Rouven Czerwinski Emantor
Emantor
/ drop_ambient_caps.patch
Created
October 5, 2023 14:05
Sway patch to drop ambient capabilities
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From cb2196d4e9ad8fe91e1cf6d2ca99d7a4a794eb6e Mon Sep 17 00:00:00 2001 | |
| From: Rouven Czerwinski <rouven@czerwinskis.de> | |
| Date: Sat, 9 Jul 2022 14:24:57 +0200 | |
| Subject: [PATCH] drop ambient capabilities | |
| Within NixOS the only possibility to gain cap_sys_nice is using the | |
| security.wrapper infrastructure. However to pass the capabilities to the | |
| wrapped program, they are raised to the ambient set. To fix this we make | |
| sure to drop the ambient capabilities during sway startup and realtime | |
| setup. Otherwise all programs started by sway also gain cap_sys_nice, |
Emantor
/ gist:9ba805b2098f71977be80a10fb122bea
Last active
January 27, 2023 04:51
PPPoE Ingress handling via IFB device for NixOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Setup an ifb to handle ingress traffic via an egress qdisc | |
| systemd.network = { | |
| netdevs = { | |
| "ifb4ppp0" = { | |
| netdevConfig = { | |
| Kind = "ifb"; | |
| Name = "ifb4ppp0"; | |
| }; | |
| }; | |
| }; |
Emantor
/ gist:640426d1da6101f34a71638c6faff2f5
Created
August 22, 2022 18:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [nix-shell:~/work/git/sway]$ mkdir cocci/ && spatch --sp-file refactor_deref_len.cocci sway/*.c | |
| init_defs_builtins: /nix/store/w89fsl54n30hmyxvqjsjc2h82b0bjmw2-coccinelle-1.1.1/lib/coccinelle/standard.h | |
| warning: rule starting on line 1: metavariable c not used in the - or context code | |
| HANDLING: sway/commands.c sway/config.c sway/criteria.c sway/decoration.c sway/ipc-json.c sway/ipc-server.c sway/lock.c sway/main.c sway/realtime.c sway/server.c sway/swaynag.c sway/xdg_activation_v1.c sway/xdg_decoration.c | |
| diff = | |
| --- sway/ipc-json.c | |
| +++ /tmp/cocci-output-252792-cd198a-ipc-json.c | |
| @@ -693,7 +693,8 @@ json_object *ipc_json_describe_node(stru | |
| get_deco_rect(node->sway_container, &deco_rect); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| targets: | |
| main: | |
| resources: | |
| RemotePlace: | |
| name: <yourplace> | |
| drivers: | |
| SerialDriver: {} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 00:00:00.000 [INFO] [sway/main.c:340] Sway version 1.6-02b412a3 (Jan 1 1980, branch 'master') | |
| 00:00:00.000 [INFO] [sway/main.c:341] wlroots version 0.15.0 | |
| 00:00:00.005 [INFO] [sway/main.c:120] Linux lordvetinari 5.15.4 #1-NixOS SMP Sun Nov 21 12:44:15 UTC 2021 x86_64 GNU/Linux | |
| 00:00:00.005 [INFO] [sway/main.c:136] Contents of /etc/os-release: | |
| 00:00:00.005 [INFO] [sway/main.c:120] NAME=NixOS | |
| 00:00:00.005 [INFO] [sway/main.c:120] ID=nixos | |
| 00:00:00.005 [INFO] [sway/main.c:120] VERSION="22.05 (Quokka)" | |
| 00:00:00.005 [INFO] [sway/main.c:120] VERSION_CODENAME=quokka | |
| 00:00:00.005 [INFO] [sway/main.c:120] VERSION_ID="22.05" | |
| 00:00:00.005 [INFO] [sway/main.c:120] BUILD_ID="22.05.20211125.73369f8" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alabaster==0.7.12 | |
| ansicolors==1.1.8 | |
| argh==0.26.2 | |
| argon2-cffi==20.1.0 | |
| asn1crypto==0.24.0 | |
| astroid==2.3.3 | |
| atomicwrites==1.3.0 | |
| attrs==20.2.0 | |
| autobahn==21.3.1 | |
| Automat==20.2.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """Copyright 2013 Bryan Irvine | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at | |
| http://www.apache.org/licenses/LICENSE-2.0 | |
| Unless required by applicable law or agreed to in writing, software | |
| distributed under the License is distributed on an "AS IS" BASIS, | |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| See the License for the specific language governing permissions and |
Emantor
/ gist:85da8cdb25b9c8272d4af1942cec6128
Last active
August 21, 2020 09:25
nixpkgs-wayland legacy failure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /nix/st…/xr499xa41x7is0v04ipvkrq1shkwhjzl-source sudo nixos-rebuild switch | |
| unpacking 'https://github.com/nix-community/emacs-overlay/archive/master.tar.gz'... | |
| unpacking 'https://github.com/edolstra/flake-compat/archive/c75e76f80c57784a6734356315b306140646ee84.tar.gz'... | |
| fatal: '/nix/store/xr499xa41x7is0v04ipvkrq1shkwhjzl-source' does not appear to be a git repository | |
| fatal: Could not read from remote repository. | |
| Please make sure you have the correct access rights | |
| and the repository exists. | |
| error: program 'git' failed with exit code 128 | |
| (use '--show-trace' to show detailed location information) |
Emantor
/ gist:1dc949426a150ad618a0ec4d67a9931f
Created
May 25, 2020 05:05
Dconf read-only DB for NixOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a read-only DB with default theme and font settings. | |
| programs.dconf.enable = true; | |
| programs.dconf.profiles.user = | |
| let | |
| customDconf = pkgs.writeTextFile { | |
| name = "nixos-user-dconf"; | |
| destination = "/dconf/nixos-user-custom"; | |
| text = '' | |
| [org/gnome/desktop/interface] | |
| cursor-theme='Numix-Cursor' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 49cccadb00a8132554ba046e124a4eb0453c1aab Mon Sep 17 00:00:00 2001 | |
| From: Rouven Czerwinski <r.czerwinski@pengutronix.de> | |
| Date: Thu, 2 Apr 2020 13:55:13 +0200 | |
| Subject: [PATCH] [WIP] persistent sdram_region | |
| Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> | |
| --- | |
| arch/arm/lib32/bootm.c | 2 +- | |
| common/memory.c | 27 +++++++++++++++++++++++++++ |
NewerOlder