mirror of
https://github.com/swaywm/sway.git
synced 2026-04-22 06:46:27 -04:00
c292679c5c
This adds a command (security_label) which is used to allow or deny access to privileged interfaces on a client-by-client basis. If no security configuration it present, all privileged operations are allowed to all clients. - "security_label deny default *" will deny clients access to all privileged operations - "security_label set default layer_shell" will overwrite the access list for the label "default" and only allow access to the layer_shell interface - "security_label permit recorder screencopy_manager" allows connections that have the label "recorder" access to screencopy_manager in addition to the current permissions of the "recorder" label If a client does not have a label or if the label's permissions were not defined using security_label, the permissions for the "default" label are used; if no definition for "default" is present, all interfaces are allowed. Using permit or deny on a new label does not copy the default. The security configuration state is reset on a config reload (similar to the assign and for_window lists). Currently, the security policy is only enforced during the binding or enumeration of global resources; existing handles to privileged interfaces are not invalided by a change in policy, and existing clients are not informed of the presence of newly available interfaces. |
||
|---|---|---|
| .. | ||
| sway | ||
| swaybar | ||
| swaynag | ||
| background-image.h | ||
| cairo_util.h | ||
| ipc-client.h | ||
| ipc.h | ||
| list.h | ||
| log.h | ||
| loop.h | ||
| meson.build | ||
| pango.h | ||
| pool-buffer.h | ||
| stringop.h | ||
| util.h | ||