Perform (partial) server initialization before dropping privileges.

Some operations during backend creation (e.g. becoming DRM master) require CAP_SYS_ADMIN privileges. At this point, sway has dropped them already, though. This patch splits the privileged part of server_init into its own function and calls it before dropping its privileges. This fixes the bug with minimal security implications.
2025-11-06 13:29:50 -05:00 · 2018-06-13 00:39:24 +02:00 · 2018-06-13 00:39:24 +02:00 · a5c091e302
commit a5c091e302
parent 202ee51150
3 changed files with 15 additions and 3 deletions
--- a/sway/main.c
+++ b/sway/main.c
@ -359,6 +359,11 @@ int main(int argc, char **argv) {

 	executable_sanity_check();
 	bool suid = false;
+
+	if (!server_privileged_prepare(&server)) {
+		return 1;
+	}
+
 #ifdef __linux__
 	if (getuid() != geteuid() || getgid() != getegid()) {
 		// Retain capabilities after setuid()