Security feature status
ddevault opened this issue · 1 comments
ddevault commented
- Default security config for /etc/sway/config.d/
- Run config files through sed to replace PREFIX and SYSCONFDIR
- Config structure changes & support code
- Implement the permit and reject commands
- Feature policies
- background
- panel
- lock
- lock
- fullscreen
- keyboard
- mouse
- ipc
- screenshot
- Command policies
- IPC security
- Enable/disable features
- Enable/disable events
- Startup sanity check
- Check permissions on /etc/sway
- Check procfs is available
- Check for CAP_SYS_PTRACE
- Check for security sensitive command policies
- Inform user visually of sanity check failures
- Write sway-security(7)
- Drop -Denable-binding-event from cmake
- Optimize permission checks
- New Wayland protocol extensions
- Screenshot
- Handle permission errors in swaybar, swaygrab, swaymsg, etc more gracefully
- Paranoid mode for swaygrab
- Standard mechanisms for sandboxing (collab with wayland-devel)
- Configure IPC features per-executable
-
exec --policy=... [...]