search

swaywm / sway

i3-compatible Wayland compositor
https://swaywm.org
MIT License
14.53k stars 1.11k forks source link

Validate config without a session nor SUID set #4691

Open erictapen opened 4 years ago

erictapen commented 4 years ago

Thanks for this awesome piece of software.

Experienced behaviour

When running sway --validate inside the Nix sandbox, the following error occurs:

$ sway --config $config --validate
2019-11-01 12:27:32 - [sway/main.c:152] Linux localhost 4.19.80 #1-NixOS SMP Thu Oct 17 20:45:44 UTC 2019 x86_64 GNU/Linux
2019-11-01 12:27:32 - [sway/main.c:140] LD_LIBRARY_PATH=(null)
2019-11-01 12:27:32 - [sway/main.c:140] LD_PRELOAD=(null)
2019-11-01 12:27:32 - [sway/main.c:140] PATH=/nix/store/303xjykfyyzc7d8s6mkh86jqgyqrffiw-swaybg-1.0/bin:/nix/store/9ijs5kcq4ypjvmyw03bgbi5m8b8dg5hn-patchelf-0.9/bin:/nix/store/airnp00l3fgf1yrmv1d00l>
2019-11-01 12:27:32 - [sway/main.c:140] SWAYSOCK=(null)
2019-11-01 12:27:32 - [backend/session/logind.c:512] User has no sessions
2019-11-01 12:27:32 - [backend/session/logind.c:571] Couldn't find an active session or a greeter session
2019-11-01 12:27:32 - [backend/session/direct-ipc.c:35] Do not have CAP_SYS_ADMIN; cannot become DRM master
2019-11-01 12:27:32 - [backend/session/session.c:96] Failed to load session backend
2019-11-01 12:27:32 - [backend/backend.c:321] Failed to start a DRM session
2019-11-01 12:27:32 - [backend/noop/backend.c:51] Creating noop backend
2019-11-01 12:27:32 - [sway/server.c:47] Unable to create backend
2019-11-01 12:27:32 - [sway/main.c:152] Linux localhost 4.19.80 #1-NixOS SMP Thu Oct 17 20:45:44 UTC 2019 x86_64 GNU/Linux
2019-11-01 12:27:32 - [sway/main.c:140] LD_LIBRARY_PATH=(null)
2019-11-01 12:27:32 - [sway/main.c:140] LD_PRELOAD=(null)
2019-11-01 12:27:32 - [sway/main.c:140] PATH=/nix/store/303xjykfyyzc7d8s6mkh86jqgyqrffiw-swaybg-1.0/bin:/nix/store/9ijs5kcq4ypjvmyw03bgbi5m8b8dg5hn-patchelf-0.9/bin:/nix/store/airnp00l3fgf1yrmv1d00l>
2019-11-01 12:27:32 - [sway/main.c:140] SWAYSOCK=(null)
2019-11-01 12:27:32 - [backend/session/logind.c:512] User has no sessions
2019-11-01 12:27:32 - [backend/session/logind.c:571] Couldn't find an active session or a greeter session
2019-11-01 12:27:32 - [backend/session/direct-ipc.c:35] Do not have CAP_SYS_ADMIN; cannot become DRM master
2019-11-01 12:27:32 - [backend/session/session.c:96] Failed to load session backend
2019-11-01 12:27:32 - [backend/backend.c:321] Failed to start a DRM session
2019-11-01 12:27:32 - [backend/noop/backend.c:51] Creating noop backend
2019-11-01 12:27:32 - [sway/server.c:47] Unable to create backend

Apparently the Nix sandbox doesn't provide anything like a login session. As far as I understand, the Nix sandbox also doesn't allow the execution of binaries with SUID set.

Here is the default.nix if someone wants to reproduce this with Nix. I tested it for Sway 1.2 and current master.

with import <nixpkgs> {};
let
  generated-file = ~/.config/sway/config;
in
pkgs.runCommand "validated-sway-config" {
  buildInputs = [ pkgs.sway ];
  XDG_RUNTIME_DIR = "/tmp";
} ''
  cp ${generated-file} $out
  sway --version
  sway --config $out --validate
''

Expected behaviour

I'd expect that validation of config files can happen in slim environments like the Nix sandbox. Allowing this to work would enable us to validate the config at the build time of a NixOS system, which is always nice to have.

Also referencing https://github.com/NixOS/nixpkgs/issues/57602 here.

Prior work

Afaik #3581 already provided the basics for this to work out, but was somewhat rolled back by #3582. When I revert e1b8190d2cce524ee460e4e32ea254bc697d36e9, I get

$ sway --config $config --validate
2019-11-01 12:40:59 - [sway/main.c:152] Linux localhost 4.19.80 #1-NixOS SMP Thu Oct 17 20:45:44 UTC 2019 x86_64 GNU/Linux
2019-11-01 12:40:59 - [sway/main.c:140] LD_LIBRARY_PATH=(null)
2019-11-01 12:40:59 - [sway/main.c:140] LD_PRELOAD=(null)
2019-11-01 12:40:59 - [sway/main.c:140] PATH=/nix/store/303xjykfyyzc7d8s6mkh86jqgyqrffiw-swaybg-1.0/bin:/nix/store/9ijs5kcq4ypjvmyw03bgbi5m8b8dg5hn-patchelf-0.9/bin:/nix/store/q725bgxx6p0vd1855m6qf1>
2019-11-01 12:40:59 - [sway/main.c:140] SWAYSOCK=(null)
2019-11-01 12:40:59 - [sway/config.c:393] Loading config from /nix/store/xrciggcgnz57wih8siwxygfrv4srxmcb-validated-sway-config
2019-11-01 12:40:59 - [sway/commands.c:367] Config command: set $mod Mod4
2019-11-01 12:40:59 - [sway/commands.c:387] After replacement: set $mod Mod4
2019-11-01 12:40:59 - [sway/commands.c:367] Config command: font pango:Ubuntu Mono 15
2019-11-01 12:40:59 - [sway/commands.c:387] After replacement: font pango:Ubuntu Mono 15
/build/.attr-0: line 3:     7 Segmentation fault      (core dumped) sway --config $out --validate

which is probably the problem mentioned in https://github.com/swaywm/sway/pull/3581#issuecomment-460681872.

So any hint on how to solve this?

berbiche commented 3 years ago

This is still relevant.

The home-manager project offers a way to configure the Sway configuration file using a high-level language that allows, for instance, to conditionally set values in the configuration. home-manager is agnostic to the Linux distribution (and also works on Darwin!) as long as Nix can run on the target platform.

Having a fix for this would allow for build-time (or compile-them if you will) validation of the user configuration which would provide a nicer user experience (for the home-manager users).