Authorized clients

Martin Graesslin mgraesslin at kde.org
Sat Jan 4 02:01:52 PST 2014 

On Tuesday 31 December 2013 05:02:30 Sebastian Wick wrote:
> I'm currently working on a system which allows specific clients to use
> restricted interfaces [1]. This is needed for applications like
> screenhooters,
> desktop recorders outside of the compositor, accessibility tools and
> others.
Thanks for looking into this interesting topic. It's an important use case for 
us in the KDE world as compositor and desktop shell are in different processes.

I will try to share my thoughts so far and I must say that I don't know 
whether that's implementable at all. Of course we also thought about working 
with full paths, but I don't think that's a good solution for a flexible 
desktop environment such as Plasma. Also it creates a terrible linear chain in 
the startup - we want to move to a more flexible framework and don't turn KWin 
into another system startup process. It might be a solution for things like 
KSnapshot but certainly not to bring up the desktop shell.

The idea I have so far is to depend on cgroups and namespaces. Thus everything 
which needs the more privileged interfaces needs to be in the "desktop shell" 
cgroup. I hope that we can make use of systemd to provide us such features. 
Clients which are not in the trusted group will not get the more exposed 
interfaces.

This could also work for things like screenshooters, but here we start to 
enter trust issues again. We certainly would trust a KDE application, but 
that's already quite borderline. For such cases so far I only have the idea of 
nag screens like UAC. I hate that and absolutely don't want to implement it. 
So I'm looking forward for good solutions. Polkit could be a nice solution to 
that.

I'm not so sure about configuration files as I don't believe in whitelists in 
general :-) Obviously it allows the distribution to properly setup the system 
but there might be better solutions to that. My suggestion here is to specify 
the interfaces in the desktop file.

Cheers
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20140104/82cfe3e0/attachment.pgp>

More information about the wayland-devel mailing list