Commit graph

6502 commits

Author SHA1 Message Date
Drew DeVault
a2b9149656 Add remaining sway allocation failure handling 2016-12-15 19:01:41 -05:00
Drew DeVault
7784f1a905 Handle allocation failures in security code
Note that such errors are generally going to be fatal
2016-12-15 19:01:41 -05:00
Drew DeVault
31b002b6d5 Handle IPC server allocation failures 2016-12-15 19:01:41 -05:00
Drew DeVault
8cef81d6f2 Handle some more memory allocation failures 2016-12-15 19:01:41 -05:00
Drew DeVault
d75a747a3d Handle config-related allocation failures 2016-12-15 19:01:41 -05:00
Drew DeVault
248df18c24 Handle allocation failure in commands 2016-12-15 19:01:40 -05:00
Drew DeVault
8691ff1b63 Handle border-related malloc failures 2016-12-15 19:01:40 -05:00
Drew DeVault
ad7f68585b Always log filename and line number 2016-12-15 19:01:40 -05:00
Drew DeVault
4c6c65e70c Handle malloc failures from read_line 2016-12-15 19:01:40 -05:00
Drew DeVault
9ad1e6b40f Handle malloc failure in ipc_recv_response 2016-12-15 19:01:40 -05:00
Drew DeVault
6c0fc20936 Merge pull request #991 from barfoo1/registry_fix
minor logic error in registry.c:seat_handle_capabilities()
2016-12-14 04:29:52 -05:00
barfoo1
dc6942d10d minor logic error 2016-12-14 10:24:13 +01:00
Drew DeVault
6350752d6b Merge pull request #985 from myfreeweb/master
Fix build on FreeBSD
2016-12-11 14:07:08 -05:00
Greg V
da26d69cb1 Fix build on FreeBSD
- Make sure CMake always finds absolute paths for Cairo, Pango and GdkPixbuf
- Add forgotten json-c include path to swaymsg/CMakeLists.txt
- Disable -Werror because of assert warnings
- Add correct /proc/pid/file path for FreeBSD
- Use libepoll-shim on FreeBSD
- Only use Linux capabilities on, well, Linux
2016-12-09 19:32:07 +03:00
Drew DeVault
d93e53fd4b Use return value of write 2016-12-06 09:10:16 -05:00
Drew DeVault
979878d8af Decrement expected_len 2016-12-04 10:55:11 -05:00
Drew DeVault
cb0ca3c301 Change name of ld-library-path cmake variable 2016-12-04 10:20:15 -05:00
Drew DeVault
49fe25c106 Mention setcap in manual install instructions 2016-12-04 09:59:25 -05:00
Drew DeVault
1d39c22a38 Add link to security features issue in readme 2016-12-04 09:52:38 -05:00
Drew DeVault
1a509dcc29 Fix to sway-security(7) 2016-12-04 09:49:13 -05:00
Drew DeVault
cdecf3c495 Drop restart command from sanity check
Since we don't actually have one of those
2016-12-04 09:37:24 -05:00
Drew DeVault
6604bb67ea Fix minor issues with default security config 2016-12-04 09:12:31 -05:00
D.B
35b8d185ac fix layout switching (was broken because of workspace_layout)
For workspace containers, swayc_change_layout also changes ->layout alongside
->workspace_layout when it's a sensible thing to do. There is an additional test
for 'layout toggle' command which ensures that containers will be tiled
horizontally after toggling from tabbed or stacked.
2016-12-04 08:31:34 -05:00
D.B
4762bcb3b9 wrap some views under workspaces
If workspace layout is set to tabbed or stacked, its C_VIEW children
should get wrapped in a container. Alongside that, move_container was
modified to retain previous functionality.
2016-12-04 08:31:34 -05:00
D.B
6fb4b6737a add workspace_layout to container
Add swayc_change_layout function, which changes either layout or
workspace_layout, depending on the container type.
2016-12-04 08:31:34 -05:00
Drew DeVault
5778c59a2f Merge pull request #981 from SirCmpwn/security
Security features
2016-12-04 08:30:40 -05:00
Drew DeVault
e7a764fdf4 Disallow everything by default
And update config.d/security to configure sane defaults
2016-12-03 12:38:42 -05:00
Drew DeVault
93d99f3712 Fix use-after-free 2016-12-02 18:57:10 -05:00
Drew DeVault
d2d6fcd1ff Fix clang issues 2016-12-02 18:38:31 -05:00
Drew DeVault
8577095db7 Check for CAP_SYS_PTRACE 2016-12-02 18:37:01 -05:00
Drew DeVault
d353da248b Add ipc connection feature policy controls 2016-12-02 18:09:19 -05:00
Drew DeVault
62dad7148f Enforce IPC security policy 2016-12-02 17:55:03 -05:00
Drew DeVault
c8dc4925d1 Add IPC security policy command handlers 2016-12-02 17:34:26 -05:00
Drew DeVault
e9e1a6a409 Add IPC policy to config
Also reduces enum abuse, cc @minus7
2016-12-02 16:08:45 -05:00
Drew DeVault
0a1b211e09 Drop -Denable-binding-event 2016-12-02 16:01:33 -05:00
Drew DeVault
25a4a85a59 Run config files through sed and install to /etc 2016-12-02 15:56:36 -05:00
Drew DeVault
751e6d2ab2 Clarify lock permission consequences 2016-12-02 10:34:17 -05:00
Drew DeVault
0c8dc0e6df Clarify that executable has to be a full path 2016-12-02 10:32:08 -05:00
Drew DeVault
c61746a15b Soften up environment security
So no one gets their feewings hurt
2016-12-02 10:29:50 -05:00
Drew DeVault
a4e92ad272 Deal with LD_LIBRARY_PATH 2016-12-02 10:23:30 -05:00
Drew DeVault
1a143e601b Clarify when keyboard/mouse features work 2016-12-02 10:17:53 -05:00
Drew DeVault
4d312f753c Add docs on what features sway programs require 2016-12-02 10:13:06 -05:00
Drew DeVault
3dbeb9c35c Add sway-security(7) 2016-12-02 10:05:43 -05:00
Drew DeVault
10c2125040 Unset LD_PRELOAD on startup (before dropping root)
LD_PRELOAD enables keyloggers to easily be made. This solution isn't
perfect - really a secure system wouldn't have LD_PRELOAD at all. It was
a stupid idea in the first place.
2016-12-02 08:47:47 -05:00
Drew DeVault
04fc10feeb Flesh out security_sanity_check 2016-12-02 08:42:26 -05:00
Drew DeVault
39cf9a82f7 Enforce command policies 2016-12-02 08:17:45 -05:00
Drew DeVault
f23880b1fd Add support for command policies in config file 2016-12-02 08:10:03 -05:00
Drew DeVault
0d395681fe Enforce mouse permissions 2016-12-01 22:11:48 -05:00
Drew DeVault
8aeeacf178 Enforce keyboard permissions 2016-12-01 22:09:33 -05:00
Drew DeVault
ffdbb9d050 Enforce fullscreen permissions 2016-12-01 22:03:36 -05:00