As kwin_wayland can have the CAP_SYS_NICE capability, libxkbcommon does not
read environment variables (see secure_getenv).
So process them here, in the same way xkb_context_sanitize_rule_names would.
BUG: 388249
graesslin |
Plasma |
As kwin_wayland can have the CAP_SYS_NICE capability, libxkbcommon does not
read environment variables (see secure_getenv).
So process them here, in the same way xkb_context_sanitize_rule_names would.
BUG: 388249
kwin_wayland has the capability set, keyboard layout is applied correctly.
No Linters Available |
No Unit Test Coverage |
I wasn't aware of this secure_getenv functionality. Is that also in place after the process has completely dropped all privs?
xkb.h | ||
---|---|---|
121–127 | as both do not operate on anything of the Xkb class I would move them out of the class and put them into an anonymous namespace. |
Me neither...
Is that also in place after the process has completely dropped all privs?
Quote from man 3 secure_getenv:
the effective capability bit was set on the executable file
so, yes.
xkb.h | ||
---|---|---|
121–127 | Would just moving them outside of the class as static functions within xkb.cpp work for you as well? |
Fixed up the trailing whitespace in line 165 and landed: https://commits.kde.org/kwin/eb69e87288d37fdb13eca32ca807ed8279f912af