Proxying Wayland for security
Simon Ser
contact at emersion.fr
Wed Jul 28 09:22:00 UTC 2021
On Wednesday, July 28th, 2021 at 11:17, Alyssa Ross <hi at alyssa.is> wrote:
> A further thought I've just had -- the pid lookup is generally done
> through libwayland-server's wl_client_get_credentials(), right? So if
> libwayland-server could be taught about the proxy, and the proxy could
> communicate the pid/uid/gid to libwayland-server somehow, that could
> make this possible after all, right?
I'm not sure a proxy is a good idea, because proxying Wayland protocols
isn't straightforward and introduces latency.
That said, allowing sandboxes to feed back security context metadata to
the compositor is something I believe would be useful in many scenarios.
Maybe have a look at [1]?
[1]: https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/68
More information about the wayland-devel
mailing list