[PATCH 1/3] drm: change DROP_MASTER permissions to allow DRM_MASTER
Daniel Vetter
daniel at ffwll.ch
Thu Dec 20 14:45:46 UTC 2018
On Thu, Dec 20, 2018 at 01:50:26PM +0000, Emil Velikov wrote:
> On Wed, 19 Dec 2018 at 20:36, Daniel Vetter <daniel at ffwll.ch> wrote:
> >
> > On Wed, Dec 19, 2018 at 07:22:45PM +0000, Emil Velikov wrote:
> > > From: Emil Velikov <emil.velikov at collabora.com>
> > >
> > > Currently only DRM_ROOT_ONLY is allowed to call the ioctl.
> > >
> > > Change that to DRM_MASTER, which means that only a process that is the
> > > current DRM master can drop it. Which makes sense, the process should
> > > be able to opt-out without any specific requirements.
> > >
> > > Signed-off-by: Emil Velikov <emil.velikov at collabora.com>
> >
> > I guess this makes sense, but then you already need someone else to do the
> > setmaster for you if you want to run as non-root and be able to switch
> > between compositors. So no idea where this will be useful.
> >
> X, Weston and the Gnome/KDE wayland compositors use logind for managing that.
> Some have codepaths to manage drm{Set,Drop}Master manually, although
> they don't seems to bother adjusting privileges, I'd imagine due to VT
> switching.
>
> If ones has CONFIG_VT=n system, then it should be a matter of once-off
> drmSetMaster + lower priv.
>
> > Either way: New uapi -> needs the userspace patches to exist.
>
> Slightly confused - apps already use the uapi, what do you mean with
> "new uapi" here?
> I'm OK with adding an IGT, although beyond that I'm not sure what
> other userspace patches I could provide.
You change the uapi to allow more stuff (dropmaster without having
CAP_SYS_ADMIN), that needs userspace. Since current userspace has no use
for calling drop_master without being root.
Same way your patch to automatically auth clients if the driver supports
rendernodes is a uapi extension, and it's good to know what code exactly
it's meant for.
uapi is a lot more than include/uapi, it's anything the kernel does that
can influence userspace in a meaningful way.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
More information about the dri-devel
mailing list