diff options
author | Drew DeVault <sir@cmpwn.com> | 2018-07-28 11:23:12 -0400 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2018-10-08 18:33:34 -0400 |
commit | 14f89600a8cc74c1da8160ecd69755cbb29b3956 (patch) | |
tree | 391cc42daca9b5aa7b579c75c05966dcb7b02201 | |
parent | Add sway-security(7) (diff) | |
download | sway-14f89600a8cc74c1da8160ecd69755cbb29b3956.tar.gz sway-14f89600a8cc74c1da8160ecd69755cbb29b3956.tar.zst sway-14f89600a8cc74c1da8160ecd69755cbb29b3956.zip |
Remove FreeBSD specific security config
Since we're going to require clients to have been spawned by sway to be
trusted, we can ditch the FreeBSD config
-rw-r--r-- | meson.build | 21 | ||||
-rw-r--r-- | security.d/10-freebsd.in | 19 |
2 files changed, 6 insertions, 34 deletions
diff --git a/meson.build b/meson.build index 96d74bd3..f8303dd5 100644 --- a/meson.build +++ b/meson.build | |||
@@ -168,21 +168,12 @@ configure_file( | |||
168 | install_dir: sysconfdir + '/sway' | 168 | install_dir: sysconfdir + '/sway' |
169 | ) | 169 | ) |
170 | 170 | ||
171 | if is_freebsd | 171 | configure_file( |
172 | configure_file( | 172 | configuration: config, |
173 | configuration: config, | 173 | input: 'security.d/00-defaults.in', |
174 | input: 'security.d/10-freebsd.in', | 174 | output: '@BASENAME@', |
175 | output: '@BASENAME@', | 175 | install_dir: sysconfdir + '/sway/security.d' |
176 | install_dir: sysconfdir + '/sway/security.d' | 176 | ) |
177 | ) | ||
178 | else | ||
179 | configure_file( | ||
180 | configuration: config, | ||
181 | input: 'security.d/00-defaults.in', | ||
182 | output: '@BASENAME@', | ||
183 | install_dir: sysconfdir + '/sway/security.d' | ||
184 | ) | ||
185 | endif | ||
186 | 177 | ||
187 | install_data( | 178 | install_data( |
188 | 'sway.desktop', | 179 | 'sway.desktop', |
diff --git a/security.d/10-freebsd.in b/security.d/10-freebsd.in deleted file mode 100644 index 533b526a..00000000 --- a/security.d/10-freebsd.in +++ /dev/null | |||
@@ -1,19 +0,0 @@ | |||
1 | # sway security rules | ||
2 | # | ||
3 | # FreeBSD does not support getting client PID from server side | ||
4 | # so we can not know the path to the client's binary. | ||
5 | # | ||
6 | # The solution for now is to be permissive and allow all | ||
7 | # features by default for any client. | ||
8 | |||
9 | # Configures enabled compositor features for specific programs | ||
10 | permit * fullscreen keyboard mouse background screenshot panel lock | ||
11 | |||
12 | ipc * { | ||
13 | * enabled | ||
14 | events { | ||
15 | * enabled | ||
16 | } | ||
17 | } | ||
18 | |||
19 | |||