nixpkgs-suyu/pkgs/desktops/plasma-5/kwin
Alois Wohlschlager f238a0a093
kwin: don't leak CAP_SYS_NICE
The capability wrapper raises CAP_SYS_NICE into the ambient set. As a
result, not only is kwin_wayland itself granted that capability, but
also all applications started by it (even transitively, i.e. the entire
desktop environment). While CAP_SYS_NICE is not a particularly dangerous
capability, that behaviour is still not great; furthermore it's annoying
because it breaks programs checking that they are not granted any
capabilities (e.g. bubblewrap).

Fix this behaviour by adding a patch that causes kwin_wayland to lower
CAP_SYS_NICE from the ambient capability set at startup. That way,
expected upstream behaviour is restored.
2022-08-07 19:12:37 +02:00
..
0001-follow-symlinks.patch
0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch kwin: don't leak CAP_SYS_NICE 2022-08-07 19:12:37 +02:00
0001-NixOS-Unwrap-executable-name-for-.desktop-search.patch
0002-xwayland.patch
0003-plugins-qpa-allow-using-nixos-wrapper.patch
default.nix kwin: don't leak CAP_SYS_NICE 2022-08-07 19:12:37 +02:00