mirror of
https://github.com/swaywm/sway.git
synced 2024-11-11 21:14:10 +01:00
parent
150e145a51
commit
7196f59db0
48
sway/main.c
48
sway/main.c
@ -15,12 +15,12 @@
|
|||||||
#include <sys/capability.h>
|
#include <sys/capability.h>
|
||||||
#include <sys/prctl.h>
|
#include <sys/prctl.h>
|
||||||
#endif
|
#endif
|
||||||
|
#include <wlr/util/log.h>
|
||||||
#include "sway/config.h"
|
#include "sway/config.h"
|
||||||
#include "sway/server.h"
|
#include "sway/server.h"
|
||||||
#include "sway/layout.h"
|
#include "sway/layout.h"
|
||||||
#include "sway/ipc-server.h"
|
#include "sway/ipc-server.h"
|
||||||
#include "ipc-client.h"
|
#include "ipc-client.h"
|
||||||
#include "log.h"
|
|
||||||
#include "readline.h"
|
#include "readline.h"
|
||||||
#include "stringop.h"
|
#include "stringop.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
@ -126,7 +126,7 @@ static void log_env() {
|
|||||||
"SWAYSOCK"
|
"SWAYSOCK"
|
||||||
};
|
};
|
||||||
for (size_t i = 0; i < sizeof(log_vars) / sizeof(char *); ++i) {
|
for (size_t i = 0; i < sizeof(log_vars) / sizeof(char *); ++i) {
|
||||||
sway_log(L_INFO, "%s=%s", log_vars[i], getenv(log_vars[i]));
|
wlr_log(L_INFO, "%s=%s", log_vars[i], getenv(log_vars[i]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -141,14 +141,14 @@ static void log_distro() {
|
|||||||
for (size_t i = 0; i < sizeof(paths) / sizeof(char *); ++i) {
|
for (size_t i = 0; i < sizeof(paths) / sizeof(char *); ++i) {
|
||||||
FILE *f = fopen(paths[i], "r");
|
FILE *f = fopen(paths[i], "r");
|
||||||
if (f) {
|
if (f) {
|
||||||
sway_log(L_INFO, "Contents of %s:", paths[i]);
|
wlr_log(L_INFO, "Contents of %s:", paths[i]);
|
||||||
while (!feof(f)) {
|
while (!feof(f)) {
|
||||||
char *line;
|
char *line;
|
||||||
if (!(line = read_line(f))) {
|
if (!(line = read_line(f))) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (*line) {
|
if (*line) {
|
||||||
sway_log(L_INFO, "%s", line);
|
wlr_log(L_INFO, "%s", line);
|
||||||
}
|
}
|
||||||
free(line);
|
free(line);
|
||||||
}
|
}
|
||||||
@ -161,7 +161,7 @@ static void log_kernel() {
|
|||||||
return;
|
return;
|
||||||
FILE *f = popen("uname -a", "r");
|
FILE *f = popen("uname -a", "r");
|
||||||
if (!f) {
|
if (!f) {
|
||||||
sway_log(L_INFO, "Unable to determine kernel version");
|
wlr_log(L_INFO, "Unable to determine kernel version");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
while (!feof(f)) {
|
while (!feof(f)) {
|
||||||
@ -170,7 +170,7 @@ static void log_kernel() {
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (*line) {
|
if (*line) {
|
||||||
sway_log(L_INFO, "%s", line);
|
wlr_log(L_INFO, "%s", line);
|
||||||
}
|
}
|
||||||
free(line);
|
free(line);
|
||||||
}
|
}
|
||||||
@ -181,14 +181,14 @@ static void security_sanity_check() {
|
|||||||
// TODO: Notify users visually if this has issues
|
// TODO: Notify users visually if this has issues
|
||||||
struct stat s;
|
struct stat s;
|
||||||
if (stat("/proc", &s)) {
|
if (stat("/proc", &s)) {
|
||||||
sway_log(L_ERROR,
|
wlr_log(L_ERROR,
|
||||||
"!! DANGER !! /proc is not available - sway CANNOT enforce security rules!");
|
"!! DANGER !! /proc is not available - sway CANNOT enforce security rules!");
|
||||||
}
|
}
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
cap_flag_value_t v;
|
cap_flag_value_t v;
|
||||||
cap_t cap = cap_get_proc();
|
cap_t cap = cap_get_proc();
|
||||||
if (!cap || cap_get_flag(cap, CAP_SYS_PTRACE, CAP_PERMITTED, &v) != 0 || v != CAP_SET) {
|
