Merge pull request #1080 from SirCmpwn/ipc-security0.12-rc1

Revise IPC security configuration
author: Drew DeVault <sir@cmpwn.com> 2017-02-21 05:18:42 -0500
committer: GitHub <noreply@github.com> 2017-02-21 05:18:42 -0500
commit: f68d2fb33c433d13def0921db561eb23d400683c (patch)
tree: cd8ec8565a63cd5b047e45b001debed16d6a2bdd /security.d/00-defaults.in
parent: Merge pull request #1075 from zandrmartin/floating-positioning (diff)
parent: Update 00-defaults.in (diff)
download: sway-f68d2fb33c433d13def0921db561eb23d400683c.tar.gz
sway-f68d2fb33c433d13def0921db561eb23d400683c.tar.zst
sway-f68d2fb33c433d13def0921db561eb23d400683c.zip
1 files changed, 52 insertions, 0 deletions
diff --git a/security.d/00-defaults.in b/security.d/00-defaults.in
new file mode 100644
index 00000000..34831c65
--- /dev/null
+++ b/security.d/00-defaults.in
@@ -0,0 +1,52 @@
+# sway security rules
+#
+# Read sway-security(7) for details on how to secure your sway install.
+#
+# You MUST read this man page if you intend to attempt to secure your sway
+# installation.
+#
+# DO NOT CHANGE THIS FILE. Override these defaults by writing new files in
+# __SYSCONFDIR__/sway/security.d/*
+# Configures enabled compositor features for specific programs
+permit * fullscreen keyboard mouse
+permit __PREFIX__/bin/swaylock lock
+permit __PREFIX__/bin/swaybg background
+permit __PREFIX__/bin/swaygrab screenshot
+permit __PREFIX__/bin/swaybar panel
+# Configures enabled IPC features for specific programs
+ipc __PREFIX__/bin/swaymsg {
+    * enabled
+    events {
+        * disabled
+    }
+}
+ipc __PREFIX__/bin/swaybar {
+    bar-config enabled
+    outputs enabled
+    workspaces enabled
+    command enabled
+    events {
+        workspace enabled
+        mode enabled
+    }
+}
+ipc __PREFIX__/bin/swaygrab {
+    outputs enabled
+    tree enabled
+}
+# Limits the contexts from which certain commands are permitted
+commands {
+    * all
+    fullscreen binding criteria
+    bindsym config
+    exit binding
+    kill binding
+}
author	Drew DeVault <sir@cmpwn.com>	2017-02-21 05:18:42 -0500
committer	GitHub <noreply@github.com>	2017-02-21 05:18:42 -0500
commit	f68d2fb33c433d13def0921db561eb23d400683c (patch)
tree	cd8ec8565a63cd5b047e45b001debed16d6a2bdd /security.d/00-defaults.in
parent	Merge pull request #1075 from zandrmartin/floating-positioning (diff)
parent	Update 00-defaults.in (diff)
download	sway-f68d2fb33c433d13def0921db561eb23d400683c.tar.gz sway-f68d2fb33c433d13def0921db561eb23d400683c.tar.zst sway-f68d2fb33c433d13def0921db561eb23d400683c.zip

diff --git a/security.d/00-defaults.in b/security.d/00-defaults.in new file mode 100644 index 00000000..34831c65 --- /dev/null +++ b/security.d/00-defaults.in
@@ -0,0 +1,52 @@
	1	# sway security rules
	2	#
	3	# Read sway-security(7) for details on how to secure your sway install.
	4	#
	5	# You MUST read this man page if you intend to attempt to secure your sway
	6	# installation.
	7	#
	8	# DO NOT CHANGE THIS FILE. Override these defaults by writing new files in
	9	# __SYSCONFDIR__/sway/security.d/*
	10
	11	# Configures enabled compositor features for specific programs
	12	permit * fullscreen keyboard mouse
	13	permit __PREFIX__/bin/swaylock lock
	14	permit __PREFIX__/bin/swaybg background
	15	permit __PREFIX__/bin/swaygrab screenshot
	16	permit __PREFIX__/bin/swaybar panel
	17
	18	# Configures enabled IPC features for specific programs
	19	ipc __PREFIX__/bin/swaymsg {
	20	* enabled
	21
	22	events {
	23	* disabled
	24	}
	25	}
	26
	27	ipc __PREFIX__/bin/swaybar {
	28	bar-config enabled
	29	outputs enabled
	30	workspaces enabled
	31	command enabled
	32
	33	events {
	34	workspace enabled
	35	mode enabled
	36	}
	37	}
	38
	39	ipc __PREFIX__/bin/swaygrab {
	40	outputs enabled
	41	tree enabled
	42	}
	43
	44	# Limits the contexts from which certain commands are permitted
	45	commands {
	46	* all
	47
	48	fullscreen binding criteria
	49	bindsym config
	50	exit binding
	51	kill binding
	52	}