Merge pull request #2730 from ivyl/remove_cap_leftovers

Remove libcap/prctl artifacts

19 files changed, 23 insertions, 142 deletions

diff --git a/include/sway/config.h b/include/sway/config.h
index af5c7a18..5e28c678 100644
--- a/include/sway/config.h
+++ b/include/sway/config.h
@@ -449,8 +449,6 @@ void free_sway_variable(struct sway_variable *var);
  */
 char *do_var_replacement(char *str);
 
-struct cmd_results *check_security_config();
-
 int input_identifier_cmp(const void *item, const void *data);
 
 struct input_config *new_input_config(const char* identifier);
@@ -471,7 +469,7 @@ struct seat_config *copy_seat_config(struct seat_config *seat);
 
 void free_seat_config(struct seat_config *ic);
 
-struct seat_attachment_config *seat_attachment_config_new();
+struct seat_attachment_config *seat_attachment_config_new(void);
 
 struct seat_attachment_config *seat_config_get_attachment(
                 struct seat_config *seat_config, char *identifier);
diff --git a/include/sway/debug.h b/include/sway/debug.h
index bf3a5f6d..0e9bb056 100644
--- a/include/sway/debug.h
+++ b/include/sway/debug.h
@@ -17,6 +17,6 @@ struct sway_debug {
 
 extern struct sway_debug debug;
 
-void update_debug_tree();
+void update_debug_tree(void);
 
 #endif
diff --git a/include/sway/ipc-json.h b/include/sway/ipc-json.h
index fef243e3..1cbfd15d 100644
--- a/include/sway/ipc-json.h
+++ b/include/sway/ipc-json.h
@@ -4,7 +4,7 @@
 #include "sway/tree/container.h"
 #include "sway/input/input-manager.h"
 
-json_object *ipc_json_get_version();
+json_object *ipc_json_get_version(void);
 
 json_object *ipc_json_describe_disabled_output(struct sway_output *o);
 json_object *ipc_json_describe_node(struct sway_node *node);
diff --git a/include/swaybar/config.h b/include/swaybar/config.h
index 6739c28a..5f5688cf 100644
--- a/include/swaybar/config.h
+++ b/include/swaybar/config.h
@@ -50,7 +50,7 @@ struct swaybar_config {
         } colors;
 };
 
-struct swaybar_config *init_config();
+struct swaybar_config *init_config(void);
 void free_config(struct swaybar_config *config);
 uint32_t parse_position(const char *position);
 
