[PATCH 2/2] Support for adjusting socket access rights to allow group of users to connect to the socket.

Jason Ekstrand jason at jlekstrand.net
Fri Oct 17 10:00:33 PDT 2014


On Thu, Oct 16, 2014 at 9:23 AM, Imran Zaman <imran.zaman at gmail.com> wrote:

> This is used for nested compositor architectures.
>

Could you please provide a little more explanation than that.  What kind of
nesting are you doing?

Also, why are you doing this through environment variables and not
something explicit?  For instance, the compositor can easily grab the
socket and chmod it.  It has the privileges and knows what socket it is.

--Jason Ekstrand


>
> Signed-off-by: Imran Zaman <imran.zaman at gmail.com>
> ---
>  src/wayland-server.c | 27 +++++++++++++++++++++++++++
>  1 file changed, 27 insertions(+)
>
> diff --git a/src/wayland-server.c b/src/wayland-server.c
> index 09e8903..721fabe 100644
> --- a/src/wayland-server.c
> +++ b/src/wayland-server.c
> @@ -39,6 +39,8 @@
>  #include <fcntl.h>
>  #include <sys/file.h>
>  #include <sys/stat.h>
> +#include <sys/types.h>
> +#include <grp.h>
>  #include <ffi.h>
>
>  #include "wayland-private.h"
> @@ -1117,6 +1119,10 @@ static int
>  _wl_display_add_socket(struct wl_display *display, struct wl_socket *s)
>  {
>         socklen_t size;
> +       const char *socket_mode_str;
> +       const char *socket_group_str;
> +       const struct group *socket_group;
> +       unsigned socket_mode;
>
>         s->fd = wl_os_socket_cloexec(PF_LOCAL, SOCK_STREAM, 0);
>         if (s->fd < 0) {
> @@ -1134,6 +1140,27 @@ _wl_display_add_socket(struct wl_display *display,
> struct wl_socket *s)
>                 return -1;
>         }
>
> +       socket_group_str = getenv("WAYLAND_SERVER_GROUP");
> +       if (socket_group_str != NULL) {
> +               socket_group = getgrnam(socket_group_str);
> +               if (socket_group != NULL) {
> +                       if (chown(s->addr.sun_path,
> +                               -1, socket_group->gr_gid) != 0)
> +                               wl_log("chown(\"%s\") failed: %s",
> +                                       s->addr.sun_path,
> +                                       strerror(errno));
> +               }
> +       }
> +       socket_mode_str = getenv("WAYLAND_SERVER_MODE");
> +       if (socket_mode_str != NULL) {
> +               if (sscanf(socket_mode_str, "%o", &socket_mode) > 0)
> +                       if (chmod(s->addr.sun_path, socket_mode) != 0) {
> +                               wl_log("chmod(\"%s\") failed: %s",
> +                                       s->addr.sun_path,
> +                                       strerror(errno));
> +                       }
> +       }
> +
>         s->source = wl_event_loop_add_fd(display->loop, s->fd,
>                                          WL_EVENT_READABLE,
>                                          socket_data, display);
> --
> 1.9.1
>
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/wayland-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20141017/c07c7318/attachment.html>


More information about the wayland-devel mailing list