Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/9/25 05:59, Alyssa Ross wrote:
On Tue, Dec 09, 2025 at 05:55:22AM -0500, Demi Marie Obenour wrote:
On 12/9/25 03:56, Alyssa Ross wrote:
This will allow clients running as unprivileged users to connect to the compositor.
Signed-off-by: Alyssa Ross <hi@alyssa.is> --- host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 + host/rootfs/image/etc/s6-rc/weston/run | 5 +++++ 2 files changed, 6 insertions(+)
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group index e3ade46..fe72eb7 100644 --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group @@ -13,3 +13,4 @@ disk:x:11: cdrom:x:12: tape:x:13: kvm:x:14: +wayland:x:15: diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run index aa1e7b6..7cb182f 100644 --- a/host/rootfs/image/etc/s6-rc/weston/run +++ b/host/rootfs/image/etc/s6-rc/weston/run @@ -20,4 +20,9 @@ importas -i home HOME cd $home if { udevadm wait /dev/dri/card0 } unshare --cgroup --ipc --net --uts + +s6-envuidgid root +s6-envuidgid -g wayland +s6-applyuidgid -Uz +umask 002 weston -S $WAYLAND_DISPLAY
Can the socket be chmod'd after Weston starts? Running with 002 umask is not great.
If we use sd-notify-adapter, then I think so, but it wouldn't be very nice.
Using sd-notify-adapter is probably a good idea anyway, so that nothing tries to connect to the socket before it is there to connect to.
Oh, right, we actually already have readiness notification via /etc/xdg/weston/autolaunch. It won't run as root soon, but we could wait for that in the run script and do the chmod there.
What's the problem with umask 002?
It means that any files created by the service are group-writable and world-readable, which is almost never what one wants. It means that the service can't even trust a file it itself created.