diff --git a/include/swaybar/tray/dbus.h b/include/swaybar/tray/dbus.h
deleted file mode 100644
index eb9cfea7..00000000
--- a/include/swaybar/tray/dbus.h
+++ /dev/null
@@ -1,18 +0,0 @@
-#ifndef _SWAYBAR_DBUS_H
-#define _SWAYBAR_DBUS_H
-
-#include <stdbool.h>
-#include <dbus/dbus.h>
-extern DBusConnection *conn;
-
-/**
- * Should be called in main loop to dispatch events
- */
-void dispatch_dbus();
-
-/**
- * Initializes async dbus communication
- */
-int dbus_init();
-
-#endif /* _SWAYBAR_DBUS_H */
diff --git a/include/swaybar/tray/sni_watcher.h b/include/swaybar/tray/sni_watcher.h
deleted file mode 100644
index 25ddfcd2..00000000
--- a/include/swaybar/tray/sni_watcher.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef _SWAYBAR_SNI_WATCHER_H
-#define _SWAYBAR_SNI_WATCHER_H
-
-/**
- * Starts the sni_watcher, the watcher is practically a black box and should
- * only be accessed though functions described in its spec
- */
-int init_sni_watcher();
-
-#endif /* _SWAYBAR_SNI_WATCHER_H */
diff --git a/include/swaybar/tray/tray.h b/include/swaybar/tray/tray.h
deleted file mode 100644
index 2d0662be..00000000
--- a/include/swaybar/tray/tray.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#ifndef _SWAYBAR_TRAY_H
-#define _SWAYBAR_TRAY_H
-
-#include <stdint.h>
-#include <stdbool.h>
-#include "swaybar/tray/dbus.h"
-#include "swaybar/tray/sni.h"
-#include "swaybar/bar.h"
-#include "list.h"
-
-extern struct tray *tray;
-
-struct tray {
-        list_t *items;
-};
-
-/**
- * Processes a mouse event on the bar
- */
-void tray_mouse_event(struct output *output, int x, int y,
-                uint32_t button, uint32_t state);
-
-uint32_t tray_render(struct output *output, struct config *config);
-
-void tray_upkeep(struct bar *bar);
-
-/**
- * Initializes the tray with D-Bus
- */
-void init_tray(struct bar *bar);
-
-#endif /* _SWAYBAR_TRAY_H */
diff --git a/meson.build b/meson.build
index de6573ea..080709fa 100644
--- a/meson.build
+++ b/meson.build
@@ -42,7 +42,6 @@ pango          = dependency('pango')
 pangocairo     = dependency('pangocairo')
 gdk_pixbuf     = dependency('gdk-pixbuf-2.0', required: false)
 pixman         = dependency('pixman-1')
-libcap         = dependency('libcap', required: false)
 libinput       = dependency('libinput', version: '>=1.6.0')
 libpam         = cc.find_library('pam', required: false)
 systemd        = dependency('libsystemd', required: false)
diff --git a/sway/config/seat.c b/sway/config/seat.c
index 83dac4c0..46456caf 100644
--- a/sway/config/seat.c
+++ b/sway/config/seat.c
@@ -30,7 +30,7 @@ struct seat_config *new_seat_config(const char* name) {
         return seat;
 }
 
-struct seat_attachment_config *seat_attachment_config_new() {
+struct seat_attachment_config *seat_attachment_config_new(void) {
         struct seat_attachment_config *attachment =
                 calloc(1, sizeof(struct seat_attachment_config));
         if (!attachment) {
diff --git a/sway/debug-tree.c b/sway/debug-tree.c
index 9644f4e5..16b479f9 100644
--- a/sway/debug-tree.c
+++ b/sway/debug-tree.c
@@ -120,7 +120,7 @@ static int draw_node(cairo_t *cairo, struct sway_node *node,
         return height;
 }
 
-void update_debug_tree() {
+void update_debug_tree(void) {
         if (!debug.render_tree) {
                 return;
         }
diff --git a/sway/input/cursor.c b/sway/input/cursor.c
index 2d5d351f..3ddc27a0 100644
--- a/sway/input/cursor.c
+++ b/sway/input/cursor.c
@@ -30,7 +30,7 @@
 // when dragging to the edge of a layout container.
 #define DROP_LAYOUT_BORDER 30
 
-static uint32_t get_current_time_msec() {
+static uint32_t get_current_time_msec(void) {
         struct timespec now;
         clock_gettime(CLOCK_MONOTONIC, &now);
         return now.tv_nsec / 1000;
diff --git a/sway/ipc-json.c b/sway/ipc-json.c
index f054ac9f..45915094 100644
--- a/sway/ipc-json.c
+++ b/sway/ipc-json.c
@@ -42,7 +42,7 @@ static const char *ipc_json_orientation_description(enum sway_container_layout l
         return "none";
 }
 
-json_object *ipc_json_get_version() {
+json_object *ipc_json_get_version(void) {
         int major = 0, minor = 0, patch = 0;
         json_object *version = json_object_new_object();
 
diff --git a/sway/main.c b/sway/main.c
index 990f5f3a..50b05b21 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -12,10 +12,6 @@
 #include <sys/wait.h>
 #include <sys/un.h>
 #include <unistd.h>
-#ifdef __linux__
-#include <sys/capability.h>
-#include <sys/prctl.h>
-#endif
 #include <wlr/util/log.h>
 #include "sway/commands.h"
 #include "sway/config.h"
@@ -45,7 +41,7 @@ void sig_handler(int signal) {
         sway_terminate(EXIT_SUCCESS);
 }
 
