On 12/9/25 03:56, Alyssa Ross wrote:
This will allow clients running as unprivileged users to connect to the compositor.
Signed-off-by: Alyssa Ross <hi@alyssa.is> --- host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 + host/rootfs/image/etc/s6-rc/weston/run | 5 +++++ 2 files changed, 6 insertions(+)
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group index e3ade46..fe72eb7 100644 --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group @@ -13,3 +13,4 @@ disk:x:11: cdrom:x:12: tape:x:13: kvm:x:14: +wayland:x:15: diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run index aa1e7b6..7cb182f 100644 --- a/host/rootfs/image/etc/s6-rc/weston/run +++ b/host/rootfs/image/etc/s6-rc/weston/run @@ -20,4 +20,9 @@ importas -i home HOME cd $home if { udevadm wait /dev/dri/card0 } unshare --cgroup --ipc --net --uts + +s6-envuidgid root +s6-envuidgid -g wayland +s6-applyuidgid -Uz +umask 002 weston -S $WAYLAND_DISPLAY
Can the socket be chmod'd after Weston starts? Running with 002 umask is not great. -- Sincerely, Demi Marie Obenour (she/her/hers)