[RFC] Implementing Wayland Security Module
Manuel Bachmann
manuel.bachmann at open.eurogiciel.org
Mon Mar 9 12:52:32 PDT 2015
Hi Matthias,
"I don't think it makes sense to develop a specific solution just for
the portion of application sandboxing that happens to overlap with
wayland protocol requests. The same questions need to be answered when
a third-party application e.g. wants to open a file or send an email."
While it is true that the general security policy concern is a huge topic,
and that WSM may seem to be a too-specific solution in an ecosystem where
several Linux Security Modules have already been implemented, I think,
however, that there is a valid use case for it.
We happen to have a more-than-20-years-old ecosystem of GUI applications
which were using the X11 protocol. For all these years, they were allowed
to exploit this protocol in various ways, which gave us the cool features
we could not imagine living without today.
Then comes Wayland. It is more secure, but the cool features aren't there.
Sure, each compositor can do the way it wants, but application developers
are embarrassed . This potentially cripples the user experience and slows
down Wayland adoption.
WSM is interesting because it only tries to cover GUI applications, which,
basically, all have the same needs :
- screenshooting, screen recording, color picking....
- critical actions on the outputs : fullscreen, resolution change...
- access to a central clipboard ;
- replacing a vital part of the compositor (virtual keyboard, panel,
systray...)
- ....
A Linux Security Module goes too far, has too many implications, hence why
it is rarely deployed excepted on server systems. But WSM is only about GUI
apps ; it precisely knows what it wants to be and which problems it tries
to address. I think, personally, that WSM has a chance of success because
it is pragmatic and has the privilegied timeframe for this.
Regards,
Manuel
2015-03-09 14:30 GMT+01:00 Matthias Clasen <matthias.clasen at gmail.com>:
> On Mon, Mar 9, 2015 at 1:38 AM, Manuel Bachmann
> <manuel.bachmann at open.eurogiciel.org> wrote:
>
> > Any comments on this ?
> >
>
> I don't think it makes sense to develop a specific solution just for
> the portion of application sandboxing that happens to overlap with
> wayland protocol requests. The same questions need to be answered when
> a third-party application e.g. wants to open a file or send an email.
>
--
Regards,
*Manuel BACHMANN Tizen Project VANNES-FR*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20150309/055e92b1/attachment.html>
More information about the wayland-devel
mailing list