Collaboration on standard Wayland protocol extensions

Jasper St. Pierre jstpierre at
Sun Mar 27 23:41:43 UTC 2016

You're probably referring to my response when you say "GNOME does not
care about cross-platform apps doing privileged operations". My
response wasn't meant to be speaking on behalf of GNOME. These are my
opinions and mine alone.

My opinion is still as follows: having seen how SELinux and PAM work
out in practice, I'm skeptical of any "Security Module" which
implements policy. The "module" part of it rarely happens, since
people simply gravitate towards a standard policy. What's interesting
to me isn't a piece of code that allows or rejects operations, it's
the resulting UI *around* those operations and managing them, since
that's really, at the end of the day, all the user cares about.

It would be a significant failure to me if we didn't have a standard
way for a user to examine or recall the policy of an application,
using whatever API they wanted. If every module implements its own
policy store separately, such a UI would be extremely difficult to

>From what I read, Wayland Security Modules didn't seem to even provide
that as a baseline, which is why I believe they're tackling the
problem from the wrong angle.

On Sun, Mar 27, 2016 at 1:50 PM, Martin Peres <martin.peres at> wrote:
> On 27/03/16 23:34, Drew DeVault wrote:
>> Greetings! I am the maintainer of the Sway Wayland compositor.
>> It's almost the Year of Wayland on the Desktop(tm), and I have
>> reached out to each of the projects this message is addressed to (GNOME,
>> Kwin, and wayland-devel) to collaborate on some shared protocol
>> extensions for doing a handful of common tasks such as display
>> configuration and taking screenshots. Life will be much easier for
>> projects like ffmpeg and imagemagick if they don't have to implement
>> compositor-specific code for capturing the screen!
>> I want to start by establishing the requirements for these protocols.
>> Broadly speaking, I am looking to create protocols for the following
>> use-cases:
>> - Screen capture
>> - Output configuration
>> - More detailed surface roles (should it be floating, is it a modal,
>>    does it want to draw its own decorations, etc)
>> - Input device configuration
>> I think that these are the core protocols necessary for
>> cross-compositor compatability and to support most existing tools for
>> X11 like ffmpeg. Considering the security goals of Wayland, it will also
>> likely be necessary to implement some kind of protocol for requesting
>> and granting sensitive permissions to clients.
>> How does this list look? What sorts of concerns do you guys have with
>> respect to what features each protocol needs to support? Have I missed
>> any major protocols that we'll have to work on? Once we have a good list
>> of requirements I'll start writing some XML.
>> --
>> Drew DeVault
> We had discussions about it years ago and here are the results of them:
> And here is the software we created, under the name "Wayland Security
> Modules":
> This approach has generally be liked by KDE, but not by Gnome who, last i
> heard, did not care about cross-platform apps doing privileged operations.
> This may have changed since they also decided to work on sandboxing
> (xdg-app) and implemented something like the following approach when they
> said they would never do because it changed the API:
> I really wish we can have everyone onboard on one solution to get these
> cross-platform apps and so far, I do not see any better solution than WSM.
> Martin
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at


More information about the wayland-devel mailing list