[PATCH 2/2] Support for adjusting socket access rights to allow group of users to connect to the socket.

Daniel Stone daniel at fooishbar.org
Mon Oct 20 07:26:18 PDT 2014


On 20 October 2014 15:19, Jussi Laako <jussi.laako at linux.intel.com> wrote:

> On 17.10.2014 20:00, Jason Ekstrand wrote:
>> Could you please provide a little more explanation than that.  What kind
>> of nesting are you doing?
> We have one system compositor using DRM backend and then nested
> compositors for each user using wayland backend.
> This is in order to share single GPU with multiple display outputs among
> multiple users.

Makes sense, although you can already enforce isolation with a single
shared compositor ...

>  Also, why are you doing this through environment variables and not
>> something explicit?  For instance, the compositor can easily grab the
>> socket and chmod it.  It has the privileges and knows what socket it is.
> This is related to the other patch that allows modifying location of the
> server/client socket location. I thought that the access control is best
> being close to the place where socket is created. Otherwise it is hard to
> follow what is going on if the related code is scattered across modules.

Doing it through environment variables is just plain nasty though; I really
don't like this patch. I'd much rather see an explicit call, or users
creating the appropriate fd and then just passing it to the lib.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20141020/efd53a69/attachment.html>

More information about the wayland-devel mailing list