Description
I've been wanting to implement a feature in sway but it's quite niche so I thought I'd ask before I starting any work on it. I wanted to add some restrictions to sway's privileged protocols by using SO_PEERSEC to obtain the security context of a client on the other end of a socket and then asking SELinux if an action for a set of defined privileged protocols is to be authorised or denied.
Overall it'll probably introduce a new selinux.c file along with a few changes in the socket code and some of the protocol code, but they'll all be behind feature guards for SELinux so shouldn't really leak into the rest of the codebase.
Could I ask for thoughts on the possibility of upstreaming or if there is anything you'd like me to consider early on?
Thanks!
Activity