f238a0a093
The capability wrapper raises CAP_SYS_NICE into the ambient set. As a result, not only is kwin_wayland itself granted that capability, but also all applications started by it (even transitively, i.e. the entire desktop environment). While CAP_SYS_NICE is not a particularly dangerous capability, that behaviour is still not great; furthermore it's annoying because it breaks programs checking that they are not granted any capabilities (e.g. bubblewrap). Fix this behaviour by adding a patch that causes kwin_wayland to lower CAP_SYS_NICE from the ambient capability set at startup. That way, expected upstream behaviour is restored.
40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
From 232e480ab1303f37d37d295b57fdcbb6b6648bca Mon Sep 17 00:00:00 2001
|
|
From: Alois Wohlschlager <alois1@gmx-topmail.de>
|
|
Date: Sun, 7 Aug 2022 16:12:31 +0200
|
|
Subject: [PATCH] Lower CAP_SYS_NICE from the ambient set
|
|
|
|
The capabilities wrapper raises CAP_SYS_NICE into the ambient set so it
|
|
is inherited by the wrapped program. However, we don't want it to leak
|
|
into the entire desktop environment.
|
|
|
|
Lower the capability again at startup so that the kernel will clear it
|
|
on exec.
|
|
---
|
|
src/main_wayland.cpp | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/src/main_wayland.cpp b/src/main_wayland.cpp
|
|
index 1720e14e7..f2bb446b0 100644
|
|
--- a/src/main_wayland.cpp
|
|
+++ b/src/main_wayland.cpp
|
|
@@ -39,7 +39,9 @@
|
|
#include <QWindow>
|
|
#include <qplatformdefs.h>
|
|
|
|
+#include <linux/capability.h>
|
|
#include <sched.h>
|
|
+#include <sys/prctl.h>
|
|
#include <sys/resource.h>
|
|
|
|
#include <iomanip>
|
|
@@ -285,6 +287,7 @@ static QString automaticBackendSelection()
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
+ prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, CAP_SYS_NICE, 0, 0);
|
|
KWin::Application::setupMalloc();
|
|
KWin::Application::setupLocalizedString();
|
|
KWin::gainRealTime();
|
|
--
|
|
2.37.1
|
|
|