if (!cap || cap_get_flag(cap, CAP_SYS_PTRACE, CAP_PERMITTED, &v) != 0 || v != CAP_SET) {
|
||||||
sway_log(L_ERROR,
|
wlr_log(L_ERROR,
|
||||||
"!! DANGER !! Sway does not have CAP_SYS_PTRACE and cannot enforce security rules for processes running as other users.");
|
"!! DANGER !! Sway does not have CAP_SYS_PTRACE and cannot enforce security rules for processes running as other users.");
|
||||||
}
|
}
|
||||||
if (cap) {
|
if (cap) {
|
||||||
@ -204,13 +204,13 @@ static void executable_sanity_check() {
|
|||||||
stat(exe, &sb);
|
stat(exe, &sb);
|
||||||
// We assume that cap_get_file returning NULL implies ENODATA
|
// We assume that cap_get_file returning NULL implies ENODATA
|
||||||
if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) {
|
if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) {
|
||||||
sway_log(L_ERROR,
|
wlr_log(L_ERROR,
|
||||||
"sway executable has both the s(g)uid bit AND file caps set.");
|
"sway executable has both the s(g)uid bit AND file caps set.");
|
||||||
sway_log(L_ERROR,
|
wlr_log(L_ERROR,
|
||||||
"This is strongly discouraged (and completely broken).");
|
"This is strongly discouraged (and completely broken).");
|
||||||
sway_log(L_ERROR,
|
wlr_log(L_ERROR,
|
||||||
"Please clear one of them (either the suid bit, or the file caps).");
|
"Please clear one of them (either the suid bit, or the file caps).");
|
||||||
sway_log(L_ERROR,
|
wlr_log(L_ERROR,
|
||||||
"If unsure, strip the file caps.");
|
"If unsure, strip the file caps.");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
@ -221,16 +221,16 @@ static void executable_sanity_check() {
|
|||||||
static void drop_permissions(bool keep_caps) {
|
static void drop_permissions(bool keep_caps) {
|
||||||
if (getuid() != geteuid() || getgid() != getegid()) {
|
if (getuid() != geteuid() || getgid() != getegid()) {
|
||||||
if (setgid(getgid()) != 0) {
|
if (setgid(getgid()) != 0) {
|
||||||
sway_log(L_ERROR, "Unable to drop root");
|
wlr_log(L_ERROR, "Unable to drop root");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
if (setuid(getuid()) != 0) {
|
if (setuid(getuid()) != 0) {
|
||||||
sway_log(L_ERROR, "Unable to drop root");
|
wlr_log(L_ERROR, "Unable to drop root");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (setuid(0) != -1) {
|
if (setuid(0) != -1) {
|
||||||
sway_log(L_ERROR, "Root privileges can be restored.");
|
wlr_log(L_ERROR, "Root privileges can be restored.");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
@ -238,11 +238,11 @@ static void drop_permissions(bool keep_caps) {
|
|||||||
// Drop every cap except CAP_SYS_PTRACE
|
// Drop every cap except CAP_SYS_PTRACE
|
||||||
cap_t caps = cap_init();
|
cap_t caps = cap_init();
|
||||||
cap_value_t keep = CAP_SYS_PTRACE;
|
cap_value_t keep = CAP_SYS_PTRACE;
|
||||||
sway_log(L_INFO, "Dropping extra capabilities");
|
wlr_log(L_INFO, "Dropping extra capabilities");
|
||||||
if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) ||
|
if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) ||
|
||||||
cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) ||
|
cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) ||
|
||||||
cap_set_proc(caps)) {
|
cap_set_proc(caps)) {
|
||||||
sway_log(L_ERROR, "Failed to drop extra capabilities");
|
wlr_log(L_ERROR, "Failed to drop extra capabilities");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -330,22 +330,22 @@ int main(int argc, char **argv) {
|
|||||||
|
|
||||||
// TODO: switch logging over to wlroots?
|
// TODO: switch logging over to wlroots?
