diff options
author | sghctoma <sghctoma@gmail.com> | 2018-08-30 10:33:48 +0200 |
---|---|---|
committer | sghctoma <sghctoma@gmail.com> | 2018-08-30 10:33:48 +0200 |
commit | 67188b7cba2a985926647e049ed32c72b6ee98c8 (patch) | |
tree | 0a483fadd239ef2b9c23e594cb83627fe2d18548 | |
parent | Add missing destroy calls to server_fini (diff) | |
download | sway-67188b7cba2a985926647e049ed32c72b6ee98c8.tar.gz sway-67188b7cba2a985926647e049ed32c72b6ee98c8.tar.zst sway-67188b7cba2a985926647e049ed32c72b6ee98c8.zip |
Enable privilege dropping of FreeBSD
Privilege dropping works on FreeBSD too, so only the caps parts need to
be Linux-only.
-rw-r--r-- | sway/main.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sway/main.c b/sway/main.c index 7ed10c86..2f05dc38 100644 --- a/sway/main.c +++ b/sway/main.c | |||
@@ -366,13 +366,15 @@ int main(int argc, char **argv) { | |||
366 | return 1; | 366 | return 1; |
367 | } | 367 | } |
368 | 368 | ||
369 | #ifdef __linux__ | 369 | #if defined(__linux__) || defined(__FreeBSD__) |
370 | if (getuid() != geteuid() || getgid() != getegid()) { | 370 | if (getuid() != geteuid() || getgid() != getegid()) { |
371 | #ifdef __linux__ | ||
371 | // Retain capabilities after setuid() | 372 | // Retain capabilities after setuid() |
372 | if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) { | 373 | if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) { |
373 | wlr_log(WLR_ERROR, "Cannot keep caps after setuid()"); | 374 | wlr_log(WLR_ERROR, "Cannot keep caps after setuid()"); |
374 | exit(EXIT_FAILURE); | 375 | exit(EXIT_FAILURE); |
375 | } | 376 | } |
377 | #endif | ||
376 | suid = true; | 378 | suid = true; |
377 | } | 379 | } |
378 | #endif | 380 | #endif |
@@ -382,7 +384,7 @@ int main(int argc, char **argv) { | |||
382 | detect_proprietary(); | 384 | detect_proprietary(); |
383 | detect_raspi(); | 385 | detect_raspi(); |
384 | 386 | ||
385 | #ifdef __linux__ | 387 | #if defined(__linux__) || defined(__FreeBSD__) |
386 | drop_permissions(suid); | 388 | drop_permissions(suid); |
387 | #endif | 389 | #endif |
388 | // handle SIGTERM signals | 390 | // handle SIGTERM signals |