mirrors/labwc
1
0
Fork 0
mirror of https://github.com/labwc/labwc.git synced 2026-04-07 08:21:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge 639fade49a into c9b4da2ce2

Browse source
This commit is contained in:
Tobias Bengfort 2026-04-03 22:13:39 +02:00 committed by GitHub
commit 86d2f83bab
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 121 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

35
docs/labwc-config.5.scd
View file

@ -1445,6 +1445,41 @@ situation.
Whether to apply a bilinear filter to the magnified image, or Whether to apply a bilinear filter to the magnified image, or
just to use nearest-neighbour. Default is true - bilinear filtered. just to use nearest-neighbour. Default is true - bilinear filtered.
## PRIVILEGED INTERFACES
Labwc supports a small set of privileged wayland interfaces. All of these
interfaces are enabled by default. Security conscious users may override this by
defining a `<privilegedInterfaces>` block:
```
<privilegedInterfaces>
<allow>zwlr_layer_shell_v1</allow>
<allow>zwlr_virtual_pointer_manager_v1</allow>
</privilegedInterfaces>
```
*<privilegedInterfaces><allow>*
Name of the interface that should be allowed.
This is the full list of interfaces that can be controlled with this mechanism:
- `wp_drm_lease_device_v1`
- `zwlr_gamma_control_manager_v1`
- `zwlr_output_manager_v1`
- `zwlr_output_power_manager_v1`
- `zwp_input_method_manager_v2`
- `zwlr_virtual_pointer_manager_v1`
- `zwp_virtual_keyboard_manager_v1`
- `zwlr_export_dmabuf_manager_v1`
- `zwlr_screencopy_manager_v1`
- `zwlr_data_control_manager_v1`
- `ext_idle_notifier_v1`
- `ext_workspace_manager_v1`
- `zwlr_foreign_toplevel_manager_v1`
- `ext_foreign_toplevel_list_v1`
- `ext_session_lock_manager_v1`
- `zwlr_layer_shell_v1`
## ENVIRONMENT VARIABLES ## ENVIRONMENT VARIABLES
*XCURSOR_PATH* *XCURSOR_PATH*

4
docs/rc.xml.all
View file

@ -691,4 +691,8 @@
<useFilter>yes</useFilter> <useFilter>yes</useFilter>
</magnifier> </magnifier>
<privilegedInterfaces>
<allow>zwlr_layer_shell_v1</allow>
</privilegedInterfaces>
</labwc_config> </labwc_config>

3
include/config/rcxml.h
View file

@ -76,6 +76,7 @@ struct rcxml {
enum tearing_mode allow_tearing; enum tearing_mode allow_tearing;
bool auto_enable_outputs; bool auto_enable_outputs;
bool reuse_output_mode; bool reuse_output_mode;
uint32_t allowed_interfaces;
bool xwayland_persistence; bool xwayland_persistence;
bool primary_selection; bool primary_selection;
char *prompt_command; char *prompt_command;
@ -225,4 +226,6 @@ void rcxml_finish(void);
*/ */
void append_parsed_actions(xmlNode *node, struct wl_list *list); void append_parsed_actions(xmlNode *node, struct wl_list *list);
enum lab_interface parse_privileged_interface(const char *name);
#endif /* LABWC_RCXML_H */ #endif /* LABWC_RCXML_H */

21
include/config/types.h
View file

@ -130,4 +130,25 @@ enum cycle_app_id_filter {
CYCLE_APP_ID_CURRENT, CYCLE_APP_ID_CURRENT,
}; };
enum lab_interface {
LAB_IFACE_INVALID = 0,
LAB_IFACE_NOT_SET = 1,
LAB_IFACE_DRM_LEASE = 1 << 1,
LAB_IFACE_GAMMA = 1 << 2,
LAB_IFACE_OUTPUT = 1 << 3,
LAB_IFACE_OUTPUT_POWER = 1 << 4,
LAB_IFACE_INPUT_METHOD = 1 << 5,
LAB_IFACE_VIRTUAL_POINTER = 1 << 6,
LAB_IFACE_VIRTUAL_KEYBOARD = 1 << 7,
LAB_IFACE_DMABUF = 1 << 8,
LAB_IFACE_SCREENCOPY = 1 << 9,
LAB_IFACE_DATA_CONTROL = 1 << 10,
LAB_IFACE_IDLE_NOTIFIER = 1 << 11,
LAB_IFACE_WORKSPACE = 1 << 12,
LAB_IFACE_TOPLEVEL_MANAGER = 1 << 13,
LAB_IFACE_TOPLEVEL_LIST = 1 << 14,
LAB_IFACE_SESSION_LOCK = 1 << 15,
LAB_IFACE_LAYER_SHELL = 1 << 16,
};
#endif /* LABWC_CONFIG_TYPES_H */ #endif /* LABWC_CONFIG_TYPES_H */

