[mutter/wip/carlosg/drop-caps: 5/7] core: Drop all capabilities on initialization

From: Carlos Garnacho <carlosg src gnome org>
To: commits-list gnome org
Cc:
Subject: [mutter/wip/carlosg/drop-caps: 5/7] core: Drop all capabilities on initialization
Date: Sun, 10 Nov 2019 10:48:51 +0000 (UTC)
commit 866719faf787e0df7aeba8763d1229bf26a39c48
Author: Carlos Garnacho <carlosg gnome org>
Date:   Wed Feb 27 18:58:52 2019 +0100

    core: Drop all capabilities on initialization
    
    Add an optional dependency on libcap-ng, if the library is detected
    drop all capabilities by default, in order to allow packagers/users
    to do "setcap CAP_SYS_NICE=+ep `which gnome-shell`" and let it set
    higher priorities it wouldn't be allowed to.
    
    Examples are: EGL_IMG_context_priority, SCHED_RR. This is done at
    a sufficient late point in time that those can be done, but at a
    sufficient early point in time that CAP_SYS_NICE doesn't leak to
    worker threads spawned underneath.
    
    https://gitlab.gnome.org/GNOME/mutter/merge_requests/923

 .gitlab-ci/Dockerfile | 2 +-
 config.h.meson        | 3 +++
 meson.build           | 5 +++++
 meson_options.txt     | 6 ++++++
 src/core/main.c       | 9 +++++++++
 src/meson.build       | 1 +
 6 files changed, 25 insertions(+), 1 deletion(-)
---
diff --git a/.gitlab-ci/Dockerfile b/.gitlab-ci/Dockerfile
index 6d2548c18..9fee51789 100644
--- a/.gitlab-ci/Dockerfile
+++ b/.gitlab-ci/Dockerfile
@@ -16,7 +16,7 @@ RUN dnf -y update && dnf -y upgrade && \
     dnf builddep -y mutter && \
 
     # Until Fedora catches up with new build-deps
-    dnf install -y 'pkgconfig(graphene-gobject-1.0)' 'pkgconfig(sysprof-capture-3)' && \
+    dnf install -y 'pkgconfig(graphene-gobject-1.0)' 'pkgconfig(sysprof-capture-3)' 'pkgconfig(libcap-ng)' 
&& \
 
     # For running unit tests
     dnf install -y xorg-x11-server-Xvfb mesa-dri-drivers dbus dbus-x11 '*/xvfb-run' gdm-lib 
accountsservice-libs gnome-control-center && \
diff --git a/config.h.meson b/config.h.meson
index 0bab71848..817c67fa9 100644
--- a/config.h.meson
+++ b/config.h.meson
@@ -67,3 +67,6 @@
 /* Either <sys/random.h> or <linux/random.h> */
 #mesondefine HAVE_SYS_RANDOM
 #mesondefine HAVE_LINUX_RANDOM
+
+/* Defined if libcap-ng is available */
+#mesondefine HAVE_LIBCAPNG
diff --git a/meson.build b/meson.build
index f6395054f..5d5747665 100644
--- a/meson.build
+++ b/meson.build
@@ -36,6 +36,7 @@ libstartup_notification_req = '>= 0.7'
 libcanberra_req = '>= 0.26'
 libwacom_req = '>= 0.13'
 atk_req = '>= 2.5.3'
+libcapng_req = '>= 0.7.9'
 
 # optional version requirements
 udev_req = '>= 228'
@@ -127,6 +128,7 @@ xau_dep = dependency('xau')
 ice_dep = dependency('ice')
 atk_dep = dependency('atk', version: atk_req)
 libcanberra_dep = dependency('libcanberra', version: libcanberra_req)
+libcapng_dep = dependency('libcap-ng', required: get_option('libcapng'))
 
 # For now always require X11 support
 have_x11 = true
@@ -258,6 +260,7 @@ have_core_tests = false
 have_cogl_tests = false
 have_clutter_tests = false
 have_installed_tests = false
+have_libcapng = libcapng_dep.found()
 
 if have_tests
   have_core_tests = get_option('core_tests')
@@ -364,6 +367,7 @@ cdata.set('HAVE_SM', have_sm)
 cdata.set('HAVE_STARTUP_NOTIFICATION', have_startup_notification)
 cdata.set('HAVE_INTROSPECTION', have_introspection)
 cdata.set('HAVE_PROFILER', have_profiler)
+cdata.set('HAVE_LIBCAPNG', have_libcapng)
 
 xkb_base = xkeyboard_config_dep.get_pkgconfig_variable('xkb_base')
 cdata.set_quoted('XKB_BASE', xkb_base)
@@ -445,6 +449,7 @@ output = [
   '        Startup notification..... ' + have_startup_notification.to_string(),
   '        Introspection............ ' + have_introspection.to_string(),
   '        Profiler................. ' + have_profiler.to_string(),
+  '        libcap-ng................ ' + have_libcapng.to_string(),
   '',
   '    Tests:',
   '',
diff --git a/meson_options.txt b/meson_options.txt
index 73aa7adde..8bfaacd9a 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -152,3 +152,9 @@ option('xwayland_grab_default_access_rules',
   value: 'gnome-boxes,remote-viewer,virt-viewer,virt-manager,vinagre,vncviewer,Xephyr',
   description: 'Comma delimited list of applications ressources or class allowed to issue X11 grabs in 
Xwayland'
 )
+
+option('libcapng',
+  type: 'feature',
+  value: 'auto',
+  description: 'Enable libcap-ng support'
+)
diff --git a/src/core/main.c b/src/core/main.c
index 5ecea0f1f..c86e7555b 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -66,6 +66,10 @@
 #include <girepository.h>
 #endif
 
+#ifdef HAVE_LIBCAPNG
+#include <cap-ng.h>
+#endif
+
 #if defined(HAVE_NATIVE_BACKEND) && defined(HAVE_WAYLAND)
 #include <systemd/sd-login.h>
 #endif /* HAVE_WAYLAND && HAVE_NATIVE_BACKEND */
@@ -597,6 +601,11 @@ meta_init (void)
     }
 #endif
 
+#ifdef HAVE_LIBCAPNG
+  capng_clear (CAPNG_SELECT_BOTH);
+  capng_apply (CAPNG_SELECT_BOTH);
+#endif
+
   g_unix_signal_add (SIGTERM, on_sigterm, NULL);
 
   if (g_get_home_dir ())
diff --git a/src/meson.build b/src/meson.build
index db63ed317..d000aa83c 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -18,6 +18,7 @@ mutter_pkg_deps = [
   glib_dep,
   gsettings_desktop_schemas_dep,
   gtk3_dep,
+  libcapng_dep,
   pango_dep,
 ]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]