge pull request #1044 from ametisf/master
Implement hide_edge_borders smart (like in i3 4.13)
2017-01-12 11:39:31 -05:00
Frantisek Fladung c04819e8c0 Implement hide_edge_borders smart (like in i3 4.13) 2017-01-12 12:40:28 +01:00
Mykyta Holubakha d9ba61d7e9 Log capability dropping 2017-01-12 04:35:09 +02:00
Mykyta Holubakha ea1313d80d Keep CAP_SYS_PTRACE with suid binary 2017-01-12 04:25:27 +02:00
Drew DeVault 527c259d06 Fix #1008 2017-01-11 21:13:44 -05:00
willakat dc361fd9df Merge branch 'master' into master 2017-01-08 18:15:37 +01:00
wil 52f3a8df51 fixed up space-after-cast style issues 2017-01-08 18:08:10 +01:00
wil 07474a4fa7 reworked "layout auto*" star commands
- "layout auto_left|auto_xxx" are now "layout auto xxx"
- "layout incmaster <n>" is now "layout auto master [set|inc] <n>"
- "layout incncol <n>" is now "layout auto ncol [set|inc] <n>"
2017-01-08 17:57:38 +01:00
Drew DeVault 7c636da8a3 Fix format error 2017-01-08 11:07:45 -05:00
wil 063c79874a Indent cleanups 2017-01-08 14:49:47 +01:00
wil d822150d83 [fix] Keep Clang happy 2017-01-08 14:16:40 +01:00
wil 2040c62da9 Merge branch 'master' of https://github.com/SirCmpwn/sway 2017-01-07 21:35:30 +01:00
wil f24ebd75fa Added mouse resize for auto layouts 2017-01-07 21:24:43 +01:00
wil 1f47c58d63 simplification of apply_auto_layout
Achieved by introducing auto_group_bounds function that produces
the start/end indexes of a group inside an auto layot container.
2017-01-07 20:26:46 +01:00
wil 3c84250be8 [fix] resize should now preserve surrounding container's dimensions
- prior to this modification, the requested pixels were added/removed
  to both edges of the modified container. To preserve sizes,
  only half the pixels should be added/removed to each edge.
2017-01-07 18:20:13 +01:00
wil f7269684d0 [fix] scale check to prevent un-necessary layouts was in the wrong place. 2017-01-07 18:15:42 +01:00
wil d99efb5f6f [fix] corner cases win nb_children < nb_master|nb_col 2017-01-07 18:09:42 +01:00
wil bd415029ba Moved auto_* layout functions from resize.c to layout.c 2017-01-07 17:41:15 +01:00
Hummer12007 d59af31256 Fix workspace layouts in json data 2017-01-06 01:28:36 +02:00
wil 704b2db050 Merge branch 'master' of https://github.com/willakat/sway 2017-01-01 22:02:19 +01:00
wil 97f70987d7 [fix] cleanups suggested by Sway community 2017-01-01 21:52:49 +01:00
wil a62048f15d changed "layout promote" command to "move first"
This is more consistent with other Sway semantics.
2017-01-01 19:53:53 +01:00
Drew DeVault 0412e95ba9 Document new layout command syntax
And an old one that the docs overlooked
2017-01-01 12:41:52 -05:00
Drew DeVault c01b898398 Fix inline is_auto_layout 2017-01-01 12:36:47 -05:00
wil 15745abf0c [fix] cycle auto layouts backwards 2016-12-31 18:41:13 +01:00
wil 1b87193c3d Added "layout promote" command. 2016-12-29 20:31:30 +01:00
wil a0aa8d9780 cleanup in auto layouts
- added L_AUTO_FIRST/LAST instead of using explicit layouts.
- when switching between auto layout that don't share the same major axis, invert the
  width/height of their child views to preserve their relative proportions.
