mirrors/sway
1
0
Fork 0
mirror of https://github.com/swaywm/sway.git synced 2026-04-25 06:46:24 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow running as root with an opt-in CLI flag

Browse source
This commit is contained in:
Ryan Westlund 2020-08-15 14:07:26 -04:00
parent 7ca9ef12f8
commit 2c88f2fa4b
1 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

16
sway/main.c
View file

@ -185,7 +185,7 @@ static void log_kernel(void) {
} }
static bool drop_permissions(void) { static bool drop_permissions(bool allow_root) {
if (getuid() != geteuid() || getgid() != getegid()) { if (getuid() != geteuid() || getgid() != getegid()) {
// Set the gid and uid in the correct order. // Set the gid and uid in the correct order.
if (setgid(getgid()) != 0) { if (setgid(getgid()) != 0) {
@ -197,7 +197,7 @@ static bool drop_permissions(void) {
return false; return false;
} }
} }
if (setgid(0) != -1 || setuid(0) != -1) { if (!allow_root && (setgid(0) != -1 || setuid(0) != -1)) {
sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to " sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to "
"restore it after setuid), refusing to start"); "restore it after setuid), refusing to start");
return false; return false;
@ -224,7 +224,8 @@ void enable_debug_flag(const char *flag) {
} }
int main(int argc, char **argv) { int main(int argc, char **argv) {
static int verbose = 0, debug = 0, validate = 0, allow_unsupported_gpu = 0; static int verbose = 0, debug = 0, validate = 0,
allow_unsupported_gpu = 0, allow_root = 0;
static struct option long_options[] = { static struct option long_options[] = {
{"help", no_argument, NULL, 'h'}, {"help", no_argument, NULL, 'h'},
@ -236,6 +237,7 @@ int main(int argc, char **argv) {
{"get-socketpath", no_argument, NULL, 'p'}, {"get-socketpath", no_argument, NULL, 'p'},
{"unsupported-gpu", no_argument, NULL, 'u'}, {"unsupported-gpu", no_argument, NULL, 'u'},
{"my-next-gpu-wont-be-nvidia", no_argument, NULL, 'u'}, {"my-next-gpu-wont-be-nvidia", no_argument, NULL, 'u'},
{"allow-root", no_argument, NULL, 'r'},
{0, 0, 0, 0} {0, 0, 0, 0}
}; };
@ -251,6 +253,7 @@ int main(int argc, char **argv) {
" -v, --version Show the version number and quit.\n" " -v, --version Show the version number and quit.\n"
" -V, --verbose Enables more verbose logging.\n" " -V, --verbose Enables more verbose logging.\n"
" --get-socketpath Gets the IPC socket path and prints it, then exits.\n" " --get-socketpath Gets the IPC socket path and prints it, then exits.\n"
" --allow-root Allow running with root privileges.\n"
"\n"; "\n";
int c; int c;
@ -297,6 +300,9 @@ int main(int argc, char **argv) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
break; break;
case 'r': // allow root
allow_root = 1;
break;
default: default:
fprintf(stderr, "%s", usage); fprintf(stderr, "%s", usage);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
@ -342,7 +348,7 @@ int main(int argc, char **argv) {
"`sway -d 2>sway.log`."); "`sway -d 2>sway.log`.");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if (!drop_permissions()) { if (!drop_permissions(allow_root)) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
char *socket_path = getenv("SWAYSOCK"); char *socket_path = getenv("SWAYSOCK");
@ -360,7 +366,7 @@ int main(int argc, char **argv) {
return 1; return 1;
} }
if (!drop_permissions()) { if (!drop_permissions(allow_root)) {
server_fini(&server); server_fini(&server);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }