Manually take XKB_DEFAULT_{RULES,MODEL,LAYOUT,VARIANT,OPTIONS} into account
ClosedPublic

Authored by fvogt on Jan 14 2018, 1:04 PM.

Details

Summary

As kwin_wayland can have the CAP_SYS_NICE capability, libxkbcommon does not
read environment variables (see secure_getenv).
So process them here, in the same way xkb_context_sanitize_rule_names would.

BUG: 388249

Test Plan

kwin_wayland has the capability set, keyboard layout is applied correctly.

Diff Detail

Repository
R108 KWin
Branch
master
Lint
No Linters Available
Unit
No Unit Test Coverage
fvogt created this revision.Jan 14 2018, 1:04 PM
Restricted Application added a project: KWin. · View Herald TranscriptJan 14 2018, 1:04 PM
Restricted Application added subscribers: KWin, kwin. · View Herald Transcript
fvogt requested review of this revision.Jan 14 2018, 1:04 PM
Restricted Application edited projects, added Plasma; removed KWin. · View Herald TranscriptJan 14 2018, 1:04 PM

I wasn't aware of this secure_getenv functionality. Is that also in place after the process has completely dropped all privs?

xkb.h
121–127 ↗(On Diff #25311)

as both do not operate on anything of the Xkb class I would move them out of the class and put them into an anonymous namespace.

Restricted Application edited projects, added KWin; removed Plasma. · View Herald TranscriptJan 14 2018, 2:20 PM
fvogt added a comment.Jan 14 2018, 8:45 PM

I wasn't aware of this secure_getenv functionality.

Me neither...

Is that also in place after the process has completely dropped all privs?

Quote from man 3 secure_getenv:

the effective capability bit was set on the executable file

so, yes.

xkb.h
121–127 ↗(On Diff #25311)

Would just moving them outside of the class as static functions within xkb.cpp work for you as well?

Restricted Application edited projects, added Plasma; removed KWin. · View Herald TranscriptJan 14 2018, 8:45 PM
fvogt updated this revision to Diff 25351.Jan 14 2018, 8:49 PM

Move the added functions from the class into the xkb.cpp's static scope.

Restricted Application edited projects, added KWin; removed Plasma. · View Herald TranscriptJan 14 2018, 8:49 PM
graesslin accepted this revision.Jan 15 2018, 5:21 AM
This revision is now accepted and ready to land.Jan 15 2018, 5:21 AM
Restricted Application edited projects, added Plasma; removed KWin. · View Herald TranscriptJan 15 2018, 5:21 AM
fvogt closed this revision.Jan 15 2018, 7:58 AM

Fixed up the trailing whitespace in line 165 and landed: https://commits.kde.org/kwin/eb69e87288d37fdb13eca32ca807ed8279f912af

Restricted Application edited projects, added KWin; removed Plasma. · View Herald TranscriptJan 15 2018, 7:58 AM