[igt-dev] Running [some/most of] IGT as non-root (Was: Re: [PATCH i-g-t] tests/core_unauth_vs_render: new test for the relaxed DRM_AUTH handling)

Wed Jan 23 16:24:30 UTC 2019

Hi all,

On Wed, 23 Jan 2019 at 11:18, Daniel Vetter <daniel at ffwll.ch> wrote:

> > > > + * By default IGT is executed as root.
> > >
> > > It's not just the default, it's a hard requirement. The runner has checks
> > > for other drm clients and whether you're root and bails out if that's not
> > > the case. Lots&lots of igts break if you run them as non-root or with
> > > other drm clients running. Only thing that's allowed is enumerating
> > > subtests (because we need that on our build machines to generate the
> > > testlists).
> > >
> > > tldr; Please fold in.
> > >
> > Sure will fold.
> >
> > Modulo an exception or two, IGT tests only require debugfs (write perm
> > for i915) and user in the video group (to open the node).
> > That's based on a quick look/test.
> >
> > Since few distributions don't run the display server and/or compositor
> > as root, ideally IGT will get root-free at some point.
> > Ake IGT testing will be closer to real world use-cases.
>
> IGT isnt like piglit, most of the tests check for corner cases where you
> really can't have anything else touching the display (e.g. anything kms).
> Being root is the easiest way to check for that (in debugfs, if there's
> any other drm client the igt runner complains&quits). I guess there's some
> igts which can be run like piglits, but those are the rare exceptions.
>
> Now the entire "run compositor as non-root" business is a good point. We
> do have some igts that drop CAP_SYS_ADMIN (see igt_drop_root()), but none
> that make sure this holds for kms/core functionality. It's just a few
> i915-gem tests. Would be a good gap to fill though. I think for the
> non-rendernode EACCESS test we'll need that (since root can do whatever).
>

As explained by Daniel above, some tests require that:
 - they are the sole client
 - use generic [kms] functionality, which in theory don't need to be ran as root
 - test [kms] corner-cases, that need(?) to be ran as root
** I'd imagine the above is also applicable for vendor specific tests.

Thus I wonder what people think of the following plan:
 - add a script that toggles the debugfs permissions - since most
tests require +rx (and some +w) permissions
 - add a root vs non-root and non-concurrent vs concurrent notations
to the tests
For example piglit has been doing the last one for years.
 - have the IGT runner honour and enforce the notations
 - new tests default to non-root and concurrent and existing ones are
as marked the opposite
 - audit and fix existing tests to become non-root & concurrent, if possible
 - document ^^

Currently soliciting input on this rather crazy area, nothing more.
If it's something to aim towards, please copy it to the IGT TODO list,
since I'm not sure where it lives these days.

What do you guys think?

Thanks
Emil