Module wayland_protocols::wp::security_context

source ·
Expand description

This interface allows a client to register a new Wayland connection to the compositor and attach a security context to it.

This is intended to be used by sandboxes. Sandbox engines attach a security context to all connections coming from inside the sandbox. The compositor can then restrict the features that the sandboxed connections can use.

Compositors should forbid nesting multiple security contexts by not exposing wp_security_context_manager_v1 global to clients with a security context attached, or by sending the nested protocol error. Nested security contexts are dangerous because they can potentially allow privilege escalation of a sandboxed client.

Modules§