commit 3fcd5f430bcc1325ce2146251f45db8c01681aa0

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #263206 from kanashimia/revert-259066-add-renice-sway

Revert "nixos/sway: add enableRealtime option"

authored by

Thiago Kenji Okada and committed by

GitHub 2 years ago 3fcd5f43 bea389de

-56

3 changed files

expand all

unified split

nixos

modules

programs

wayland

sway.nix

pkgs

applications

window-managers

sway

default.nix

drop_ambient_capabilities.patch

-13

nixos/modules/programs/wayland/sway.nix

··· 42 42 <https://github.com/swaywm/sway/wiki> and 43 43 "man 5 sway" for more information''); 44 44 45 - enableRealtime = mkEnableOption (lib.mdDoc '' 46 - add CAP_SYS_NICE capability on `sway` binary for realtime scheduling 47 - privileges. This may improve latency and reduce stuttering, specially in 48 - high load scenarios'') // { default = true; }; 49 - 50 45 package = mkOption { 51 46 type = with types; nullOr package; 52 47 default = defaultSwayPackage; ··· 152 147 ''; 153 148 } // optionalAttrs (cfg.package != null) { 154 149 "sway/config".source = mkOptionDefault "${cfg.package}/etc/sway/config"; 155 - }; 156 - }; 157 - security.wrappers = mkIf (cfg.enableRealtime && cfg.package != null) { 158 - sway = { 159 - owner = "root"; 160 - group = "root"; 161 - source = "${cfg.package}/bin/sway"; 162 - capabilities = "cap_sys_nice+ep"; 163 150 }; 164 151 }; 165 152 # To make a Sway session available if a display manager like SDDM is enabled:

-2

pkgs/applications/window-managers/sway/default.nix

··· 44 44 # Use /run/current-system/sw/share and /etc instead of /nix/store 45 45 # references: 46 46 ./sway-config-nixos-paths.patch 47 - # Drop ambient capabilities after getting SCHED_RR 48 - ./drop_ambient_capabilities.patch 49 47 ]; 50 48 51 49 strictDeps = true;

-41

pkgs/applications/window-managers/sway/drop_ambient_capabilities.patch

··· 1 - From e7d9098e81289ae99d07ec3eac1fec1d303b8fe4 Mon Sep 17 00:00:00 2001 2 - From: Thiago Kenji Okada <thiagokokada@gmail.com> 3 - Date: Thu, 5 Oct 2023 15:23:35 +0100 4 - Subject: [PATCH] drop ambient capabilities 5 - 6 - Within NixOS the only possibility to gain cap_sys_nice is using the 7 - security.wrapper infrastructure. However to pass the capabilities to the 8 - wrapped program, they are raised to the ambient set. To fix this we make 9 - sure to drop the ambient capabilities during sway startup and realtime 10 - setup. Otherwise all programs started by sway also gain cap_sys_nice, 11 - which is not something we want. 12 - 13 - Co-authored-by: Rouven Czerwinski <rouven@czerwinskis.de> 14 - --- 15 - sway/realtime.c | 3 +++ 16 - 1 file changed, 3 insertions(+) 17 - 18 - diff --git a/sway/realtime.c b/sway/realtime.c 19 - index 11154af0..06f872a8 100644 20 - --- a/sway/realtime.c 21 - +++ b/sway/realtime.c 22 - @@ -3,6 +3,7 @@ 23 - #include <unistd.h> 24 - #include <pthread.h> 25 - #include "sway/server.h" 26 - +#include "sys/prctl.h" 27 - #include "log.h" 28 - 29 - static void child_fork_callback(void) { 30 - @@ -10,6 +11,8 @@ static void child_fork_callback(void) { 31 - 32 - param.sched_priority = 0; 33 - 34 - + prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0); 35 - + 36 - int ret = pthread_setschedparam(pthread_self(), SCHED_OTHER, &param); 37 - if (ret != 0) { 38 - sway_log(SWAY_ERROR, "Failed to reset scheduler policy on fork"); 39 - -- 40 - 2.42.0 41 -