Hi Bartłomiej, Thanks for sending this.
I'd like to share the work we've done in the case of weston these last days. We managed to have weston run as a system daemon without root account. In the recent Tizen:Common wayland images (for example here [1]), we run weston in the following conditions: - started by systemd (system) outside user sessions - with a system user 'display' and system group 'display' (no root) - on tty7 (X nostalgia :-) but also to see messages on tty1!) - of course, we can revert to tty1... - without weston-launch (no step as root, no pending process, no extra PAM session) - the compositor is shared by multiple users - thus any user or daemon being in the group 'display' can be a weston client and show something on the screen. The trick is to do a symbolic link into the user's XDG_RUNTIME_DIR to the real weston socket (in /run/display/) Also, weston could be modified to handle this without tricks. Security (WIP, not finalized yet): - granular permissions have been set on devices needed by weston: (/dev/dri/*, /dev/tty7, /dev/input/event*) by extra udev rules which set DAC and SMACK labels '*' - the wayland socket in /run/display/ is writable by the group 'display' and has a SMACK label '*' - real users must be in the group 'display' to be able to open a wayland connection With the recent upgrade to kernel 3.14, weston now works also in multi screen. Handling multiple users on the same screen or on multiple screens is another topic: the weston shell should be responsible for assigning users to physical displays (seats) and/or decide to share a given screen between users. Everything depends on the wanted policy and the use cases. I'll check if our setup meets the guidelines you're actually constructing on the wiki. Meanwhile, dear devlist, your feedback may be interesting. Best regards, Stéphane [1] http://download.tizen.org/snapshots/tizen/generic/generic-wayland-x86_64/tizen_20140414.7/images/generic-qa-unsafe-wayland-mbr-x86_64/ -- Stéphane Desneux Intel OTC - Vannes/FR gpg:1CA35726/DFA9B0232EF80493AF2891FA24E3A2841CA35726 On 14/04/2014 16:20, Bartlomiej Grzelewski wrote: > Dear all, > > My team was asked to reduce number of process with root privileges. We > prepared wiki pages that points tools and describe process of daemon > analysis. > > https://wiki.tizen.org/wiki/Security:Analysing_security_privileges_of_tizen_ > services > https://wiki.tizen.org/wiki/Security:Capable_Probe_Module > > Pages are being constructed, but is highest time to share and probably start > a discussion. > > Best regards, > -- > Bartłomiej Grzelewski > Samsung R&D Institute Poland > Samsung Electronics > > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev > _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
