1 files changed, 52 insertions, 0 deletions
diff --git a/config.d/security.in b/config.d/security.in
new file mode 100644
index 00000000..47592b05
--- /dev/null
+++ b/config.d/security.in
@@ -0,0 +1,52 @@
+# sway security rules
+#
+# Read sway-security(7) for details on how to secure your sway install.
+#
+# You MUST read this man page if you intend to attempt to secure your sway
+# installation.
+# Configures which programs are allowed to use which sway features
+permit * fullscreen keyboard mouse ipc
+permit __PREFIX__/bin/swaylock lock
+permit __PREFIX__/bin/swaybar panel
+permit __PREFIX__/bin/swaybg background
+permit __PREFIX__/bin/swaygrab screenshot
+# Configures which IPC features are enabled
+ipc {
+    command enabled
+    outputs enabled
+    workspaces enabled
+    tree enabled
+    marks enabled
+    bar-config enabled
+    inputs enabled
+    events {
+        workspace enabled
+        output enabled
+        mode enabled
+        window enabled
+        modifier enabled
+        input enabled
+        binding disabled
+    }
+}
+# Limits the contexts from which certain commands are permitted
+commands {
+    * all
+    fullscreen binding criteria
+    bindsym config
+    exit binding
+    kill binding
+    # You should not change these unless you know what you're doing - it could
+    # cripple your security
+    reload binding
+    restart binding
+    permit config
+    reject config
+    ipc config
+}

diff --git a/config.d/security.in b/config.d/security.in new file mode 100644 index 00000000..47592b05 --- /dev/null +++ b/config.d/security.in
@@ -0,0 +1,52 @@
	1	# sway security rules
	2	#
	3	# Read sway-security(7) for details on how to secure your sway install.
	4	#
	5	# You MUST read this man page if you intend to attempt to secure your sway
	6	# installation.
	7
	8	# Configures which programs are allowed to use which sway features
	9	permit * fullscreen keyboard mouse ipc
	10	permit __PREFIX__/bin/swaylock lock
	11	permit __PREFIX__/bin/swaybar panel
	12	permit __PREFIX__/bin/swaybg background
	13	permit __PREFIX__/bin/swaygrab screenshot
	14
	15	# Configures which IPC features are enabled
	16	ipc {
	17	command enabled
	18	outputs enabled
	19	workspaces enabled
	20	tree enabled
	21	marks enabled
	22	bar-config enabled
	23	inputs enabled
	24
	25	events {
	26	workspace enabled
	27	output enabled
	28	mode enabled
	29	window enabled
	30	modifier enabled
	31	input enabled
	32	binding disabled
	33	}
	34	}
	35
	36	# Limits the contexts from which certain commands are permitted
	37	commands {
	38	* all
	39
	40	fullscreen binding criteria
	41	bindsym config
	42	exit binding
	43	kill binding
	44
	45	# You should not change these unless you know what you're doing - it could
	46	# cripple your security
	47	reload binding
	48	restart binding
	49	permit config
	50	reject config
	51	ipc config
	52	}