Merge pull request #1080 from SirCmpwn/ipc-security

Revise IPC security configuration

1 files changed, 52 insertions, 0 deletions

diff --git a/security.d/00-defaults.in b/security.d/00-defaults.in
new file mode 100644
index 00000000..34831c65
--- /dev/null
+++ b/security.d/00-defaults.in
@@ -0,0 +1,52 @@
+# sway security rules
+#
+# Read sway-security(7) for details on how to secure your sway install.
+#
+# You MUST read this man page if you intend to attempt to secure your sway
+# installation.
+#
+# DO NOT CHANGE THIS FILE. Override these defaults by writing new files in
+# __SYSCONFDIR__/sway/security.d/*
+
+# Configures enabled compositor features for specific programs
+permit * fullscreen keyboard mouse
+permit __PREFIX__/bin/swaylock lock
+permit __PREFIX__/bin/swaybg background
+permit __PREFIX__/bin/swaygrab screenshot
+permit __PREFIX__/bin/swaybar panel
+
+# Configures enabled IPC features for specific programs
+ipc __PREFIX__/bin/swaymsg {
+    * enabled
+
+    events {
+        * disabled
+    }
+}
+
+ipc __PREFIX__/bin/swaybar {
+    bar-config enabled
+    outputs enabled
+    workspaces enabled
+    command enabled
+
+    events {
+        workspace enabled
+        mode enabled
+    }
+}
+
+ipc __PREFIX__/bin/swaygrab {
+    outputs enabled
+    tree enabled
+}
+
+# Limits the contexts from which certain commands are permitted
+commands {
+    * all
+
+    fullscreen binding criteria
+    bindsym config
+    exit binding
+    kill binding
+}