The capability wrapper raises CAP_SYS_NICE into the ambient set. As a result, not only is kwin_wayland itself granted that capability, but also all applications started by it (even transitively, i.e. the entire desktop environment). While CAP_SYS_NICE is not a particularly dangerous capability, that behaviour is still not great; furthermore it's annoying because it breaks programs checking that they are not granted any capabilities (e.g. bubblewrap). Fix this behaviour by adding a patch that causes kwin_wayland to lower CAP_SYS_NICE from the ambient capability set at startup. That way, expected upstream behaviour is restored. |
||
---|---|---|
.. | ||
3rdparty | ||
breeze-plymouth | ||
kde-gtk-config | ||
kwin | ||
libkscreen | ||
libksysguard | ||
patches | ||
plasma-desktop | ||
plasma-integration | ||
plasma-mobile | ||
plasma-nano | ||
plasma-nm | ||
plasma-vault | ||
plasma-workspace | ||
bluedevil.nix | ||
breeze-grub.nix | ||
breeze-gtk.nix | ||
breeze-qt5.nix | ||
default.nix | ||
discover.nix | ||
fetch.sh | ||
kactivitymanagerd.nix | ||
kde-cli-tools.nix | ||
kdecoration.nix | ||
kdeplasma-addons.nix | ||
kgamma5.nix | ||
khotkeys.nix | ||
kinfocenter.nix | ||
kmenuedit.nix | ||
kscreen.nix | ||
kscreenlocker.nix | ||
ksshaskpass.nix | ||
ksystemstats.nix | ||
kwallet-pam.nix | ||
kwayland-integration.nix | ||
kwrited.nix | ||
layer-shell-qt.nix | ||
milou.nix | ||
oxygen.nix | ||
plasma-browser-integration.nix | ||
plasma-disks.nix | ||
plasma-pa.nix | ||
plasma-sdk.nix | ||
plasma-systemmonitor.nix | ||
plasma-thunderbolt.nix | ||
plasma-workspace-wallpapers.nix | ||
polkit-kde-agent.nix | ||
powerdevil.nix | ||
qqc2-breeze-style.nix | ||
sddm-kcm.nix | ||
srcs.nix | ||
systemsettings.nix | ||
xdg-desktop-portal-kde.nix |