wp_security_context_manager_v1¤
Client security context manager
This interface allows a client to register a new Wayland connection to the compositor and attach a security context to it.
This is intended to be used by sandboxes. Sandbox engines attach a security context to all connections coming from inside the sandbox. The compositor can then restrict the features that the sandboxed connections can use.
Compositors should forbid nesting multiple security contexts by not exposing wp_security_context_manager_v1 global to clients with a security context attached, or by sending the nested protocol error. Nested security contexts are dangerous because they can potentially allow privilege escalation of a sandboxed client.
Warning! The protocol described in this file is currently in the testing phase. Backward compatible changes may be added together with the corresponding interface version bump. Backward incompatible changes can only be done by creating a new major version of the extension.
Methods:
-
destroy–Destroy the manager object
-
create_listener–Create a new security context
-
invalid_listen_fd–Listening socket fd is invalid -
nested–Nested security contexts are forbidden
destroy() -> None
Destroy the manager object
Destroy the manager. This doesn't destroy objects created with the manager.
create_listener(listen_fd: fd, close_fd: fd) -> wp_security_context_v1
Create a new security context
Creates a new security context with a socket listening FD.
The compositor will accept new client connections on listen_fd. listen_fd must be ready to accept new connections when this request is sent by the client. In other words, the client must call bind(2) and listen(2) before sending the FD.
close_fd is a FD that will signal hangup when the compositor should stop accepting new connections on listen_fd.
The compositor must continue to accept connections on listen_fd when the Wayland client which created the security context disconnects.
After sending this request, closing listen_fd and close_fd remains the only valid operation on them.
Parameters:
Returns:
-
wp_security_context_v1(wp_security_context_v1) –The created object