From 2c88f2fa4b4481c269d954055003d1878b74d5e6 Mon Sep 17 00:00:00 2001
From: Ryan Westlund <rlwestlund@gmail.com>
Date: Sat, 15 Aug 2020 14:07:26 -0400
Subject: [PATCH] Allow running as root with an opt-in CLI flag

---
 sway/main.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/sway/main.c b/sway/main.c
index cd03c873c..b391f0fcc 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -185,7 +185,7 @@ static void log_kernel(void) {
 }
 
 
-static bool drop_permissions(void) {
+static bool drop_permissions(bool allow_root) {
 	if (getuid() != geteuid() || getgid() != getegid()) {
 		// Set the gid and uid in the correct order.
 		if (setgid(getgid()) != 0) {
@@ -197,7 +197,7 @@ static bool drop_permissions(void) {
 			return false;
 		}
 	}
-	if (setgid(0) != -1 || setuid(0) != -1) {
+	if (!allow_root && (setgid(0) != -1 || setuid(0) != -1)) {
 		sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to "
 			"restore it after setuid), refusing to start");
 		return false;
@@ -224,7 +224,8 @@ void enable_debug_flag(const char *flag) {
 }
 
 int main(int argc, char **argv) {
-	static int verbose = 0, debug = 0, validate = 0, allow_unsupported_gpu = 0;
+	static int verbose = 0, debug = 0, validate = 0,
+		allow_unsupported_gpu = 0, allow_root = 0;
 
 	static struct option long_options[] = {
 		{"help", no_argument, NULL, 'h'},
@@ -236,6 +237,7 @@ int main(int argc, char **argv) {
 		{"get-socketpath", no_argument, NULL, 'p'},
 		{"unsupported-gpu", no_argument, NULL, 'u'},
 		{"my-next-gpu-wont-be-nvidia", no_argument, NULL, 'u'},
+		{"allow-root", no_argument, NULL, 'r'},
 		{0, 0, 0, 0}
 	};
 
@@ -251,6 +253,7 @@ int main(int argc, char **argv) {
 		"  -v, --version          Show the version number and quit.\n"
 		"  -V, --verbose          Enables more verbose logging.\n"
 		"      --get-socketpath   Gets the IPC socket path and prints it, then exits.\n"
+		"      --allow-root       Allow running with root privileges.\n"
 		"\n";
 
 	int c;
@@ -297,6 +300,9 @@ int main(int argc, char **argv) {
 				exit(EXIT_FAILURE);
 			}
 			break;
+		case 'r': // allow root
+			allow_root = 1;
+			break;
 		default:
 			fprintf(stderr, "%s", usage);
 			exit(EXIT_FAILURE);
@@ -342,7 +348,7 @@ int main(int argc, char **argv) {
 					"`sway -d 2>sway.log`.");
 			exit(EXIT_FAILURE);
 		}
-		if (!drop_permissions()) {
+		if (!drop_permissions(allow_root)) {
 			exit(EXIT_FAILURE);
 		}
 		char *socket_path = getenv("SWAYSOCK");
@@ -360,7 +366,7 @@ int main(int argc, char **argv) {
 		return 1;
 	}
 
-	if (!drop_permissions()) {
+	if (!drop_permissions(allow_root)) {
 		server_fini(&server);
 		exit(EXIT_FAILURE);
 	}