diff options
author | Drew DeVault <sir@cmpwn.com> | 2016-12-03 12:38:42 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2016-12-03 12:38:42 -0500 |
commit | e7a764fdf450a8259ddbc17446dd720fa1157b44 (patch) | |
tree | e0ec272832e88e6c8d92719efa70c6749452daff /config.d | |
parent | Fix use-after-free (diff) | |
download | sway-e7a764fdf450a8259ddbc17446dd720fa1157b44.tar.gz sway-e7a764fdf450a8259ddbc17446dd720fa1157b44.tar.zst sway-e7a764fdf450a8259ddbc17446dd720fa1157b44.zip |
Disallow everything by default
And update config.d/security to configure sane defaults
Diffstat (limited to 'config.d')
-rw-r--r-- | config.d/security.in | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/config.d/security.in b/config.d/security.in index b5690dc7..47592b05 100644 --- a/config.d/security.in +++ b/config.d/security.in | |||
@@ -6,13 +6,12 @@ | |||
6 | # installation. | 6 | # installation. |
7 | 7 | ||
8 | # Configures which programs are allowed to use which sway features | 8 | # Configures which programs are allowed to use which sway features |
9 | permit * fullscreen keyboard mouse ipc | ||
9 | permit __PREFIX__/bin/swaylock lock | 10 | permit __PREFIX__/bin/swaylock lock |
10 | permit __PREFIX__/bin/swaybar panel | 11 | permit __PREFIX__/bin/swaybar panel |
11 | permit __PREFIX__/bin/swaybg background | 12 | permit __PREFIX__/bin/swaybg background |
12 | permit __PREFIX__/bin/swaygrab screenshot | 13 | permit __PREFIX__/bin/swaygrab screenshot |
13 | 14 | ||
14 | permit * fullscreen keyboard mouse | ||
15 | |||
16 | # Configures which IPC features are enabled | 15 | # Configures which IPC features are enabled |
17 | ipc { | 16 | ipc { |
18 | command enabled | 17 | command enabled |
@@ -36,6 +35,8 @@ ipc { | |||
36 | 35 | ||
37 | # Limits the contexts from which certain commands are permitted | 36 | # Limits the contexts from which certain commands are permitted |
38 | commands { | 37 | commands { |
38 | * all | ||
39 | |||
39 | fullscreen binding criteria | 40 | fullscreen binding criteria |
40 | bindsym config | 41 | bindsym config |
41 | exit binding | 42 | exit binding |