From a5c091e3026eb41d3a4daef3db95b47a3445aa11 Mon Sep 17 00:00:00 2001
From: Tobias Blass <tobiasblass@t-online.de>
Date: Wed, 13 Jun 2018 00:39:24 +0200
Subject: Perform (partial) server initialization before dropping privileges.

Some operations during backend creation (e.g. becoming DRM master)
require CAP_SYS_ADMIN privileges. At this point, sway has dropped them
already, though. This patch splits the privileged part of server_init
into its own function and calls it before dropping its privileges.
This fixes the bug with minimal security implications.
---
 include/sway/server.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include/sway/server.h')

diff --git a/include/sway/server.h b/include/sway/server.h
index 65d96e7a..963d4dc1 100644
--- a/include/sway/server.h
+++ b/include/sway/server.h
@@ -47,6 +47,8 @@ struct sway_server {
 
 struct sway_server server;
 
+/* Prepares an unprivileged server_init by performing all privileged operations in advance */
+bool server_privileged_prepare(struct sway_server *server);
 bool server_init(struct sway_server *server);
 void server_fini(struct sway_server *server);
 void server_run(struct sway_server *server);
-- 
cgit v1.2.3-54-g00ecf