-void detect_raspi() {
+void detect_raspi(void) {
         bool raspi = false;
         FILE *f = fopen("/sys/firmware/devicetree/base/model", "r");
         if (!f) {
@@ -85,7 +81,7 @@ void detect_raspi() {
         }
 }
 
-void detect_proprietary() {
+void detect_proprietary(void) {
         FILE *f = fopen("/proc/modules", "r");
         if (!f) {
                 return;
@@ -120,7 +116,7 @@ void run_as_ipc_client(char *command, char *socket_path) {
         close(socketfd);
 }
 
-static void log_env() {
+static void log_env(void) {
         const char *log_vars[] = {
                 "PATH",
                 "LD_LIBRARY_PATH",
@@ -135,7 +131,7 @@ static void log_env() {
         }
 }
 
-static void log_distro() {
+static void log_distro(void) {
         const char *paths[] = {
                 "/etc/lsb-release",
                 "/etc/os-release",
@@ -162,7 +158,7 @@ static void log_distro() {
         }
 }
 
-static void log_kernel() {
+static void log_kernel(void) {
         FILE *f = popen("uname -a", "r");
         if (!f) {
                 wlr_log(WLR_INFO, "Unable to determine kernel version");
@@ -181,28 +177,8 @@ static void log_kernel() {
         pclose(f);
 }
 
-static void executable_sanity_check() {
-#ifdef __linux__
-                struct stat sb;
-                char *exe = realpath("/proc/self/exe", NULL);
-                stat(exe, &sb);
-                // We assume that cap_get_file returning NULL implies ENODATA
-                if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) {
-                        wlr_log(WLR_ERROR,
-                                "sway executable has both the s(g)uid bit AND file caps set.");
-                        wlr_log(WLR_ERROR,
-                                "This is strongly discouraged (and completely broken).");
-                        wlr_log(WLR_ERROR,
-                                "Please clear one of them (either the suid bit, or the file caps).");
-                        wlr_log(WLR_ERROR,
-                                "If unsure, strip the file caps.");
-                        exit(EXIT_FAILURE);
-                }
-                free(exe);
-#endif
-}
 
-static void drop_permissions(bool keep_caps) {
+static void drop_permissions(void) {
         if (getuid() != geteuid() || getgid() != getegid()) {
                 if (setgid(getgid()) != 0) {
                         wlr_log(WLR_ERROR, "Unable to drop root");
@@ -217,20 +193,6 @@ static void drop_permissions(bool keep_caps) {
                 wlr_log(WLR_ERROR, "Root privileges can be restored.");
                 exit(EXIT_FAILURE);
         }
-#ifdef __linux__
-        if (keep_caps) {
-                // Drop every cap except CAP_SYS_PTRACE
-                cap_t caps = cap_init();
-                cap_value_t keep = CAP_SYS_PTRACE;
-                wlr_log(WLR_INFO, "Dropping extra capabilities");
-                if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) ||
-                        cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) ||
-                        cap_set_proc(caps)) {
-                        wlr_log(WLR_ERROR, "Failed to drop extra capabilities");
-                        exit(EXIT_FAILURE);
-                }
-        }
-#endif
 }
 
 void enable_debug_flag(const char *flag) {
@@ -347,7 +309,7 @@ int main(int argc, char **argv) {
                         wlr_log(WLR_ERROR, "Don't use options with the IPC client");
                         exit(EXIT_FAILURE);
                 }
-                drop_permissions(false);
+                drop_permissions();
                 char *socket_path = getenv("SWAYSOCK");
                 if (!socket_path) {
                         wlr_log(WLR_ERROR, "Unable to retrieve socket path");
@@ -358,34 +320,17 @@ int main(int argc, char **argv) {
                 return 0;
         }
 
