[PATCH 2/2] Support for adjusting socket access rights to allow group of users to connect to the socket.
Daniel Stone
daniel at fooishbar.org
Mon Oct 20 07:26:18 PDT 2014
Hi,
On 20 October 2014 15:19, Jussi Laako <jussi.laako at linux.intel.com> wrote:
> On 17.10.2014 20:00, Jason Ekstrand wrote:
>
>> Could you please provide a little more explanation than that. What kind
>> of nesting are you doing?
>>
>
> We have one system compositor using DRM backend and then nested
> compositors for each user using wayland backend.
>
> This is in order to share single GPU with multiple display outputs among
> multiple users.
Makes sense, although you can already enforce isolation with a single
shared compositor ...
> Also, why are you doing this through environment variables and not
>> something explicit? For instance, the compositor can easily grab the
>> socket and chmod it. It has the privileges and knows what socket it is.
>>
>
> This is related to the other patch that allows modifying location of the
> server/client socket location. I thought that the access control is best
> being close to the place where socket is created. Otherwise it is hard to
> follow what is going on if the related code is scattered across modules.
Doing it through environment variables is just plain nasty though; I really
don't like this patch. I'd much rather see an explicit call, or users
creating the appropriate fd and then just passing it to the lib.
Cheers,
Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20141020/efd53a69/attachment.html>
More information about the wayland-devel
mailing list