Perform (partial) server initialization before dropping privileges.

Some operations during backend creation (e.g. becoming DRM master) require CAP_SYS_ADMIN privileges. At this point, sway has dropped them already, though. This patch splits the privileged part of server_init into its own function and calls it before dropping its privileges. This fixes the bug with minimal security implications.
2025-11-11 13:29:51 -05:00 · 2018-06-13 00:39:24 +02:00 · 2018-06-13 00:39:24 +02:00 · a5c091e302
commit a5c091e302
parent 202ee51150
3 changed files with 15 additions and 3 deletions
--- a/sway/server.c
+++ b/sway/server.c
@ -25,9 +25,8 @@
 #include "sway/tree/layout.h"


-bool server_init(struct sway_server *server) {
-	wlr_log(L_DEBUG, "Initializing Wayland server");
-
+bool server_privileged_prepare(struct sway_server *server) {
+	wlr_log(L_DEBUG, "Preparing Wayland server initialization");
 	server->wl_display = wl_display_create();
 	server->wl_event_loop = wl_display_get_event_loop(server->wl_display);
 	server->backend = wlr_backend_autocreate(server->wl_display, NULL);
@ -36,6 +35,12 @@ bool server_init(struct sway_server *server) {
 		wlr_log(L_ERROR, "Unable to create backend");
 		return false;
 	}
+	return true;
+}
+
+bool server_init(struct sway_server *server) {
+	wlr_log(L_DEBUG, "Initializing Wayland server");
+
 	struct wlr_renderer *renderer = wlr_backend_get_renderer(server->backend);
 	assert(renderer);