Drew DeVault
d75a747a3d
Handle config-related allocation failures
2016-12-15 19:01:41 -05:00
Drew DeVault
248df18c24
Handle allocation failure in commands
2016-12-15 19:01:40 -05:00
Drew DeVault
8691ff1b63
Handle border-related malloc failures
2016-12-15 19:01:40 -05:00
Drew DeVault
4c6c65e70c
Handle malloc failures from read_line
2016-12-15 19:01:40 -05:00
Greg V
da26d69cb1
Fix build on FreeBSD
...
- Make sure CMake always finds absolute paths for Cairo, Pango and GdkPixbuf
- Add forgotten json-c include path to swaymsg/CMakeLists.txt
- Disable -Werror because of assert warnings
- Add correct /proc/pid/file path for FreeBSD
- Use libepoll-shim on FreeBSD
- Only use Linux capabilities on, well, Linux
2016-12-09 19:32:07 +03:00
Drew DeVault
d93e53fd4b
Use return value of write
2016-12-06 09:10:16 -05:00
Drew DeVault
979878d8af
Decrement expected_len
2016-12-04 10:55:11 -05:00
Drew DeVault
1a509dcc29
Fix to sway-security(7)
2016-12-04 09:49:13 -05:00
Drew DeVault
cdecf3c495
Drop restart command from sanity check
...
Since we don't actually have one of those
2016-12-04 09:37:24 -05:00
D.B
35b8d185ac
fix layout switching (was broken because of workspace_layout)
...
For workspace containers, swayc_change_layout also changes ->layout alongside
->workspace_layout when it's a sensible thing to do. There is an additional test
for 'layout toggle' command which ensures that containers will be tiled
horizontally after toggling from tabbed or stacked.
2016-12-04 08:31:34 -05:00
D.B
4762bcb3b9
wrap some views under workspaces
...
If workspace layout is set to tabbed or stacked, its C_VIEW children
should get wrapped in a container. Alongside that, move_container was
modified to retain previous functionality.
2016-12-04 08:31:34 -05:00
D.B
6fb4b6737a
add workspace_layout to container
...
Add swayc_change_layout function, which changes either layout or
workspace_layout, depending on the container type.
2016-12-04 08:31:34 -05:00
Drew DeVault
e7a764fdf4
Disallow everything by default
...
And update config.d/security to configure sane defaults
2016-12-03 12:38:42 -05:00
Drew DeVault
93d99f3712
Fix use-after-free
2016-12-02 18:57:10 -05:00
Drew DeVault
d2d6fcd1ff
Fix clang issues
2016-12-02 18:38:31 -05:00
Drew DeVault
8577095db7
Check for CAP_SYS_PTRACE
2016-12-02 18:37:01 -05:00
Drew DeVault
d353da248b
Add ipc connection feature policy controls
2016-12-02 18:09:19 -05:00
Drew DeVault
62dad7148f
Enforce IPC security policy
2016-12-02 17:55:03 -05:00
Drew DeVault
c8dc4925d1
Add IPC security policy command handlers
2016-12-02 17:34:26 -05:00
Drew DeVault
e9e1a6a409
Add IPC policy to config
...
Also reduces enum abuse, cc @minus7
2016-12-02 16:08:45 -05:00
Drew DeVault
0a1b211e09
Drop -Denable-binding-event
2016-12-02 16:01:33 -05:00
Drew DeVault
25a4a85a59
Run config files through sed and install to /etc
2016-12-02 15:56:36 -05:00
Drew DeVault
751e6d2ab2
Clarify lock permission consequences
2016-12-02 10:34:17 -05:00
Drew DeVault
0c8dc0e6df
Clarify that executable has to be a full path
2016-12-02 10:32:08 -05:00
Drew DeVault
c61746a15b
Soften up environment security
...
So no one gets their feewings hurt
2016-12-02 10:29:50 -05:00
Drew DeVault
a4e92ad272
Deal with LD_LIBRARY_PATH
2016-12-02 10:23:30 -05:00
Drew DeVault
1a143e601b
Clarify when keyboard/mouse features work
2016-12-02 10:17:53 -05:00
Drew DeVault
4d312f753c
Add docs on what features sway programs require
2016-12-02 10:13:06 -05:00
Drew DeVault
3dbeb9c35c
Add sway-security(7)
2016-12-02 10:05:43 -05:00
Drew DeVault
10c2125040
Unset LD_PRELOAD on startup (before dropping root)
...
LD_PRELOAD enables keyloggers to easily be made. This solution isn't
perfect - really a secure system wouldn't have LD_PRELOAD at all. It was
a stupid idea in the first place.
2016-12-02 08:47:47 -05:00
Drew DeVault
04fc10feeb
Flesh out security_sanity_check
2016-12-02 08:42:26 -05:00
Drew DeVault
39cf9a82f7
Enforce command policies
2016-12-02 08:17:45 -05:00
Drew DeVault
f23880b1fd
Add support for command policies in config file
2016-12-02 08:10:03 -05:00
Drew DeVault
0d395681fe
Enforce mouse permissions
2016-12-01 22:11:48 -05:00
Drew DeVault
8aeeacf178
Enforce keyboard permissions
2016-12-01 22:09:33 -05:00
Drew DeVault
ffdbb9d050
Enforce fullscreen permissions
2016-12-01 22:03:36 -05:00
Drew DeVault
dc4b57c868
Shut Clang up
2016-12-01 21:58:38 -05:00
Drew DeVault
21e1b2bef3
Add security checks for background, panel, lock
2016-12-01 21:51:07 -05:00
Drew DeVault
76cab04b4d
Implement permit and reject commands
2016-12-01 21:36:43 -05:00
Drew DeVault
1a8a42f372
Memory leak
2016-12-01 20:39:35 -05:00
Drew DeVault
2675293200
Implement policy lookups
2016-12-01 19:58:11 -05:00
Drew DeVault
44cc0ef125
Add config related code and initial headers
2016-12-01 19:38:36 -05:00
Drew DeVault
5831f7ab68
Write example security config, start on code
2016-12-01 19:27:35 -05:00
D.B
05be14ff7c
change default layout toggle to L_HORIZ
...
After issuing 'layout toggle split' command from tabbed/stacked layout,
layout should have been horizontally split.
2016-11-06 08:13:24 +01:00
D.B
3d1b472b83
swap unnecessary function for strndup
2016-11-03 06:43:12 +01:00
D.B
58eb7ac19f
change bar colors from char[10] to *char
...
This commit removes has_* booleans from bar color struct. It also
generalizes of functions in commands/bar/colors.c.
2016-11-02 21:07:04 +01:00
D.B
ad4d21d60b
add bar colours for focused_(workspace|statusline|separator)
...
If these aren't defined in config, color settings without 'focused_'
prefix are used as a fallback.
2016-11-02 18:58:33 +01:00
D.B
39ee0ec552
use urgent_ws color in swaybar if binding_mode is undefined
2016-11-02 18:58:33 +01:00
Drew DeVault
d3e55f88ec
Log LD_LIBRARY_PATH
2016-10-27 11:05:04 -04:00
Drew DeVault
78b65e2317
Remove duplicate redhat-release line
2016-10-27 10:57:18 -04:00