New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for security-context-v1 #7648
Conversation
Additional privileged protocols to consider: input inhibit, shortcut inhibit, virtual keyboard and pointer.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've created a little helper to create secure contexts via the command line and used it to test this branch along with wlroot's secure-context
branch (to be honest, this procedure tested both the sway/wlroots changes as well as my own helper).
I created a secure context with way-secure --socket-path /tmp/test-socket
and the exported WAYLAND_DISPLAY=/tmp/test-socket
. The following steps all happened with this environment variable exported.
- Running
wayland-info
does not list thezwlr_screencopy_manager_v1
privileged procotol (as expected). - Running
foot
on this environment also worked (again, as expected). - After closing the
close_fd
, clients could not longer connect to the socket:failed to create display: Connection refused
(yet again, as expected).
0c97c1b
to
54d0a5c
Compare
Thanks! |
54d0a5c
to
fd90e61
Compare
Building with wlroots 2ef51ad5d50f8f258c96cba712918acc58554d88 and this branch (fd90e61) is currently failing:
You need to apply this patch: diff --git a/sway/desktop/output.c b/sway/desktop/output.c
index 476bfd252..11404ae1e 100644
--- a/sway/desktop/output.c
+++ b/sway/desktop/output.c
@@ -530,7 +530,7 @@ static bool scan_out_fullscreen_view(struct sway_output *output,
return false;
}
- wlr_presentation_surface_sampled_on_output(server.presentation, surface,
+ wlr_presentation_surface_textured_on_output(server.presentation, surface,
wlr_output);
return wlr_output_commit_state(wlr_output, pending);
diff --git a/sway/desktop/render.c b/sway/desktop/render.c
index f08e2c6c4..c4c0004e7 100644
--- a/sway/desktop/render.c
+++ b/sway/desktop/render.c
@@ -150,7 +150,7 @@ static void render_surface_iterator(struct sway_output *output,
render_texture(data->ctx, texture,
&src_box, &dst_box, &clip_box, surface->current.transform, alpha);
- wlr_presentation_surface_sampled_on_output(server.presentation, surface,
+ wlr_presentation_surface_textured_on_output(server.presentation, surface,
wlr_output);
} And cherry pick 363c579 (or just rebase onto |
Actually, just rebasing onto |
As a first step, deny access to privileged protocols to sandboxed apps. References: https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3589
fd90e61
to
550eb07
Compare
…ents Clients that have a security-context-v1 attached shouldn't see those globals so filter them out. This is inspired by sway's MR swaywm/sway#7648 Signed-off-by: Guido Günther <agx@sigxcpu.org> Part-of: <https://gitlab.gnome.org/World/Phosh/phoc/-/merge_requests/463>
As a first step, deny access to privileged protocols to sandboxed
apps.
References: https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3589
Depends on #7647