[RFC weston] make client isolation optional

Sebastian Wick sebastian at sebastianwick.net
Tue Dec 3 16:09:55 PST 2013 

This patch allows wayland clients to use protocols which give away information about other clients without being started by the compositor. The reason to denie access on those protocols is to make sure no information about the clients is leaked to other clients (=security). I think that we don't need to enforce this on the most systems because without complete isolation of all processes it's possible to get the information even without using the compositor. In all other cases you can simply turn it on again.
---
 man/weston.ini.man  | 3 +++
 src/screenshooter.c | 8 +++++++-
 weston.ini.in       | 1 +
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/man/weston.ini.man b/man/weston.ini.man
index cc88ca8..6d41653 100644
--- a/man/weston.ini.man
+++ b/man/weston.ini.man
@@ -128,6 +128,9 @@ sets the GBM format used for the framebuffer for the GBM backend. Can be
 .B xrgb2101010,
 .B rgb565.
 By default, xrgb8888 is used.
+.TP 7
+.BI "client-isolation="false
+completely isolate clients (boolean).
 .RS
 .PP
 
diff --git a/src/screenshooter.c b/src/screenshooter.c
index 0c657bc..fa3dbb8 100644
--- a/src/screenshooter.c
+++ b/src/screenshooter.c
@@ -224,11 +224,17 @@ bind_shooter(struct wl_client *client,
 {
 	struct screenshooter *shooter = data;
 	struct wl_resource *resource;
+	struct weston_config_section *section;
+	int client_isolation;
 
 	resource = wl_resource_create(client,
 				      &screenshooter_interface, 1, id);
 
-	if (client != shooter->client) {
+	section = weston_config_get_section(shooter->ec->config, "core", NULL, NULL);
+	weston_config_section_get_bool(section,
+				"client-isolation", &client_isolation, 0);
+
+	if (client_isolation && client != shooter->client) {
 		wl_resource_post_error(resource, WL_DISPLAY_ERROR_INVALID_OBJECT,
 				       "screenshooter failed: permission denied");
 		wl_resource_destroy(resource);
diff --git a/weston.ini.in b/weston.ini.in
index 5181a9e..1261788 100644
--- a/weston.ini.in
+++ b/weston.ini.in
@@ -2,6 +2,7 @@
 #modules=xwayland.so,cms-colord.so
 #shell=desktop-shell.so
 #gbm-format=xrgb2101010
+#client-isolation=true
 
 [shell]
 background-image=/usr/share/backgrounds/gnome/Aqua.jpg
-- 
1.8.4.2

More information about the wayland-devel mailing list