[systemd-devel] Logind: how to access a device when you're not the session controller
Pekka Paalanen
ppaalanen at gmail.com
Mon Sep 7 08:47:40 UTC 2020
On Fri, 4 Sep 2020 16:40:00 +0200
Lennart Poettering <lennart at poettering.net> wrote:
> On Di, 26.05.20 16:55, Pekka Paalanen (ppaalanen at gmail.com) wrote:
>
> > Hi,
> >
> > I'm looking at letting Weston's 'meson test' run DRM-backend tests
> > automatically and without the need of root privileges. I have a spare
> > DRM device in my machine that is dedicated for this purpose, so I make
> > my normal desktop environment not touch it. My problem is, is there any
> > way to set up things so that logind would give Weston access to that
> > DRM device while my normal desktop is active?
>
> I am not aware of any.
>
> > Any suggestions on what might work?
>
> Other than patching logind with some new concept, no suggestion. Or
> simply bypassing logind and opening the devices directly with root
> privs? or test this in virtualization?
Thanks for the reply!
That's a little inconvenient. I was hoping there might be a way
somehow, perhaps even create a new session and become its controller
without elevated privileges if the the seat in question is not "in
use". I could configure the extra DRM device into a non-default seat,
then try taking over that seat.
Is that really not possible without some kind of elevated privileges my
normal desktop user doesn't usually have? Could it be allowed via
polkit configuration or something?
Or maybe I indeed need to forget about logind and open the DRM device
as a normal user. After all, the first one to open a DRM device should
automatically gain DRM master status, and there have been recent kernel
patches to even allow dropping and re-gaining DRM master status without
being root/CAP_SYS_ADMIN IIUC. That won't help with input devices if I
wanted to test anything interactive... but maybe I could allow some
dedicated input devices to be opened by my normal user and make sure I
don't use those for my desktop.
Right, maybe I can hack it up after forgetting about logind. Put all
those devices into a non-default seat, override their file permissions,
and assume they are untrusted (can be eavesdropped).
Thanks,
pq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200907/b18fab87/attachment.sig>
More information about the systemd-devel
mailing list