mirror of
https://github.com/brl/mutter.git
synced 2024-11-25 01:20:42 -05:00
core: Drop all capabilities on initialization
Add an optional dependency on libcap-ng, if the library is detected drop all capabilities by default, in order to allow packagers/users to do "setcap CAP_SYS_NICE=+ep `which gnome-shell`" and let it set higher sched/egl priorities without preserving the capability forever. https://gitlab.gnome.org/GNOME/mutter/merge_requests/923
This commit is contained in:
parent
d8c4d78f4a
commit
6ec6ea7d3c
@ -16,7 +16,7 @@ RUN dnf -y update && dnf -y upgrade && \
|
||||
dnf builddep -y mutter && \
|
||||
|
||||
# Until Fedora catches up with new build-deps
|
||||
dnf install -y 'pkgconfig(graphene-gobject-1.0)' 'pkgconfig(sysprof-capture-3)' && \
|
||||
dnf install -y 'pkgconfig(graphene-gobject-1.0)' 'pkgconfig(sysprof-capture-3)' 'pkgconfig(libcap-ng)' && \
|
||||
|
||||
# For running unit tests
|
||||
dnf install -y xorg-x11-server-Xvfb mesa-dri-drivers dbus dbus-x11 '*/xvfb-run' gdm-lib accountsservice-libs gnome-control-center && \
|
||||
|
@ -67,3 +67,6 @@
|
||||
/* Either <sys/random.h> or <linux/random.h> */
|
||||
#mesondefine HAVE_SYS_RANDOM
|
||||
#mesondefine HAVE_LINUX_RANDOM
|
||||
|
||||
/* Defined if libcap-ng is available */
|
||||
#mesondefine HAVE_LIBCAPNG
|
||||
|
@ -36,6 +36,7 @@ libstartup_notification_req = '>= 0.7'
|
||||
libcanberra_req = '>= 0.26'
|
||||
libwacom_req = '>= 0.13'
|
||||
atk_req = '>= 2.5.3'
|
||||
libcapng_req = '>= 0.7.9'
|
||||
|
||||
# optional version requirements
|
||||
udev_req = '>= 228'
|
||||
@ -127,6 +128,7 @@ xau_dep = dependency('xau')
|
||||
ice_dep = dependency('ice')
|
||||
atk_dep = dependency('atk', version: atk_req)
|
||||
libcanberra_dep = dependency('libcanberra', version: libcanberra_req)
|
||||
libcapng_dep = dependency('libcap-ng', required: get_option('libcapng'))
|
||||
|
||||
# For now always require X11 support
|
||||
have_x11 = true
|
||||
@ -258,6 +260,7 @@ have_core_tests = false
|
||||
have_cogl_tests = false
|
||||
have_clutter_tests = false
|
||||
have_installed_tests = false
|
||||
have_libcapng = libcapng_dep.found()
|
||||
|
||||
if have_tests
|
||||
have_core_tests = get_option('core_tests')
|
||||
@ -364,6 +367,7 @@ cdata.set('HAVE_SM', have_sm)
|
||||
cdata.set('HAVE_STARTUP_NOTIFICATION', have_startup_notification)
|
||||
cdata.set('HAVE_INTROSPECTION', have_introspection)
|
||||
cdata.set('HAVE_PROFILER', have_profiler)
|
||||
cdata.set('HAVE_LIBCAPNG', have_libcapng)
|
||||
|
||||
xkb_base = xkeyboard_config_dep.get_pkgconfig_variable('xkb_base')
|
||||
cdata.set_quoted('XKB_BASE', xkb_base)
|
||||
@ -445,6 +449,7 @@ output = [
|
||||
' Startup notification..... ' + have_startup_notification.to_string(),
|
||||
' Introspection............ ' + have_introspection.to_string(),
|
||||
' Profiler................. ' + have_profiler.to_string(),
|
||||
' libcap-ng................ ' + have_libcapng.to_string(),
|
||||
'',
|
||||
' Tests:',
|
||||
'',
|
||||
|
@ -152,3 +152,9 @@ option('xwayland_grab_default_access_rules',
|
||||
value: 'gnome-boxes,remote-viewer,virt-viewer,virt-manager,vinagre,vncviewer,Xephyr',
|
||||
description: 'Comma delimited list of applications ressources or class allowed to issue X11 grabs in Xwayland'
|
||||
)
|
||||
|
||||
option('libcapng',
|
||||
type: 'feature',
|
||||
value: 'auto',
|
||||
description: 'Enable libcap-ng support'
|
||||
)
|
||||
|
@ -66,6 +66,10 @@
|
||||
#include <girepository.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBCAPNG
|
||||
#include <cap-ng.h>
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_NATIVE_BACKEND) && defined(HAVE_WAYLAND)
|
||||
#include <systemd/sd-login.h>
|
||||
#endif /* HAVE_WAYLAND && HAVE_NATIVE_BACKEND */
|
||||
@ -597,6 +601,11 @@ meta_init (void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBCAPNG
|
||||
capng_clear (CAPNG_SELECT_BOTH);
|
||||
capng_apply (CAPNG_SELECT_BOTH);
|
||||
#endif
|
||||
|
||||
g_unix_signal_add (SIGTERM, on_sigterm, NULL);
|
||||
|
||||
if (g_get_home_dir ())
|
||||
|
@ -18,6 +18,7 @@ mutter_pkg_deps = [
|
||||
glib_dep,
|
||||
gsettings_desktop_schemas_dep,
|
||||
gtk3_dep,
|
||||
libcapng_dep,
|
||||
pango_dep,
|
||||
]
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user