f238a0a093
The capability wrapper raises CAP_SYS_NICE into the ambient set. As a result, not only is kwin_wayland itself granted that capability, but also all applications started by it (even transitively, i.e. the entire desktop environment). While CAP_SYS_NICE is not a particularly dangerous capability, that behaviour is still not great; furthermore it's annoying because it breaks programs checking that they are not granted any capabilities (e.g. bubblewrap). Fix this behaviour by adding a patch that causes kwin_wayland to lower CAP_SYS_NICE from the ambient capability set at startup. That way, expected upstream behaviour is restored. |
||
---|---|---|
.. | ||
0001-follow-symlinks.patch | ||
0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch | ||
0001-NixOS-Unwrap-executable-name-for-.desktop-search.patch | ||
0002-xwayland.patch | ||
0003-plugins-qpa-allow-using-nixos-wrapper.patch | ||
default.nix |