profiles: blacklist sway IPC socket (#6429)

Much like the i3 IPC socket (#6361), the sway IPC socket also allows
arbitrary code execution via the `exec` subcommand. Access should only
be permitted to sway itself by default.

The location of the IPC socket is set in sway/ipc-server.c:

7e74a49142/sway/ipc-server.c (L126)

etc/inc/disable-common.inc

@@ -171,6 +171,10 @@ blacklist ${RUNUSER}/gsconnect
 blacklist ${RUNUSER}/i3/ipc-socket.*
 blacklist /tmp/i3-*/ipc-socket.*
 
+# sway IPC socket (allows arbitrary shell script execution)
+blacklist ${RUNUSER}/sway-ipc.*
+blacklist /tmp/sway-ipc.*
+
 # systemd
 blacklist ${HOME}/.config/systemd
 blacklist ${HOME}/.local/share/systemd

etc/profile-m-z/sway.profile

@@ -10,6 +10,10 @@ include globals.local
 noblacklist ${HOME}/.config/sway
 # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway
 noblacklist ${HOME}/.config/i3
+# allow creation of IPC socket
+noblacklist ${RUNUSER}/sway-ipc.*
+noblacklist /tmp/sway-ipc.*
+
 include disable-common.inc
 
 caps.drop all