From e9c772e265b2293af031c79f4bbc99b5847dfe3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tor=20Hedin=20Br=C3=B8nner?= Date: Sat, 19 Oct 2019 13:26:05 +0200 Subject: [PATCH] drop inheritable Adapted from https://gitlab.gnome.org/GNOME/mutter/commit/c53c47ae123b03cc66044d2b846342123ecb3a01 We only want to drop inheritable though, to prevent the ambient set leaking further than gnome-shell. --- config.h.meson | 3 +++ meson.build | 5 +++++ meson_options.txt | 6 ++++++ src/core/main.c | 11 +++++++++++ src/meson.build | 1 + 5 files changed, 26 insertions(+) diff --git a/config.h.meson b/config.h.meson index 0bab71848..202fb7ed1 100644 --- a/config.h.meson +++ b/config.h.meson @@ -58,6 +58,9 @@ /* Xwayland applications allowed to issue keyboard grabs */ #mesondefine XWAYLAND_GRAB_DEFAULT_ACCESS_RULES +/* Defined if libcap-ng is available */ +#mesondefine HAVE_LIBCAPNG + /* XKB base prefix */ #mesondefine XKB_BASE diff --git a/meson.build b/meson.build index 3322bd3b1..01c8020fa 100644 --- a/meson.build +++ b/meson.build @@ -35,6 +35,7 @@ libstartup_notification_req = '>= 0.7' libcanberra_req = '>= 0.26' libwacom_req = '>= 0.13' atk_req = '>= 2.5.3' +libcapng_req = '>= 0.7.9' # optional version requirements udev_req = '>= 228' @@ -131,6 +131,7 @@ ice_dep = dependency('ice') atk_dep = dependency('atk', version: atk_req) libcanberra_dep = dependency('libcanberra', version: libcanberra_req) dbus_dep = dependency('dbus-1') +libcapng_dep = dependency('libcap-ng', required: get_option('libcapng')) # For now always require X11 support have_x11 = true @@ -256,6 +258,7 @@ have_core_tests = false have_cogl_tests = false have_clutter_tests = false have_installed_tests = false +have_libcapng = libcapng_dep.found() if have_tests have_core_tests = get_option('core_tests') @@ -361,6 +364,7 @@ cdata.set('HAVE_LIBWACOM', have_libwacom) cdata.set('HAVE_SM', have_sm) cdata.set('HAVE_STARTUP_NOTIFICATION', have_startup_notification) cdata.set('HAVE_INTROSPECTION', have_introspection) +cdata.set('HAVE_LIBCAPNG', have_libcapng) cdata.set('HAVE_PROFILER', have_profiler) xkb_base = xkeyboard_config_dep.get_pkgconfig_variable('xkb_base') @@ -465,6 +465,7 @@ output = [ ' Introspection............ ' + have_introspection.to_string(), ' Profiler................. ' + have_profiler.to_string(), ' Xwayland initfd.......... ' + have_xwayland_initfd.to_string(), + ' libcap-ng................ ' + have_libcapng.to_string(), '', ' Tests:', '', diff --git a/meson_options.txt b/meson_options.txt index 73aa7adde..8bfaacd9a 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -152,3 +152,9 @@ option('xwayland_grab_default_access_rules', value: 'gnome-boxes,remote-viewer,virt-viewer,virt-manager,vinagre,vncviewer,Xephyr', description: 'Comma delimited list of applications ressources or class allowed to issue X11 grabs in Xwayland' ) + +option('libcapng', + type: 'feature', + value: 'auto', + description: 'Enable libcap-ng support' +) diff --git a/src/core/main.c b/src/core/main.c index 7f4f666d2..b27968f13 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -66,6 +66,10 @@ #include #endif +#ifdef HAVE_LIBCAPNG +#include +#endif + #if defined(HAVE_NATIVE_BACKEND) && defined(HAVE_WAYLAND) #include #endif /* HAVE_WAYLAND && HAVE_NATIVE_BACKEND */ @@ -670,5 +674,12 @@ int meta_run (void) { meta_start (); + +#ifdef HAVE_LIBCAPNG + capng_clear(CAPNG_SELECT_BOTH); + capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_NICE); + capng_apply(CAPNG_SELECT_BOTH); +#endif + meta_run_main_loop (); meta_finalize (); diff --git a/src/meson.build b/src/meson.build index 90d80734f..a9fffa2c2 100644 --- a/src/meson.build +++ b/src/meson.build @@ -18,6 +18,7 @@ mutter_pkg_deps = [ glib_dep, gsettings_desktop_schemas_dep, gtk3_dep, + libcapng_dep, pango_dep, ] -- 2.23.0