2016-12-29 20:31:30 +01:00
wil 2b0e3c212a [fix] move next/prev behavior for vert/horiz layout 2016-12-29 20:31:30 +01:00
wil 0ff9fe9a7a introduce next/prev as a direction for focus/move commands. 2016-12-29 20:31:30 +01:00
wil bc3dc97026 [fix] Handle auto layout resize with multiple slave groups 2016-12-29 20:31:30 +01:00
wil ed71e67d7e [fix] handle cases where nb_master > children->length in auto layout 2016-12-29 20:31:30 +01:00
wil 8b0073b195 Added "layout incnmaster|incncol" commands 2016-12-29 20:31:30 +01:00
wil 5425d0489f Handle resize in auto layouts 2016-12-29 20:31:30 +01:00
wil 97f7d47413 Added Awesome/Monad type "auto" layouts 2016-12-29 20:31:30 +01:00
Drew DeVault aab360bf2f Add redshift support 2016-12-28 02:04:51 -05:00
Aleksa Sarai 09259021ab
sway: extensions: make locking give back focus
Don't switch the internal tracking of focus to the swaylock surface,
to allow for switching back to the previously active window (or the
currently active window, if some new process changed).

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2016-12-26 20:00:17 +11:00
Aleksa Sarai 29a535aae4
sway: extensions: only unlock if lock_surfaces.length == 0
When destroying lock surfaces, we really should only unlock a
desktop_shell if the set of lock surfaces has dropped to zero (since
callers need to do a set_lock_surface for every output).

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2016-12-26 19:23:07 +11:00
Drew DeVault 36e48fcf8d Update default swaybar command
Fixes #988
2016-12-23 11:21:18 -05:00
Nicolas Cornu 0f0bbbff4d Put floating views in center, fallback on top left
Sometimes views are created before we got its size
2016-12-18 10:43:10 +01:00
Drew DeVault 1172566d4e Change how security config is loaded 2016-12-17 15:21:57 -05:00
Drew DeVault 14d9200e4e Merge pull request #996 from woutershep/datadir
Use CMAKE_INSTALL_FULL_DATA{,ROOT}DIR
2016-12-17 14:56:51 -05:00
Wouter van Kesteren 09b9106550 Use CMAKE_INSTALL_FULL_DATA{,ROOT}DIR
Exherbo installs architecture dependent data in a different place than architecture
independent data. More concretely: binaries go in /usr/$chost/{bin,lib},
data goes in /usr/share and configs in /etc, /etc is already configurable
through CMAKE_INSTALL_FULL_SYSCONFDIR but the datadir was not. This
patch fixes it so that things can be pushed in the right places.
2016-12-17 01:00:39 +01:00
Drew DeVault d859f825d3 Fix build error 2016-12-15 19:01:41 -05:00
Drew DeVault 63d96c1bb4 Fix indentation issues 2016-12-15 19:01:41 -05:00
Drew DeVault 10c8b73075 Handle calloc failures 2016-12-15 19:01:41 -05:00
Drew DeVault a2b9149656 Add remaining sway allocation failure handling 2016-12-15 19:01:41 -05:00
Drew DeVault 7784f1a905 Handle allocation failures in security code
Note that such errors are generally going to be fatal
2016-12-15 19:01:41 -05:00
Drew DeVault 31b002b6d5 Handle IPC server allocation failures 2016-12-15 19:01:41 -05:00
Drew DeVault 8cef81d6f2 Handle some more memory allocation failures 2016-12-15 19:01:41 -05:00
Drew DeVault d75a747a3d Handle config-related allocation failures 2016-12-15 19:01:41 -05:00
Drew DeVault 248df18c24 Handle allocation failure in commands 2016-12-15 19:01:40 -05:00
Drew DeVault 8691ff1b63 Handle border-related malloc failures 2016-12-15 19:01:40 -05:00
Drew DeVault 4c6c65e70c Handle malloc failures from read_line 2016-12-15 19:01:40 -05:00
Greg V da26d69cb1 Fix build on FreeBSD
- Make sure CMake always finds absolute paths for Cairo, Pango and GdkPixbuf
- Add forgotten json-c include path to swaymsg/CMakeLists.txt
- Disable -Werror because of assert warnings
- Add correct /proc/pid/file path for FreeBSD
- Use libepoll-shim on FreeBSD
- Only use Linux capabilities on, well, Linux
2016-12-09 19:32:07 +03:00
Drew DeVault d93e53fd4b Use return value of write 2016-12-06 09:10:16 -05:00
Drew DeVault 979878d8af Decrement expected_len 2016-12-04 10:55:11 -05:00
Drew DeVault 1a509dcc29 Fix to sway-security(7) 2016-12-04 09:49:13 -05:00
Drew DeVault cdecf3c495 Drop restart command from sanity check
Since we don't actually have one of those
2016-12-04 09:37:24 -05:00
D.B 35b8d185ac fix layout switching (was broken because of workspace_layout)
For workspace containers, swayc_change_layout also changes ->layout alongside
->workspace_layout when it's a sensible thing to do. There is an additional test
for 'layout toggle' command which ensures that containers will be tiled
horizontally after toggling from tabbed or stacked.
