diff options
Diffstat (limited to 'sway')
| -rw-r--r-- | sway/CMakeLists.txt | 5 | ||||
| -rw-r--r-- | sway/ipc-server.c | 5 | ||||
| -rw-r--r-- | sway/main.c | 2 | ||||
| -rw-r--r-- | sway/security.c | 4 |
4 files changed, 15 insertions, 1 deletions
diff --git a/sway/CMakeLists.txt b/sway/CMakeLists.txt index d1afadb6..4532a6c3 100644 --- a/sway/CMakeLists.txt +++ b/sway/CMakeLists.txt @@ -55,9 +55,12 @@ target_link_libraries(sway ${PANGO_LIBRARIES} ${JSONC_LIBRARIES} m - cap ) +if (CMAKE_SYSTEM_NAME STREQUAL Linux) + target_link_libraries(sway cap) +endif (CMAKE_SYSTEM_NAME STREQUAL Linux) + install( TARGETS sway RUNTIME diff --git a/sway/ipc-server.c b/sway/ipc-server.c index 815b232b..de72beca 100644 --- a/sway/ipc-server.c +++ b/sway/ipc-server.c @@ -126,6 +126,8 @@ struct sockaddr_un *ipc_user_sockaddr(void) { } static pid_t get_client_pid(int client_fd) { +// FreeBSD supports getting uid/gid, but not pid +#ifdef __linux__ struct ucred ucred; socklen_t len = sizeof(struct ucred); @@ -134,6 +136,9 @@ static pid_t get_client_pid(int client_fd) { } return ucred.pid; +#else + return -1; +#endif } int ipc_handle_connection(int fd, uint32_t mask, void *data) { diff --git a/sway/main.c b/sway/main.c index eb103a1e..157c61b3 100644 --- a/sway/main.c +++ b/sway/main.c @@ -152,6 +152,7 @@ static void security_sanity_check() { sway_log(L_ERROR, "!! DANGER !! /proc is not available - sway CANNOT enforce security rules!"); } +#ifdef __linux__ cap_flag_value_t v; cap_t cap = cap_get_proc(); if (!cap || cap_get_flag(cap, CAP_SYS_PTRACE, CAP_PERMITTED, &v) != 0 || v != CAP_SET) { @@ -161,6 +162,7 @@ static void security_sanity_check() { if (cap) { cap_free(cap); } +#endif if (!stat(SYSCONFDIR "/sway", &s)) { if (s.st_uid != 0 || s.st_gid != 0 || (s.st_mode & S_IWGRP) || (s.st_mode & S_IWOTH)) { diff --git a/sway/security.c b/sway/security.c index f16fdd1f..9cccd62e 100644 --- a/sway/security.c +++ b/sway/security.c @@ -28,7 +28,11 @@ struct command_policy *alloc_command_policy(const char *command) { } enum secure_feature get_feature_policy(pid_t pid) { +#ifdef __FreeBSD__ + const char *fmt = "/proc/%d/file"; +#else const char *fmt = "/proc/%d/exe"; +#endif int pathlen = snprintf(NULL, 0, fmt, pid); char *path = malloc(pathlen + 1); snprintf(path, pathlen + 1, fmt, pid); |