Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/sway: Extend the descriptions and examples #33015

Merged
merged 1 commit into from Dec 24, 2017
Merged

nixos/sway: Extend the descriptions and examples #33015

merged 1 commit into from Dec 24, 2017

Conversation

primeos
Copy link
Member

@primeos primeos commented Dec 23, 2017

No description provided.

@primeos
nixos/sway: Extend the descriptions and examples
20fbc83 
This'll hopefully make it a bit easier to get started with Sway and make
some things about the module more obvious.
@primeos primeos self-assigned this Dec 23, 2017
primeos
primeos commented Dec 23, 2017
View reviewed changes
nixos/modules/programs/sway.nix
@@ -70,4 +80,6 @@ in
fonts.enableDefaultFonts = mkDefault true;
programs.dconf.enable = mkDefault true;
};

meta.maintainers = with lib.maintainers; [ gnidorah primeos ];
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gnidorah Quick question: Would you like to maintain this module? And is it ok if I add myself as well?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@primeos Sure, thanks.

primeos
primeos commented Dec 23, 2017
View reviewed changes
nixos/modules/programs/sway.nix
@@ -56,7 +66,7 @@ in
environment.systemPackages = [ swayJoined ] ++ cfg.extraPackages;
security.wrappers.sway = {
program = "sway-setcap";
source = "${sway}/bin/sway";
source = "${swayPackage}/bin/sway";
capabilities = "cap_sys_ptrace,cap_sys_tty_config=eip";
owner = "root";
group = "sway";
Copy link
Member Author

@primeos primeos Dec 23, 2017
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

permissions = "u+rx,g+rx";

@Mic92 BTW is there any specific reason to require the sway group here? Normally I would expect user=root, group=root and u=rx,go=x so that every user could execute Sway. Are there any security concerns or did I miss something else?

Copy link
Member

@Mic92 Mic92 Dec 24, 2017
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would grant every user to get the ptrace capability and therefor potentially control every other process regardless of uid/gid (through ptracing sway). Therefore it should be handled with care.

@primeos primeos merged commit 4be298b into NixOS:master Dec 24, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

Assignees

@primeos primeos

Labels
8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@primeos @Mic92 @GrahamcOfBorg