2016-12-04 08:31:34 -05:00
D.B 4762bcb3b9 wrap some views under workspaces
If workspace layout is set to tabbed or stacked, its C_VIEW children
should get wrapped in a container. Alongside that, move_container was
modified to retain previous functionality.
2016-12-04 08:31:34 -05:00
D.B 6fb4b6737a add workspace_layout to container
Add swayc_change_layout function, which changes either layout or
workspace_layout, depending on the container type.
2016-12-04 08:31:34 -05:00
Drew DeVault e7a764fdf4 Disallow everything by default
And update config.d/security to configure sane defaults
2016-12-03 12:38:42 -05:00
Drew DeVault 93d99f3712 Fix use-after-free 2016-12-02 18:57:10 -05:00
Drew DeVault d2d6fcd1ff Fix clang issues 2016-12-02 18:38:31 -05:00
Drew DeVault 8577095db7 Check for CAP_SYS_PTRACE 2016-12-02 18:37:01 -05:00
Drew DeVault d353da248b Add ipc connection feature policy controls 2016-12-02 18:09:19 -05:00
Drew DeVault 62dad7148f Enforce IPC security policy 2016-12-02 17:55:03 -05:00
Drew DeVault c8dc4925d1 Add IPC security policy command handlers 2016-12-02 17:34:26 -05:00
Drew DeVault e9e1a6a409 Add IPC policy to config
Also reduces enum abuse, cc @minus7
2016-12-02 16:08:45 -05:00
Drew DeVault 0a1b211e09 Drop -Denable-binding-event 2016-12-02 16:01:33 -05:00
Drew DeVault 25a4a85a59 Run config files through sed and install to /etc 2016-12-02 15:56:36 -05:00
Drew DeVault 751e6d2ab2 Clarify lock permission consequences 2016-12-02 10:34:17 -05:00
Drew DeVault 0c8dc0e6df Clarify that executable has to be a full path 2016-12-02 10:32:08 -05:00
Drew DeVault c61746a15b Soften up environment security
So no one gets their feewings hurt
2016-12-02 10:29:50 -05:00
Drew DeVault a4e92ad272 Deal with LD_LIBRARY_PATH 2016-12-02 10:23:30 -05:00
Drew DeVault 1a143e601b Clarify when keyboard/mouse features work 2016-12-02 10:17:53 -05:00
Drew DeVault 4d312f753c Add docs on what features sway programs require 2016-12-02 10:13:06 -05:00
Drew DeVault 3dbeb9c35c Add sway-security(7) 2016-12-02 10:05:43 -05:00
Drew DeVault 10c2125040 Unset LD_PRELOAD on startup (before dropping root)
LD_PRELOAD enables keyloggers to easily be made. This solution isn't
perfect - really a secure system wouldn't have LD_PRELOAD at all. It was
a stupid idea in the first place.
2016-12-02 08:47:47 -05:00
Drew DeVault 04fc10feeb Flesh out security_sanity_check 2016-12-02 08:42:26 -05:00
Drew DeVault 39cf9a82f7 Enforce command policies 2016-12-02 08:17:45 -05:00
Drew DeVault f23880b1fd Add support for command policies in config file 2016-12-02 08:10:03 -05:00
Drew DeVault 0d395681fe Enforce mouse permissions 2016-12-01 22:11:48 -05:00
Drew DeVault 8aeeacf178 Enforce keyboard permissions 2016-12-01 22:09:33 -05:00