aboutsummaryrefslogtreecommitdiff
path: root/sway/commands
diff options
context:
space:
mode:
Diffstat (limited to 'sway/commands')
-rw-r--r--sway/commands/commands.c5
-rw-r--r--sway/commands/ipc.c5
-rw-r--r--sway/commands/permit.c10
3 files changed, 20 insertions, 0 deletions
diff --git a/sway/commands/commands.c b/sway/commands/commands.c
index 5d248e30..8c7ed487 100644
--- a/sway/commands/commands.c
+++ b/sway/commands/commands.c
@@ -19,5 +19,10 @@ struct cmd_results *cmd_commands(int argc, char **argv) {
return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file.");
}
+ if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
+ return cmd_results_new(CMD_INVALID, "permit",
+ "This command is only permitted to run from " SYSCONFDIR "/sway/security");
+ }
+
return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL);
}
diff --git a/sway/commands/ipc.c b/sway/commands/ipc.c
index 222be0dd..113a975b 100644
--- a/sway/commands/ipc.c
+++ b/sway/commands/ipc.c
@@ -21,6 +21,11 @@ struct cmd_results *cmd_ipc(int argc, char **argv) {
return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file.");
}
+ if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
+ return cmd_results_new(CMD_INVALID, "permit",
+ "This command is only permitted to run from " SYSCONFDIR "/sway/security");
+ }
+
return cmd_results_new(CMD_BLOCK_IPC, NULL, NULL);
}
diff --git a/sway/commands/permit.c b/sway/commands/permit.c
index dee246d7..1b2a30bf 100644
--- a/sway/commands/permit.c
+++ b/sway/commands/permit.c
@@ -64,6 +64,11 @@ struct cmd_results *cmd_permit(int argc, char **argv) {
return error;
}
+ if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
+ return cmd_results_new(CMD_INVALID, "permit",
+ "This command is only permitted to run from " SYSCONFDIR "/sway/security");
+ }
+
struct feature_policy *policy = get_policy(argv[0]);
policy->features |= get_features(argc, argv, &error);
@@ -83,6 +88,11 @@ struct cmd_results *cmd_reject(int argc, char **argv) {
return error;
}
+ if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
+ return cmd_results_new(CMD_INVALID, "permit",
+ "This command is only permitted to run from " SYSCONFDIR "/sway/security");
+ }
+
struct feature_policy *policy = get_policy(argv[0]);
policy->features &= ~get_features(argc, argv, &error);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-17 04:38:22 +0000