context: add XKB_CONTEXT_NO_SECURE_GETENV flag (#312)

This flag is useful for clients that may have relatively benign capabilities
set, like CAP_SYS_NICE, that also want to use the xkb configuration from the
environment and user configs in XDG_CONFIG_HOME.

Fixes: https://github.com/xkbcommon/libxkbcommon/issues/308
Fixes: https://github.com/xkbcommon/libxkbcommon/issues/129
Signed-off-by: Ran Benita <ran@unusedvar.com>

2 files changed, 16 insertions, 1 deletions

diff --git a/include/xkbcommon/xkbcommon.h b/include/xkbcommon/xkbcommon.h
index c2b099f..7cb46f3 100644
--- a/include/xkbcommon/xkbcommon.h
+++ b/include/xkbcommon/xkbcommon.h
@@ -580,9 +580,17 @@ enum xkb_context_flags {
     XKB_CONTEXT_NO_DEFAULT_INCLUDES = (1 << 0),
     /**
      * Don't take RMLVO names from the environment.
+     *
      * @since 0.3.0
      */
-    XKB_CONTEXT_NO_ENVIRONMENT_NAMES = (1 << 1)
+    XKB_CONTEXT_NO_ENVIRONMENT_NAMES = (1 << 1),
+    /**
+     * Disable the use of secure_getenv for this context, so that privileged
+     * processes can use environment variables. Client uses at their own risk.
+     *
+     * @since 1.5.0
+     */
+    XKB_CONTEXT_NO_SECURE_GETENV = (1 << 2)
 };
 
 /**
diff --git a/include/xkbcommon/xkbregistry.h b/include/xkbcommon/xkbregistry.h
index 4e7e926..7be0c9b 100644
--- a/include/xkbcommon/xkbregistry.h
+++ b/include/xkbcommon/xkbregistry.h
@@ -163,6 +163,13 @@ enum rxkb_context_flags {
      * on the lookup behavior.
      */
     RXKB_CONTEXT_LOAD_EXOTIC_RULES = (1 << 1),
+    /**
+     * Disable the use of secure_getenv for this context, so that privileged
+     * processes can use environment variables. Client uses at their own risk.
+     *
+     * @since 1.5.0
+     */
+    RXKB_CONTEXT_NO_SECURE_GETENV = (1 << 2)
 };
 
 /**