-        executable_sanity_check();
-        bool suid = false;
-
         if (!server_privileged_prepare(&server)) {
                 return 1;
         }
 
-#if defined(__linux__) || defined(__FreeBSD__)
-        if (getuid() != geteuid() || getgid() != getegid()) {
-#ifdef __linux__
-                // Retain capabilities after setuid()
-                if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
-                        wlr_log(WLR_ERROR, "Cannot keep caps after setuid()");
-                        exit(EXIT_FAILURE);
-                }
-#endif
-                suid = true;
-        }
-#endif
-
         log_kernel();
         log_distro();
         detect_proprietary();
         detect_raspi();
 
-#if defined(__linux__) || defined(__FreeBSD__)
-        drop_permissions(suid);
-#endif
+        drop_permissions();
+
         // handle SIGTERM signals
         signal(SIGTERM, sig_handler);
 
diff --git a/sway/meson.build b/sway/meson.build
index d67a4c64..0bb0c2d3 100644
--- a/sway/meson.build
+++ b/sway/meson.build
@@ -164,7 +164,6 @@ sway_deps = [
         cairo,
         gdk_pixbuf,
         jsonc,
-        libcap,
         libinput,
         math,
         pango,
diff --git a/sway/tree/container.c b/sway/tree/container.c
index baaa82fd..66370a42 100644
--- a/sway/tree/container.c
+++ b/sway/tree/container.c
@@ -593,7 +593,7 @@ void container_update_representation(struct sway_container *con) {
         }
 }
 
-size_t container_titlebar_height() {
+size_t container_titlebar_height(void) {
         return config->font_height + TITLEBAR_V_PADDING * 2;
 }
 
diff --git a/swaybar/config.c b/swaybar/config.c
index db7b0db6..4e851cca 100644
--- a/swaybar/config.c
+++ b/swaybar/config.c
@@ -22,7 +22,7 @@ uint32_t parse_position(const char *position) {
         }
 }
 
-struct swaybar_config *init_config() {
+struct swaybar_config *init_config(void) {
         struct swaybar_config *config = calloc(1, sizeof(struct swaybar_config));
         config->status_command = NULL;
         config->pango_markup = false;
diff --git a/swayidle/main.c b/swayidle/main.c
index 678d622f..5b6c95a7 100644
--- a/swayidle/main.c
+++ b/swayidle/main.c
@@ -92,7 +92,7 @@ static int release_lock(void *data) {
         return 0;
 }
 
-void acquire_sleep_lock() {
+void acquire_sleep_lock(void) {
         sd_bus_message *msg = NULL;
         sd_bus_error error = SD_BUS_ERROR_NULL;
         struct sd_bus *bus;
@@ -161,7 +161,7 @@ static int dbus_event(int fd, uint32_t mask, void *data) {
         return 1;
 }
 
-void setup_sleep_listener() {
+void setup_sleep_listener(void) {
         struct sd_bus *bus;
 
         int ret = sd_bus_default_system(&bus);
diff --git a/swaylock/main.c b/swaylock/main.c
index 693cbc10..ed8c5607 100644
--- a/swaylock/main.c
+++ b/swaylock/main.c
@@ -32,7 +32,7 @@ void sway_terminate(int exit_code) {
         exit(exit_code);
 }
 
-static void daemonize() {
+static void daemonize(void) {
         int fds[2];
         if (pipe(fds) != 0) {
                 wlr_log(WLR_ERROR, "Failed to pipe");
diff --git a/swaynag/config.c b/swaynag/config.c
index 4d0824c9..cd34dcc2 100644
--- a/swaynag/config.c
+++ b/swaynag/config.c
@@ -11,7 +11,7 @@
 #include "util.h"
 #include "wlr-layer-shell-unstable-v1-client-protocol.h"
 
-static char *read_from_stdin() {
+static char *read_from_stdin(void) {
         char *buffer = NULL;
         while (!feof(stdin)) {
                 char *line = read_line(stdin);