wl_event_source_remove() is illegal after display has been destroyed,
so just destroy everything when we still can.
==20392==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000001240 at pc 0x00000048e86e bp 0x7ffe4b557e00 sp 0x7ffe4b557df0
READ of size 8 at 0x607000001240 thread T0
#0 0x48e86d in wl_list_insert ../common/list.c:149
#1 0x7fdf673d4d7d in wl_event_source_remove src/event-loop.c:487
#2 0x41b742 in ipc_terminate ../sway/ipc-server.c:94
#3 0x40b1ad in main ../sway/main.c:440
#4 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308
#5 0x409359 in _start (/opt/wayland/bin/sway+0x409359)
0x607000001240 is located 48 bytes inside of 72-byte region [0x607000001210,0x607000001258)
freed by thread T0 here:
#0 0x7fdf692c4880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
#1 0x7fdf673d371a in wl_display_destroy src/wayland-server.c:1097
previously allocated by thread T0 here:
#0 0x7fdf692c4c48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x7fdf673d4d9e in wl_event_loop_create src/event-loop.c:522
#2 0x40acb2 in main ../sway/main.c:363
#3 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308
We would previously run all config commands without the environment,
which would appear to work as our socket name is the default one, but
wayland clients would start up in the wrong sway session.
(This explains why 'sometimes' my swayidle processes wouldn't die with
sway, as they weren't listening to the correct socket)
Some operations during backend creation (e.g. becoming DRM master)
require CAP_SYS_ADMIN privileges. At this point, sway has dropped them
already, though. This patch splits the privileged part of server_init
into its own function and calls it before dropping its privileges.
This fixes the bug with minimal security implications.
Increase _POSIX_SOURCE value where needed.
Increase _XOPEN_SOURCE value where needed.
Conditionally link to libcap (only on Linux).
Possibly some trailing whitespace fixes (automatic).
- Moved ``<sys/capability.h>`` include inside `__linux__` guard,
because all uses are similarly guarded.
- <sys/capability.h> is part of an optional devel package, at least
in fedora. CMake now explicitly checks that libcap devel files
are available.
- Added libcap to the list of install packages in .travis.yml, to
make the dependency explicit. travis-ci installs the package by
default, which is why this hasn't surfaced previously.
- Make sure CMake always finds absolute paths for Cairo, Pango and GdkPixbuf
- Add forgotten json-c include path to swaymsg/CMakeLists.txt
- Disable -Werror because of assert warnings
- Add correct /proc/pid/file path for FreeBSD
- Use libepoll-shim on FreeBSD
- Only use Linux capabilities on, well, Linux
LD_PRELOAD enables keyloggers to easily be made. This solution isn't
perfect - really a secure system wouldn't have LD_PRELOAD at all. It was
a stupid idea in the first place.
This is necessary because commands in the config file (mode for
instance) emit ipc events, and if ipc_init has not been called the
ipc_clients_list is not initialized, and we segfault. This fixes that
bug.
The include command (`include <path>`) makes it possible to include sub
config files from the main config file (or from within other sub config
files).
The include command uses the following rules for including config files:
* the `path` can be either a full path or a path that is relative to the
parent config. Shell expansion is supported, so it's possible to do
`include ~/.config/sway.d/*`.
* The same config file can only be included once (to prevent include
cycles). If a config is included multiple times it will just be
ignored after it has been included once.
* Including a sub config file is the same as inserting the content of
that file into the parent config, thus rules about overwriting
bindsyms etc. works the same as for a single config.
Implement #542
Calling `exit` in sway_terminate prevents sway from correctly shutting
down (freeing data, cleanly terminating the ipc server, etc.).
A better way is to exit straight away if the failure occurs before
`wlc_run` and use sway_abort as usual if it occur when wlc is running.
Sway used to attempt sending an IPC command composed of every argument
after the first non-option argument encountered.
Now, raises an error if an option is encountered before the intended command.
Some options such as -h or -v take effect when parsing, so they still
apply.
The get-socketpath long option had an undocumented short alternative
as `p`. It has been removed.
However, the code in the options array is still the 'p' char.
Using 'flag' results in duplicate code paths for short and long options.
This broke the -q short option in swaymsg, because there was:
{"quiet", no_argument, &quiet, 'q'}
Which will set quiet to 'q' and return 0, not 'q'.
First of all because it's not needed that early, and second of all
because there's a bug where calling `sway --get-socketpath` via `popen`
causes the child sway process to spin/hang instead of returning EOF.
(Specifically `(unset SWAYSOCK; swaymsg)` hangs.) This patch fixes that.
(Also note that this patch moves the "detailed review" comment, so I
guess this patch requires extra detailed review?)
After adding pid to the socket path the `--get-socketpath` command broke
because it doesn't know the pid of the running instance. Fix this by
setting and querying `SWAYSOCK`.
Also ignore `SWAYSOCK` upon normal startup if a socket exists at that
location (ie. from another sway instance), and don't overwrite `I3SOCK`
if it exists either.