Perform (partial) server initialization before dropping privileges.

Some operations during backend creation (e.g. becoming DRM master) require CAP_SYS_ADMIN privileges. At this point, sway has dropped them already, though. This patch splits the privileged part of server_init into its own function and calls it before dropping its privileges. This fixes the bug with minimal security implications.
author: Tobias Blass <tobiasblass@t-online.de> 2018-06-13 00:39:24 +0200
committer: Tobias Blass <tobiasblass@t-online.de> 2018-06-19 00:19:57 +0200
commit: a5c091e3026eb41d3a4daef3db95b47a3445aa11 (patch)
tree: 3317961dd1425f428ccdebce378e0f010d57a14b /sway/main.c
parent: Merge pull request #2143 from vilhalmer/mark-pool-buffers-busy (diff)
download: sway-a5c091e3026eb41d3a4daef3db95b47a3445aa11.tar.gz
sway-a5c091e3026eb41d3a4daef3db95b47a3445aa11.tar.zst
sway-a5c091e3026eb41d3a4daef3db95b47a3445aa11.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/sway/main.c b/sway/main.c
index a7e808ad..a325dc3a 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -359,6 +359,11 @@ int main(int argc, char **argv) {
        executable_sanity_check();
        bool suid = false;
+        if (!server_privileged_prepare(&server)) {
+                return 1;
+        }
 #ifdef __linux__
        if (getuid() != geteuid() || getgid() != getegid()) {
                // Retain capabilities after setuid()
author	Tobias Blass <tobiasblass@t-online.de>	2018-06-13 00:39:24 +0200
committer	Tobias Blass <tobiasblass@t-online.de>	2018-06-19 00:19:57 +0200
commit	a5c091e3026eb41d3a4daef3db95b47a3445aa11 (patch)
tree	3317961dd1425f428ccdebce378e0f010d57a14b /sway/main.c
parent	Merge pull request #2143 from vilhalmer/mark-pool-buffers-busy (diff)
download	sway-a5c091e3026eb41d3a4daef3db95b47a3445aa11.tar.gz sway-a5c091e3026eb41d3a4daef3db95b47a3445aa11.tar.zst sway-a5c091e3026eb41d3a4daef3db95b47a3445aa11.zip