From 7db62770903cc90dde4babd06829b92387154a96 Mon Sep 17 00:00:00 2001 From: oxalica Date: Fri, 3 May 2024 02:22:47 -0400 Subject: [PATCH 1/2] kdePackages.kwin: apply lowering CAP_SYS_NICE patch This patch exists on plasma5Packages.kwin and is still applicable for KDE6. --- ...er-CAP_SYS_NICE-from-the-ambient-set.patch | 40 +++++++++++++++++++ pkgs/kde/plasma/kwin/default.nix | 1 + 2 files changed, 41 insertions(+) create mode 100644 pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch diff --git a/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch b/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch new file mode 100644 index 000000000000..e6408605aa43 --- /dev/null +++ b/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch @@ -0,0 +1,40 @@ +From 232e480ab1303f37d37d295b57fdcbb6b6648bca Mon Sep 17 00:00:00 2001 +From: Alois Wohlschlager +Date: Sun, 7 Aug 2022 16:12:31 +0200 +Subject: [PATCH] Lower CAP_SYS_NICE from the ambient set + +The capabilities wrapper raises CAP_SYS_NICE into the ambient set so it +is inherited by the wrapped program. However, we don't want it to leak +into the entire desktop environment. + +Lower the capability again at startup so that the kernel will clear it +on exec. +--- + src/main_wayland.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/main_wayland.cpp b/src/main_wayland.cpp +index 1720e14e7..f2bb446b0 100644 +--- a/src/main_wayland.cpp ++++ b/src/main_wayland.cpp +@@ -39,7 +39,9 @@ + #include + #include + ++#include + #include ++#include + #include + + #include +@@ -285,6 +287,7 @@ static QString automaticBackendSelection() + + int main(int argc, char *argv[]) + { ++ prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, CAP_SYS_NICE, 0, 0); + KWin::Application::setupMalloc(); + KWin::Application::setupLocalizedString(); + KWin::gainRealTime(); +-- +2.37.1 + diff --git a/pkgs/kde/plasma/kwin/default.nix b/pkgs/kde/plasma/kwin/default.nix index fc5f00991d9e..7c3b0ce2bbe1 100644 --- a/pkgs/kde/plasma/kwin/default.nix +++ b/pkgs/kde/plasma/kwin/default.nix @@ -26,6 +26,7 @@ mkKdeDerivation { # The rest are NixOS-specific hacks ./0003-plugins-qpa-allow-using-nixos-wrapper.patch ./0001-NixOS-Unwrap-executable-name-for-.desktop-search.patch + ./0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch ]; postPatch = '' From def8d7e2549f2b2eb54d1115833cd814ffb0ba14 Mon Sep 17 00:00:00 2001 From: oxalica Date: Fri, 3 May 2024 02:27:44 -0400 Subject: [PATCH 2/2] nixos/plasma6: add CAP_SYS_NICE for kwin_wayland This makes kwin_wayland successfully gain SCHED_RR priority, which significantly improves the rendering lag, ie. cursor movement and desktop animations, under heavy CPU load like on compilation. This was already enabled for plasma5 but is not for plasma6 somehow. --- nixos/modules/services/desktop-managers/plasma6.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/nixos/modules/services/desktop-managers/plasma6.nix b/nixos/modules/services/desktop-managers/plasma6.nix index 08507b4d370a..842b0716b928 100644 --- a/nixos/modules/services/desktop-managers/plasma6.nix +++ b/nixos/modules/services/desktop-managers/plasma6.nix @@ -286,6 +286,15 @@ in { kde-smartcard = lib.mkIf config.security.pam.p11.enable { p11Auth = true; }; }; + security.wrappers = { + kwin_wayland = { + owner = "root"; + group = "root"; + capabilities = "cap_sys_nice+ep"; + source = "${lib.getBin pkgs.kdePackages.kwin}/bin/kwin_wayland"; + }; + }; + programs.dconf.enable = true; programs.firefox.nativeMessagingHosts.packages = [kdePackages.plasma-browser-integration];