Change how security config is loaded0.11-rc3

author: Drew DeVault <sir@cmpwn.com> 2016-12-17 15:19:50 -0500
committer: Drew DeVault <sir@cmpwn.com> 2016-12-17 15:21:57 -0500
commit: 1172566d4e298aa6c3555a0d606af4ff31d0db48 (patch)
tree: a6afcfbbecef26cc6ecaac0fad75268175fe9a51 /security.in
parent: 14d9200e4e51c7c4597df65cbf0fb5347ef80caa (diff)
1 files changed, 46 insertions, 0 deletions
diff --git a/security.in b/security.in
new file mode 100644
index 00000000..16897ade
--- /dev/null
+++ b/security.in
@@ -0,0 +1,46 @@
+# sway security rules
+#
+# Read sway-security(7) for details on how to secure your sway install.
+#
+# You MUST read this man page if you intend to attempt to secure your sway
+# installation.
+#
+# This file should live at __SYSCONFDIR__/sway/security and will be
+# automatically read by sway.
+
+# Configures which programs are allowed to use which sway features
+permit * fullscreen keyboard mouse ipc
+permit __PREFIX__/bin/swaylock lock
+permit __PREFIX__/bin/swaybar panel
+permit __PREFIX__/bin/swaybg background
+permit __PREFIX__/bin/swaygrab screenshot
+
+# Configures which IPC features are enabled
+ipc {
+    command enabled
+    outputs enabled
+    workspaces enabled
+    tree enabled
+    marks enabled
+    bar-config enabled
+    inputs enabled
+
+    events {
+        workspace enabled
+        output enabled
+        mode enabled
+        window enabled
+        input enabled
+        binding disabled
+    }
+}
+
+# Limits the contexts from which certain commands are permitted
+commands {
+    * all
+
+    fullscreen binding criteria
+    bindsym config
+    exit binding
+    kill binding
+}
author	Drew DeVault <sir@cmpwn.com>	2016-12-17 15:19:50 -0500
committer	Drew DeVault <sir@cmpwn.com>	2016-12-17 15:21:57 -0500
commit	1172566d4e298aa6c3555a0d606af4ff31d0db48 (patch)
tree	a6afcfbbecef26cc6ecaac0fad75268175fe9a51 /security.in
parent	14d9200e4e51c7c4597df65cbf0fb5347ef80caa (diff)