Perform (partial) server initialization before dropping privileges.

Some operations during backend creation (e.g. becoming DRM master) require CAP_SYS_ADMIN privileges. At this point, sway has dropped them already, though. This patch splits the privileged part of server_init into its own function and calls it before dropping its privileges. This fixes the bug with minimal security implications.
author: Tobias Blass <[email protected]> 2018-06-13 00:39:24 +0200
committer: Tobias Blass <[email protected]> 2018-06-19 00:19:57 +0200
commit: a5c091e3026eb41d3a4daef3db95b47a3445aa11 (patch)
tree: 3317961dd1425f428ccdebce378e0f010d57a14b /sway/main.c
parent: 202ee511503bc7c6a18dec440ac3cdb8d5e8f859 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/sway/main.c b/sway/main.c
index a7e808ad..a325dc3a 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -359,6 +359,11 @@ int main(int argc, char **argv) {
 
 	executable_sanity_check();
 	bool suid = false;
+
+	if (!server_privileged_prepare(&server)) {
+		return 1;
+	}
+
 #ifdef __linux__
 	if (getuid() != geteuid() || getgid() != getegid()) {
 		// Retain capabilities after setuid()
author	Tobias Blass <[email protected]>	2018-06-13 00:39:24 +0200
committer	Tobias Blass <[email protected]>	2018-06-19 00:19:57 +0200
commit	a5c091e3026eb41d3a4daef3db95b47a3445aa11 (patch)
tree	3317961dd1425f428ccdebce378e0f010d57a14b /sway/main.c
parent	202ee511503bc7c6a18dec440ac3cdb8d5e8f859 (diff)