Revise IPC security configuration

author: Drew DeVault <sir@cmpwn.com> 2017-02-19 02:36:36 -0500
committer: Drew DeVault <sir@cmpwn.com> 2017-02-19 02:56:59 -0500
commit: 7dbecdde95d1f309d8fdd02fe480dc3fbef7c7c1 (patch)
tree: 303b3632a576fac27835523872f8286adbd35d9b /security.d
parent: Merge pull request #1075 from zandrmartin/floating-positioning (diff)
download: sway-7dbecdde95d1f309d8fdd02fe480dc3fbef7c7c1.tar.gz
sway-7dbecdde95d1f309d8fdd02fe480dc3fbef7c7c1.tar.zst
sway-7dbecdde95d1f309d8fdd02fe480dc3fbef7c7c1.zip
1 files changed, 47 insertions, 0 deletions
diff --git a/security.d/00-defaults.in b/security.d/00-defaults.in
new file mode 100644
index 00000000..99859edd
--- /dev/null
+++ b/security.d/00-defaults.in
@@ -0,0 +1,47 @@
+# sway security rules
+#
+# Read sway-security(7) for details on how to secure your sway install.
+#
+# You MUST read this man page if you intend to attempt to secure your sway
+# installation.
+#
+# This file should live at __SYSCONFDIR__/sway/security and will be
+# automatically read by sway.
+# Configures enabled compositor features for specific programs
+permit * fullscreen keyboard mouse
+permit __PREFIX__/bin/swaylock lock
+permit __PREFIX__/bin/swaybg background
+permit __PREFIX__/bin/swaygrab screenshot
+permit __PREFIX__/bin/swaybar panel
+# Configures enabled IPC features for specific programs
+ipc __PREFIX__/bin/swaymsg {
+    * enabled
+    events {
+        * disabled
+    }
+}
+ipc __PREFIX__/bin/swaybar {
+    bar-config enabled
+    outputs enabled
+    workspaces enabled
+    command enabled
+}
+ipc __PREFIX__/bin/swaygrab {
+    outputs enabled
+    tree enabled
+}
+# Limits the contexts from which certain commands are permitted
+commands {
+    * all
+    fullscreen binding criteria
+    bindsym config
+    exit binding
+    kill binding
+}
author	Drew DeVault <sir@cmpwn.com>	2017-02-19 02:36:36 -0500
committer	Drew DeVault <sir@cmpwn.com>	2017-02-19 02:56:59 -0500
commit	7dbecdde95d1f309d8fdd02fe480dc3fbef7c7c1 (patch)
tree	303b3632a576fac27835523872f8286adbd35d9b /security.d
parent	Merge pull request #1075 from zandrmartin/floating-positioning (diff)
download	sway-7dbecdde95d1f309d8fdd02fe480dc3fbef7c7c1.tar.gz sway-7dbecdde95d1f309d8fdd02fe480dc3fbef7c7c1.tar.zst sway-7dbecdde95d1f309d8fdd02fe480dc3fbef7c7c1.zip

diff --git a/security.d/00-defaults.in b/security.d/00-defaults.in new file mode 100644 index 00000000..99859edd --- /dev/null +++ b/security.d/00-defaults.in
@@ -0,0 +1,47 @@
	1	# sway security rules
	2	#
	3	# Read sway-security(7) for details on how to secure your sway install.
	4	#
	5	# You MUST read this man page if you intend to attempt to secure your sway
	6	# installation.
	7	#
	8	# This file should live at __SYSCONFDIR__/sway/security and will be
	9	# automatically read by sway.
	10
	11	# Configures enabled compositor features for specific programs
	12	permit * fullscreen keyboard mouse
	13	permit __PREFIX__/bin/swaylock lock
	14	permit __PREFIX__/bin/swaybg background
	15	permit __PREFIX__/bin/swaygrab screenshot
	16	permit __PREFIX__/bin/swaybar panel
	17
	18	# Configures enabled IPC features for specific programs
	19	ipc __PREFIX__/bin/swaymsg {
	20	* enabled
	21
	22	events {
	23	* disabled
	24	}
	25	}
	26
	27	ipc __PREFIX__/bin/swaybar {
	28	bar-config enabled
	29	outputs enabled
	30	workspaces enabled
	31	command enabled
	32	}
	33
	34	ipc __PREFIX__/bin/swaygrab {
	35	outputs enabled
	36	tree enabled
	37	}
	38
	39	# Limits the contexts from which certain commands are permitted
	40	commands {
	41	* all
	42
	43	fullscreen binding criteria
	44	bindsym config
	45	exit binding
	46	kill binding
	47	}