Commit Graph

2076 Commits

Author SHA1 Message Date
Drew DeVault
e7a764fdf4 Disallow everything by default
And update config.d/security to configure sane defaults
2016-12-03 12:38:42 -05:00
Drew DeVault
93d99f3712 Fix use-after-free 2016-12-02 18:57:10 -05:00
Drew DeVault
d2d6fcd1ff Fix clang issues 2016-12-02 18:38:31 -05:00
Drew DeVault
8577095db7 Check for CAP_SYS_PTRACE 2016-12-02 18:37:01 -05:00
Drew DeVault
d353da248b Add ipc connection feature policy controls 2016-12-02 18:09:19 -05:00
Drew DeVault
62dad7148f Enforce IPC security policy 2016-12-02 17:55:03 -05:00
Drew DeVault
c8dc4925d1 Add IPC security policy command handlers 2016-12-02 17:34:26 -05:00
Drew DeVault
e9e1a6a409 Add IPC policy to config
Also reduces enum abuse, cc @minus7
2016-12-02 16:08:45 -05:00
Drew DeVault
0a1b211e09 Drop -Denable-binding-event 2016-12-02 16:01:33 -05:00
Drew DeVault
25a4a85a59 Run config files through sed and install to /etc 2016-12-02 15:56:36 -05:00
Drew DeVault
751e6d2ab2 Clarify lock permission consequences 2016-12-02 10:34:17 -05:00
Drew DeVault
0c8dc0e6df Clarify that executable has to be a full path 2016-12-02 10:32:08 -05:00
Drew DeVault
c61746a15b Soften up environment security
So no one gets their feewings hurt
2016-12-02 10:29:50 -05:00
Drew DeVault
a4e92ad272 Deal with LD_LIBRARY_PATH 2016-12-02 10:23:30 -05:00
Drew DeVault
1a143e601b Clarify when keyboard/mouse features work 2016-12-02 10:17:53 -05:00
Drew DeVault
4d312f753c Add docs on what features sway programs require 2016-12-02 10:13:06 -05:00
Drew DeVault
3dbeb9c35c Add sway-security(7) 2016-12-02 10:05:43 -05:00
Drew DeVault
10c2125040 Unset LD_PRELOAD on startup (before dropping root)
LD_PRELOAD enables keyloggers to easily be made. This solution isn't
perfect - really a secure system wouldn't have LD_PRELOAD at all. It was
a stupid idea in the first place.
2016-12-02 08:47:47 -05:00
Drew DeVault
04fc10feeb Flesh out security_sanity_check 2016-12-02 08:42:26 -05:00
Drew DeVault
39cf9a82f7 Enforce command policies 2016-12-02 08:17:45 -05:00
Drew DeVault
f23880b1fd Add support for command policies in config file 2016-12-02 08:10:03 -05:00
Drew DeVault
0d395681fe Enforce mouse permissions 2016-12-01 22:11:48 -05:00
Drew DeVault
8aeeacf178 Enforce keyboard permissions 2016-12-01 22:09:33 -05:00
Drew DeVault
ffdbb9d050 Enforce fullscreen permissions 2016-12-01 22:03:36 -05:00
Drew DeVault
dc4b57c868 Shut Clang up 2016-12-01 21:58:38 -05:00
Drew DeVault
21e1b2bef3 Add security checks for background, panel, lock 2016-12-01 21:51:07 -05:00
Drew DeVault
76cab04b4d Implement permit and reject commands 2016-12-01 21:36:43 -05:00
Drew DeVault
1a8a42f372 Memory leak 2016-12-01 20:39:35 -05:00
Drew DeVault
2675293200 Implement policy lookups 2016-12-01 19:58:11 -05:00
Drew DeVault
44cc0ef125 Add config related code and initial headers 2016-12-01 19:38:36 -05:00
Drew DeVault
5831f7ab68 Write example security config, start on code 2016-12-01 19:27:35 -05:00
Drew DeVault
cd5694fdb5 Fix memory leaks in swaybar 2016-11-28 08:45:27 -05:00
Drew DeVault
de79fee777 Minor README.md improvements 2016-11-09 22:26:43 -05:00
Drew DeVault
5c042c55ce Merge pull request #966 from thejan2009/layout-toggle
Change layout toggle to default on horizontal split
2016-11-06 09:03:59 -07:00
D.B
05be14ff7c change default layout toggle to L_HORIZ
After issuing 'layout toggle split' command from tabbed/stacked layout,
layout should have been horizontally split.
2016-11-06 08:13:24 +01:00
Drew DeVault
e9ac0492b7 Merge pull request #965 from thejan2009/swaybar-colours
Fix some colour settings in swaybar
2016-11-03 08:32:10 -06:00
D.B
3d1b472b83 swap unnecessary function for strndup 2016-11-03 06:43:12 +01:00
D.B
58eb7ac19f change bar colors from char[10] to *char
This commit removes has_* booleans from bar color struct. It also
generalizes of functions in commands/bar/colors.c.
2016-11-02 21:07:04 +01:00
D.B
ad4d21d60b add bar colours for focused_(workspace|statusline|separator)
If these aren't defined in config, color settings without 'focused_'
prefix are used as a fallback.
2016-11-02 18:58:33 +01:00
D.B
39ee0ec552 use urgent_ws color in swaybar if binding_mode is undefined 2016-11-02 18:58:33 +01:00
Drew DeVault
d3e55f88ec Log LD_LIBRARY_PATH 2016-10-27 11:05:04 -04:00
Drew DeVault
78b65e2317 Remove duplicate redhat-release line 2016-10-27 10:57:18 -04:00
Drew DeVault
7aef6e66ae Log uname -a on startup 2016-10-27 10:50:22 -04:00
Drew DeVault
6ad2186f0e Log contents of distro version files 2016-10-27 10:48:46 -04:00
Drew DeVault
0d6cbcacbe Log important env vars on startup 2016-10-27 10:37:16 -04:00
Drew DeVault
de074b9347 Merge pull request #961 from t3hknr/master
Add left_handed support for input devices
2016-10-25 16:24:32 -04:00
Michał Winiarski
e8d8abfbb5 Add left_handed support for input devices
Some users may want to switch buttons on their input devices, turns out
libinput already supports it. Let's add a support for it in our config.

Signed-off-by: Michał Winiarski <knr@hardline.pl>
2016-10-25 22:06:23 +02:00
Drew DeVault
47fd53812b Merge pull request #958 from Hummer12007/pango
config: set pango_markup default to false
2016-10-20 09:47:49 -04:00
Mykyta Holubakha
2a24772c4b config: set pango_markup default to false 2016-10-20 16:43:38 +03:00
Drew DeVault
2dcb54c32a Add screenshots wiki page to readme 2016-10-12 23:56:41 -04:00