diff options
author | K900 <me@0upti.me> | 2024-05-05 22:00:27 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-05 22:00:27 +0300 |
commit | 8d9c2c8a1c125f8aa6e4880361e135e9929fd42c (patch) | |
tree | 26630bf315fd409ec317cebddc05f744248c3c8e /pkgs/kde | |
parent | 9b7585d9365ffe13893e10dc7e03464553545ce5 (diff) | |
parent | def8d7e2549f2b2eb54d1115833cd814ffb0ba14 (diff) |
Merge pull request #309318 from oxalica/feat/plasma6-kwin-wayland-nice
nixos/plasma6: add CAP_SYS_NICE for kwin_wayland
Diffstat (limited to 'pkgs/kde')
-rw-r--r-- | pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch | 40 | ||||
-rw-r--r-- | pkgs/kde/plasma/kwin/default.nix | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch b/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch new file mode 100644 index 0000000000000..e6408605aa431 --- /dev/null +++ b/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch @@ -0,0 +1,40 @@ +From 232e480ab1303f37d37d295b57fdcbb6b6648bca Mon Sep 17 00:00:00 2001 +From: Alois Wohlschlager <alois1@gmx-topmail.de> +Date: Sun, 7 Aug 2022 16:12:31 +0200 +Subject: [PATCH] Lower CAP_SYS_NICE from the ambient set + +The capabilities wrapper raises CAP_SYS_NICE into the ambient set so it +is inherited by the wrapped program. However, we don't want it to leak +into the entire desktop environment. + +Lower the capability again at startup so that the kernel will clear it +on exec. +--- + src/main_wayland.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/main_wayland.cpp b/src/main_wayland.cpp +index 1720e14e7..f2bb446b0 100644 +--- a/src/main_wayland.cpp ++++ b/src/main_wayland.cpp +@@ -39,7 +39,9 @@ + #include <QWindow> + #include <qplatformdefs.h> + ++#include <linux/capability.h> + #include <sched.h> ++#include <sys/prctl.h> + #include <sys/resource.h> + + #include <iomanip> +@@ -285,6 +287,7 @@ static QString automaticBackendSelection() + + int main(int argc, char *argv[]) + { ++ prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, CAP_SYS_NICE, 0, 0); + KWin::Application::setupMalloc(); + KWin::Application::setupLocalizedString(); + KWin::gainRealTime(); +-- +2.37.1 + diff --git a/pkgs/kde/plasma/kwin/default.nix b/pkgs/kde/plasma/kwin/default.nix index fc5f00991d9ee..7c3b0ce2bbe12 100644 --- a/pkgs/kde/plasma/kwin/default.nix +++ b/pkgs/kde/plasma/kwin/default.nix @@ -26,6 +26,7 @@ mkKdeDerivation { # The rest are NixOS-specific hacks ./0003-plugins-qpa-allow-using-nixos-wrapper.patch ./0001-NixOS-Unwrap-executable-name-for-.desktop-search.patch + ./0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch ]; postPatch = '' |