nixpkgs

mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-16 23:03:40 +01:00

History

Alois Wohlschlager f238a0a093 kwin: don't leak CAP_SYS_NICE The capability wrapper raises CAP_SYS_NICE into the ambient set. As a result, not only is kwin_wayland itself granted that capability, but also all applications started by it (even transitively, i.e. the entire desktop environment). While CAP_SYS_NICE is not a particularly dangerous capability, that behaviour is still not great; furthermore it's annoying because it breaks programs checking that they are not granted any capabilities (e.g. bubblewrap). Fix this behaviour by adding a patch that causes kwin_wayland to lower CAP_SYS_NICE from the ambient capability set at startup. That way, expected upstream behaviour is restored.		2022-08-07 19:12:37 +02:00
..
0001-follow-symlinks.patch
0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch	kwin: don't leak CAP_SYS_NICE	2022-08-07 19:12:37 +02:00
0001-NixOS-Unwrap-executable-name-for-.desktop-search.patch	kwin: fix build for 5.24.90	2022-06-15 14:53:40 +08:00
0002-xwayland.patch	kwin: fix build for 5.24.90	2022-06-15 14:53:40 +08:00
0003-plugins-qpa-allow-using-nixos-wrapper.patch
default.nix	kwin: don't leak CAP_SYS_NICE	2022-08-07 19:12:37 +02:00