diff options
Diffstat (limited to 'pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch')
| -rw-r--r-- | pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch b/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch new file mode 100644 index 0000000000000..e6408605aa431 --- /dev/null +++ b/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch @@ -0,0 +1,40 @@ +From 232e480ab1303f37d37d295b57fdcbb6b6648bca Mon Sep 17 00:00:00 2001 +From: Alois Wohlschlager <alois1@gmx-topmail.de> +Date: Sun, 7 Aug 2022 16:12:31 +0200 +Subject: [PATCH] Lower CAP_SYS_NICE from the ambient set + +The capabilities wrapper raises CAP_SYS_NICE into the ambient set so it +is inherited by the wrapped program. However, we don't want it to leak +into the entire desktop environment. + +Lower the capability again at startup so that the kernel will clear it +on exec. +--- + src/main_wayland.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/main_wayland.cpp b/src/main_wayland.cpp +index 1720e14e7..f2bb446b0 100644 +--- a/src/main_wayland.cpp ++++ b/src/main_wayland.cpp +@@ -39,7 +39,9 @@ + #include <QWindow> + #include <qplatformdefs.h> + ++#include <linux/capability.h> + #include <sched.h> ++#include <sys/prctl.h> + #include <sys/resource.h> + + #include <iomanip> +@@ -285,6 +287,7 @@ static QString automaticBackendSelection() + + int main(int argc, char *argv[]) + { ++ prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, CAP_SYS_NICE, 0, 0); + KWin::Application::setupMalloc(); + KWin::Application::setupLocalizedString(); + KWin::gainRealTime(); +-- +2.37.1 + |