[PATCH weston] introduces a setting to give permission to any client to do screenshots

Giulio Camuffo giuliocamuffo at gmail.com
Tue Dec 17 11:48:57 PST 2013

2013/12/17 Bill Spitzak <spitzak at gmail.com>:
> On 12/17/2013 02:38 AM, Giulio Camuffo wrote:
>> You can't talk to another client directly, you must always pass
>> through the server (unless you use dbus or some other ipc, of course).
>> And you don't need to give the trusted client a key, you just need to
>> tell the server some client is trusted, using the same mechanism
>> weston uses internally to launch trusted clients. That's what the
>> links I posted are doing.
> I think I see. So a trusted client can exec another client and make it
> trusted as well.
> Is there any way for the first client to restrict how "trusted" the second
> client is? What I imagine is a first client that has access to every wayland
> api. It would like to run the screen saver and only give it screen-saver
> access.

Yes. In my implementation i pass an interface name together with the
fd, and the client is trusted only for that.

> Also is this api available for untrusted clients? Can a parent client create
> a surface, then using this api exec another client, and that child client is
> able to attach buffers to that surface?

Those are two different questions. The api is only available to the
shell client (so a trusted client) in my implementation, though that's
not required technically.
You can't attach a buffer to another's client surface because there is
no way for the client to refer to that surface, and this api doesn't
change that. For that a new protocol extension would be needed.

> What I was trying to propose is a way for one client to choose exactly what
> objects another client can use. It would give that other client a "key"
> (using dbus or argv or other ipc, not using wayland). That other client then
> sends a message to the wayland server with the "key" and receives the actual
> object.

More information about the wayland-devel mailing list