Write example security config, start on code

author: Drew DeVault <sir@cmpwn.com> 2016-12-01 19:27:35 -0500
committer: Drew DeVault <sir@cmpwn.com> 2016-12-01 19:27:35 -0500
commit: 5831f7ab68a7166a492812d6301868541fdc9ae3 (patch)
tree: b25369a4ebde17cf17dfdeef9ce50d52ebe9cf1f /config.d
parent: Fix memory leaks in swaybar (diff)
download: sway-5831f7ab68a7166a492812d6301868541fdc9ae3.tar.gz
sway-5831f7ab68a7166a492812d6301868541fdc9ae3.tar.zst
sway-5831f7ab68a7166a492812d6301868541fdc9ae3.zip
1 files changed, 52 insertions, 0 deletions
diff --git a/config.d/security b/config.d/security
new file mode 100644
index 00000000..bff55f0f
--- /dev/null
+++ b/config.d/security
@@ -0,0 +1,52 @@
+# sway security rules
+#
+# Read sway-security(7) for details on how to secure your sway install.
+#
+# You MUST read this man page if you intend to attempt to secure your sway
+# installation.
+# Configures which programs are allowed to use which sway features
+permit $PREFIX/swaylock lock
+permit $PREFIX/swaybar panel
+permit $PREFIX/swaybg background
+permit $PREFIX/swaygrab screenshot
+permit * fullscreen keyboard mouse
+# Configures which IPC features are enabled
+ipc {
+    command enabled
+    outputs enabled
+    workspaces enabled
+    tree enabled
+    marks enabled
+    bar-config enabled
+    inputs enabled
+    events {
+        workspace enabled
+        output enabled
+        mode enabled
+        window enabled
+        bar-config enabled
+        binding enabled
+        modifier enabled
+        input enabled
+    }
+}
+# Limits the contexts from which certain commands are permitted
+commands {
+    fullscreen bindsym criteria
+    bindsym config
+    exit bindsym
+    kill bindsym
+    # You should not change these unless you know what you're doing - it could
+    # cripple your security
+    reload bindsym
+    restart bindsym
+    permit config
+    reject config
+    ipc config
+}
author	Drew DeVault <sir@cmpwn.com>	2016-12-01 19:27:35 -0500
committer	Drew DeVault <sir@cmpwn.com>	2016-12-01 19:27:35 -0500
commit	5831f7ab68a7166a492812d6301868541fdc9ae3 (patch)
tree	b25369a4ebde17cf17dfdeef9ce50d52ebe9cf1f /config.d
parent	Fix memory leaks in swaybar (diff)
download	sway-5831f7ab68a7166a492812d6301868541fdc9ae3.tar.gz sway-5831f7ab68a7166a492812d6301868541fdc9ae3.tar.zst sway-5831f7ab68a7166a492812d6301868541fdc9ae3.zip

diff --git a/config.d/security b/config.d/security new file mode 100644 index 00000000..bff55f0f --- /dev/null +++ b/config.d/security
@@ -0,0 +1,52 @@
	1	# sway security rules
	2	#
	3	# Read sway-security(7) for details on how to secure your sway install.
	4	#
	5	# You MUST read this man page if you intend to attempt to secure your sway
	6	# installation.
	7
	8	# Configures which programs are allowed to use which sway features
	9	permit $PREFIX/swaylock lock
	10	permit $PREFIX/swaybar panel
	11	permit $PREFIX/swaybg background
	12	permit $PREFIX/swaygrab screenshot
	13
	14	permit * fullscreen keyboard mouse
	15
	16	# Configures which IPC features are enabled
	17	ipc {
	18	command enabled
	19	outputs enabled
	20	workspaces enabled
	21	tree enabled
	22	marks enabled
	23	bar-config enabled
	24	inputs enabled
	25
	26	events {
	27	workspace enabled
	28	output enabled
	29	mode enabled
	30	window enabled
	31	bar-config enabled
	32	binding enabled
	33	modifier enabled
	34	input enabled
	35	}
	36	}
	37
	38	# Limits the contexts from which certain commands are permitted
	39	commands {
	40	fullscreen bindsym criteria
	41	bindsym config
	42	exit bindsym
	43	kill bindsym
	44
	45	# You should not change these unless you know what you're doing - it could
	46	# cripple your security
	47	reload bindsym
	48	restart bindsym
	49	permit config
	50	reject config
	51	ipc config
	52	}