kwin: don't leak CAP_SYS_NICE
The capability wrapper raises CAP_SYS_NICE into the ambient set. As a result, not only is kwin_wayland itself granted that capability, but also all applications started by it (even transitively, i.e. the entire desktop environment). While CAP_SYS_NICE is not a particularly dangerous capability, that behaviour is still not great; furthermore it's annoying because it breaks programs checking that they are not granted any capabilities (e.g. bubblewrap). Fix this behaviour by adding a patch that causes kwin_wayland to lower CAP_SYS_NICE from the ambient capability set at startup. That way, expected upstream behaviour is restored.
This commit is contained in:
Alois Wohlschlager
parent
01521f33f3
commit
f238a0a093
2 changed files with 41 additions and 0 deletions
|
|
@ -0,0 +1,40 @@
|
||||||
|
From 232e480ab1303f37d37d295b57fdcbb6b6648bca Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alois Wohlschlager <alois1@gmx-topmail.de>
|
||||||
|
Date: Sun, 7 Aug 2022 16:12:31 +0200
|
||||||
|
Subject: [PATCH] Lower CAP_SYS_NICE from the ambient set
|
||||||
|
|
||||||
|
The capabilities wrapper raises CAP_SYS_NICE into the ambient set so it
|
||||||
|
is inherited by the wrapped program. However, we don't want it to leak
|
||||||
|
into the entire desktop environment.
|
||||||
|
|
||||||
|
Lower the capability again at startup so that the kernel will clear it
|
||||||
|
on exec.
|
||||||
|
---
|
||||||
|
src/main_wayland.cpp | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/main_wayland.cpp b/src/main_wayland.cpp
|
||||||
|
index 1720e14e7..f2bb446b0 100644
|
||||||
|
--- a/src/main_wayland.cpp
|
||||||
|
+++ b/src/main_wayland.cpp
|
||||||
|
@@ -39,7 +39,9 @@
|
||||||
|
#include <QWindow>
|
||||||
|
#include <qplatformdefs.h>
|
||||||
|
|
||||||
|
+#include <linux/capability.h>
|
||||||
|
#include <sched.h>
|
||||||
|
+#include <sys/prctl.h>
|
||||||
|
#include <sys/resource.h>
|
||||||
|
|
||||||
|
#include <iomanip>
|
||||||
|
@@ -285,6 +287,7 @@ static QString automaticBackendSelection()
|
||||||
|
|
||||||
|
int main(int argc, char *argv[])
|
||||||
|
{
|
||||||
|
+ prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, CAP_SYS_NICE, 0, 0);
|
||||||
|
KWin::Application::setupMalloc();
|
||||||
|
KWin::Application::setupLocalizedString();
|
||||||
|
KWin::gainRealTime();
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
||||||
|
|
@ -48,6 +48,7 @@ mkDerivation {
|
||||||
./0002-xwayland.patch
|
./0002-xwayland.patch
|
||||||
./0003-plugins-qpa-allow-using-nixos-wrapper.patch
|
./0003-plugins-qpa-allow-using-nixos-wrapper.patch
|
||||||
./0001-NixOS-Unwrap-executable-name-for-.desktop-search.patch
|
./0001-NixOS-Unwrap-executable-name-for-.desktop-search.patch
|
||||||
|
./0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch
|
||||||
# Pass special environments through arguemnts to `kwin_wayland`, bypassing
|
# Pass special environments through arguemnts to `kwin_wayland`, bypassing
|
||||||
# ld.so(8) environment stripping due to `kwin_wayland`'s capabilities.
|
# ld.so(8) environment stripping due to `kwin_wayland`'s capabilities.
|
||||||
# We need this to have `TZDIR` correctly set for `plasmashell`, or
|
# We need this to have `TZDIR` correctly set for `plasmashell`, or
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue