[PATCH] img/app: fix X11

8 Dec 2025

Xwayland only accepts connections from the user it's running as.  It
is started by wayland-proxy-virtwl, which does not allow passing extra
options, so we can't change its authentication method.

Therefore, the only way for X11 to work with the current software is
to run wayland-proxy-virtwl as the same user as the application.

I expect that in the near future, we will use xwayland-satellite
instead of the built-in Xwayland translation in wayland-proxy-virtwl.
When that happens, we can run the stub compositor as its own user
again.

Fixes: cb27e3a ("img/app: wayland-proxy-virtwl: run as non-root")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 img/app/image/etc/group                          | 1 -
 img/app/image/etc/mdev.conf                      | 2 +-
 img/app/image/etc/passwd                         | 1 -
 img/app/image/etc/s6-rc/wayland-proxy-virtwl/run | 2 +-
 4 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/img/app/image/etc/group b/img/app/image/etc/group
index b2c3a2e..e84da60 100644
--- a/img/app/image/etc/group
+++ b/img/app/image/etc/group
@@ -1,4 +1,3 @@
-wayland:x:1:wayland
 wireplumber:x:2:wireplumber
 pipewire:x:3:pipewire
 user:x:1000:user
diff --git a/img/app/image/etc/mdev.conf b/img/app/image/etc/mdev.conf
index d4cd825..33a07d6 100644
--- a/img/app/image/etc/mdev.conf
+++ b/img/app/image/etc/mdev.conf
@@ -4,7 +4,7 @@
 -$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS
 $INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
 $MODALIAS=virtio:d0000001Av.* 0:0 0 ! +/etc/mdev/virtiofs
-dri/card0 wayland:wayland 660 +background { /etc/mdev/listen card0 }
+dri/card0 user:user 660 +background { /etc/mdev/listen card0 }
 
 -SUBSYSTEM=sound;.* pipewire:pipewire 660
 snd/controlC0 pipewire:pipewire 660 +background { /etc/mdev/listen controlC0 }
diff --git a/img/app/image/etc/passwd b/img/app/image/etc/passwd
index 08324b0..425908e 100644
--- a/img/app/image/etc/passwd
+++ b/img/app/image/etc/passwd
@@ -1,5 +1,4 @@
 root:x:0:0:System administrator:/run/root:/bin/sh
-wayland:x:1:1:wayland-proxy-virtwl service user:/:/usr/bin/nologin
 wireplumber:x:2:2:WirePlumber service user:/:/usr/bin/nologin
 pipewire:x:3:3:PipeWire service user:/:/usr/bin/nologin
 user:x:1000:1000:Spectrum application user:/home/user:/bin/sh
diff --git a/img/app/image/etc/s6-rc/wayland-proxy-virtwl/run b/img/app/image/etc/s6-rc/wayland-proxy-virtwl/run
index 86d7f63..5d06b7a 100755
--- a/img/app/image/etc/s6-rc/wayland-proxy-virtwl/run
+++ b/img/app/image/etc/s6-rc/wayland-proxy-virtwl/run
@@ -26,6 +26,6 @@ export LISTEN_FDS 2
 export LISTEN_FDNAMES wayland:x11
 getpid LISTEN_PID
 
-s6-setuidgid wayland
+s6-setuidgid user
 
 wayland-proxy-virtwl --virtio-gpu --x-display=0

base-commit: 5104fa720ce8b00612c5487fc47124fbf99e58c6
-- 
2.51.0

    

Alyssa Ross

Demi Marie Obenour

Alyssa Ross

tags

participants (3)