|
||||||
if (debug) {
|
if (debug) {
|
||||||
init_log(L_DEBUG);
|
wlr_log_init(L_DEBUG, NULL);
|
||||||
} else if (verbose || validate) {
|
} else if (verbose || validate) {
|
||||||
init_log(L_INFO);
|
wlr_log_init(L_INFO, NULL);
|
||||||
} else {
|
} else {
|
||||||
init_log(L_ERROR);
|
wlr_log_init(L_ERROR, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (optind < argc) { // Behave as IPC client
|
if (optind < argc) { // Behave as IPC client
|
||||||
if(optind != 1) {
|
if(optind != 1) {
|
||||||
sway_log(L_ERROR, "Don't use options with the IPC client");
|
wlr_log(L_ERROR, "Don't use options with the IPC client");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
drop_permissions(false);
|
drop_permissions(false);
|
||||||
char *socket_path = getenv("SWAYSOCK");
|
char *socket_path = getenv("SWAYSOCK");
|
||||||
if (!socket_path) {
|
if (!socket_path) {
|
||||||
sway_log(L_ERROR, "Unable to retrieve socket path");
|
wlr_log(L_ERROR, "Unable to retrieve socket path");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
char *command = join_args(argv + optind, argc - optind);
|
char *command = join_args(argv + optind, argc - optind);
|
||||||
@ -359,7 +359,7 @@ int main(int argc, char **argv) {
|
|||||||
if (getuid() != geteuid() || getgid() != getegid()) {
|
if (getuid() != geteuid() || getgid() != getegid()) {
|
||||||
// Retain capabilities after setuid()
|
// Retain capabilities after setuid()
|
||||||
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
|
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
|
||||||
sway_log(L_ERROR, "Cannot keep caps after setuid()");
|
wlr_log(L_ERROR, "Cannot keep caps after setuid()");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
suid = true;
|
suid = true;
|
||||||
@ -380,7 +380,7 @@ int main(int argc, char **argv) {
|
|||||||
// prevent ipc from crashing sway
|
// prevent ipc from crashing sway
|
||||||
signal(SIGPIPE, SIG_IGN);
|
signal(SIGPIPE, SIG_IGN);
|
||||||
|
|
||||||
sway_log(L_INFO, "Starting sway version " SWAY_VERSION "\n");
|
wlr_log(L_INFO, "Starting sway version " SWAY_VERSION "\n");
|
||||||
|
|
||||||
init_layout();
|
init_layout();
|
||||||
|
|
||||||
|
@ -10,12 +10,12 @@
|
|||||||
#include <wlr/types/wlr_wl_shell.h>
|
#include <wlr/types/wlr_wl_shell.h>
|
||||||
// TODO WLR: make Xwayland optional
|
// TODO WLR: make Xwayland optional
|
||||||
#include <wlr/xwayland.h>
|
#include <wlr/xwayland.h>
|
||||||
|
#include <wlr/util/log.h>
|
||||||
#include "sway/server.h"
|
#include "sway/server.h"
|
||||||
#include "sway/input/input-manager.h"
|
#include "sway/input/input-manager.h"
|
||||||
#include "log.h"
|
|
||||||
|
|
||||||
bool server_init(struct sway_server *server) {
|
bool server_init(struct sway_server *server) {
|
||||||
sway_log(L_DEBUG, "Initializing Wayland server");
|
wlr_log(L_DEBUG, "Initializing Wayland server");
|
||||||
|
|
||||||
server->wl_display = wl_display_create();
|
server->wl_display = wl_display_create();
|
||||||
server->wl_event_loop = wl_display_get_event_loop(server->wl_display);
|
server->wl_event_loop = wl_display_get_event_loop(server->wl_display);
|
||||||
@ -55,7 +55,8 @@ bool server_init(struct sway_server *server) {
|
|||||||
server->wl_shell_surface.notify = handle_wl_shell_surface;
|
server->wl_shell_surface.notify = handle_wl_shell_surface;
|
||||||
|
|
||||||
server->socket = wl_display_add_socket_auto(server->wl_display);
|
server->socket = wl_display_add_socket_auto(server->wl_display);
|
||||||
if (!sway_assert(server->socket, "Unable to open wayland socket")) {
|
if (!server->socket) {
|
||||||
|
wlr_log(L_ERROR, "Unable to open wayland socket");
|
||||||
wlr_backend_destroy(server->backend);
|
wlr_backend_destroy(server->backend);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -71,11 +72,11 @@ void server_fini(struct sway_server *server) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void server_run(struct sway_server *server) {
|
void server_run(struct sway_server *server) {
|
||||||
sway_log(L_INFO, "Running compositor on wayland display '%s'",
|
wlr_log(L_INFO, "Running compositor on wayland display '%s'",
|
||||||
server->socket);
|
server->socket);
|
||||||
setenv("_WAYLAND_DISPLAY", server->socket, true);
|
setenv("_WAYLAND_DISPLAY", server->socket, true);
|
||||||
if (!sway_assert(wlr_backend_start(server->backend),
|
if (!wlr_backend_start(server->backend)) {
|
||||||
"Failed to start backend")) {
|
wlr_log(L_ERROR, "Failed to start backend");
|
||||||
wlr_backend_destroy(server->backend);
|
wlr_backend_destroy(server->backend);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user