51
src/config/rcxml.c
View file

@ -94,6 +94,46 @@ parse_window_type(const char *type)
} }
} }
enum lab_interface
parse_privileged_interface(const char *name)
{
if (!strcasecmp(name, "wp_drm_lease_device_v1")) {
return LAB_IFACE_DRM_LEASE;
} else if (!strcasecmp(name, "zwlr_gamma_control_manager_v1")) {
return LAB_IFACE_GAMMA;
} else if (!strcasecmp(name, "zwlr_output_manager_v1")) {
return LAB_IFACE_OUTPUT;
} else if (!strcasecmp(name, "zwlr_output_power_manager_v1")) {
return LAB_IFACE_OUTPUT_POWER;
} else if (!strcasecmp(name, "zwp_input_method_manager_v2")) {
return LAB_IFACE_INPUT_METHOD;
} else if (!strcasecmp(name, "zwlr_virtual_pointer_manager_v1")) {
return LAB_IFACE_VIRTUAL_POINTER;
} else if (!strcasecmp(name, "zwp_virtual_keyboard_manager_v1")) {
return LAB_IFACE_VIRTUAL_KEYBOARD;
} else if (!strcasecmp(name, "zwlr_export_dmabuf_manager_v1")) {
return LAB_IFACE_DMABUF;
} else if (!strcasecmp(name, "zwlr_screencopy_manager_v1")) {
return LAB_IFACE_SCREENCOPY;
} else if (!strcasecmp(name, "zwlr_data_control_manager_v1")) {
return LAB_IFACE_DATA_CONTROL;
} else if (!strcasecmp(name, "ext_idle_notifier_v1")) {
return LAB_IFACE_IDLE_NOTIFIER;
} else if (!strcasecmp(name, "ext_workspace_manager_v1")) {
return LAB_IFACE_WORKSPACE;
} else if (!strcasecmp(name, "zwlr_foreign_toplevel_manager_v1")) {
return LAB_IFACE_TOPLEVEL_MANAGER;
} else if (!strcasecmp(name, "ext_foreign_toplevel_list_v1")) {
return LAB_IFACE_TOPLEVEL_LIST;
} else if (!strcasecmp(name, "ext_session_lock_manager_v1")) {
return LAB_IFACE_SESSION_LOCK;
} else if (!strcasecmp(name, "zwlr_layer_shell_v1")) {
return LAB_IFACE_LAYER_SHELL;
} else {
return LAB_IFACE_INVALID;
}
}
/* /*
* Openbox/labwc comparison * Openbox/labwc comparison
* *
@ -1377,6 +1417,16 @@ entry(xmlNode *node, char *nodename, char *content)
rc.mag_increment = MAX(0, rc.mag_increment); rc.mag_increment = MAX(0, rc.mag_increment);
} else if (!strcasecmp(nodename, "useFilter.magnifier")) { } else if (!strcasecmp(nodename, "useFilter.magnifier")) {
set_bool(content, &rc.mag_filter); set_bool(content, &rc.mag_filter);
} else if (!strcasecmp(nodename, "privilegedInterfaces")) {
rc.allowed_interfaces = 0;
} else if (!strcasecmp(nodename, "allow.privilegedInterfaces")) {
enum lab_interface iface = parse_privileged_interface(content);
if (iface == LAB_IFACE_INVALID) {
wlr_log(WLR_ERROR, "invalid value for "
"<privilegedInterfaces><allow>");
} else {
rc.allowed_interfaces |= iface;
}
} }
return false; return false;
@ -1459,6 +1509,7 @@ rcxml_init(void)
rc.allow_tearing = LAB_TEARING_DISABLED; rc.allow_tearing = LAB_TEARING_DISABLED;
rc.auto_enable_outputs = true; rc.auto_enable_outputs = true;
rc.reuse_output_mode = false; rc.reuse_output_mode = false;
rc.allowed_interfaces = LAB_IFACE_NOT_SET;
rc.xwayland_persistence = false; rc.xwayland_persistence = false;
rc.primary_selection = true; rc.primary_selection = true;

7
src/server.c
View file

@ -323,6 +323,13 @@ server_global_filter(const struct wl_client *client, const struct wl_global *glo
} }
#endif #endif
if (rc.allowed_interfaces != LAB_IFACE_NOT_SET) {
enum lab_interface i = parse_privileged_interface(iface->name);
if (i != LAB_IFACE_INVALID && (i & rc.allowed_interfaces) == 0) {
return false;
}
}
/* Do not allow security_context_manager_v1 to clients with a security context attached */ /* Do not allow security_context_manager_v1 to clients with a security context attached */
const struct wlr_security_context_v1_state *security_context = const struct wlr_security_context_v1_state *security_context =
wlr_security_context_manager_v1_lookup_client( wlr_security_context_manager_v1_lookup_client(