diff options
author | Drew DeVault <sir@cmpwn.com> | 2017-03-16 14:06:03 -0400 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2017-04-03 10:59:00 -0400 |
commit | edd502f82ad8d6fdc95cb0e0b508c2bf09ecd837 (patch) | |
tree | 1924559e4d29068bba444a1099cec8b298457617 | |
parent | Merge pull request #1115 from snoack/missing-includes (diff) | |
download | sway-edd502f82ad8d6fdc95cb0e0b508c2bf09ecd837.tar.gz sway-edd502f82ad8d6fdc95cb0e0b508c2bf09ecd837.tar.zst sway-edd502f82ad8d6fdc95cb0e0b508c2bf09ecd837.zip |
Merge pull request #1117 from jnsaff/master
Allow also 444 for security file mode
-rw-r--r-- | sway/config.c | 4 | ||||
-rw-r--r-- | sway/sway-security.7.txt | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/sway/config.c b/sway/config.c index 88e6fad1..92d971d6 100644 --- a/sway/config.c +++ b/sway/config.c | |||
@@ -543,8 +543,8 @@ bool load_main_config(const char *file, bool is_active) { | |||
543 | for (int i = 0; i < secconfigs->length; ++i) { | 543 | for (int i = 0; i < secconfigs->length; ++i) { |
544 | char *_path = secconfigs->items[i]; | 544 | char *_path = secconfigs->items[i]; |
545 | struct stat s; | 545 | struct stat s; |
546 | if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 || (s.st_mode & 0777) != 0644) { | 546 | if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 || (((s.st_mode & 0777) != 0644) && (s.st_mode & 0777) != 0444)) { |
547 | sway_log(L_ERROR, "Refusing to load %s - it must be owned by root and mode 644", _path); | 547 | sway_log(L_ERROR, "Refusing to load %s - it must be owned by root and mode 644 or 444", _path); |
548 | success = false; | 548 | success = false; |
549 | } else { | 549 | } else { |
550 | success = success && load_config(_path, config); | 550 | success = success && load_config(_path, config); |
diff --git a/sway/sway-security.7.txt b/sway/sway-security.7.txt index fb47ffcf..ec6df1f3 100644 --- a/sway/sway-security.7.txt +++ b/sway/sway-security.7.txt | |||
@@ -21,7 +21,7 @@ you must make a few changes external to sway first. | |||
21 | 21 | ||
22 | Configuration of security features is limited to files in the security directory | 22 | Configuration of security features is limited to files in the security directory |
23 | (this is likely /etc/sway/security.d/*, but depends on your installation prefix). | 23 | (this is likely /etc/sway/security.d/*, but depends on your installation prefix). |
24 | Files in this directory must be owned by root:root and chmod 644. The default | 24 | Files in this directory must be owned by root:root and chmod 644 or 444. The default |
25 | security configuration is installed to /etc/sway/security.d/00-defaults, and | 25 | security configuration is installed to /etc/sway/security.d/00-defaults, and |
26 | should not be modified - it will be updated with the latest recommended security | 26 | should not be modified - it will be updated with the latest recommended security |
27 | defaults between releases. To override the defaults, you should add more files to | 27 | defaults between releases. To override the defaults, you should add more files to |