How would a game change the mode in the first place? There is no request to do so.
Anyway, I'm still going to push for a complete solution that isn't tied to Wayland and also works for DBus, but I can't convince you this is a bad idea. So, best of luck to you, and I'll shut up now :) On Mar 11, 2015 10:51 AM, "Manuel Bachmann" < manuel.bachm...@open.eurogiciel.org> wrote: > Hi Jasper, > > "Why are fullscreen and resolution change privileged operations?" > > Personally, I think fullscreen should be allowed by default, but could be > disallowed on a per-application-basis ; because a few ones could abuse it > by re-triggering repeatedly (it made a great testcase for the demo, > however). > > Regarding resolution change, I'm not even sure it's in WSM ;-), but that's > direct access to the hardware modes ; what about an app changing modes > every 5 seconds while minimized so you cannot easily kill it ? You can > imagine the compositor's default UI would be authorized, but a third-party > app (like a video game) would at least need to ask the first time. > > "I will not implement support for WSMs in mutter. I have given my opinion > on why I think technical solutions to security problems and security > policies are bogus before. I won't bother to repeat it here." > > We discussed that on IRC, I can understand your position. > > Regards, > Manuel > > 2015-03-09 21:41 GMT+01:00 Jasper St. Pierre <jstpie...@mecheye.net>: > >> On Mon, Mar 9, 2015 at 12:52 PM, Manuel Bachmann < >> manuel.bachm...@open.eurogiciel.org> wrote: >> >>> Hi Matthias, >>> >>> "I don't think it makes sense to develop a specific solution just for >>> the portion of application sandboxing that happens to overlap with >>> wayland protocol requests. The same questions need to be answered when >>> a third-party application e.g. wants to open a file or send an email." >>> >>> While it is true that the general security policy concern is a huge >>> topic, and that WSM may seem to be a too-specific solution in an ecosystem >>> where several Linux Security Modules have already been implemented, I >>> think, however, that there is a valid use case for it. >>> >>> We happen to have a more-than-20-years-old ecosystem of GUI applications >>> which were using the X11 protocol. For all these years, they were allowed >>> to exploit this protocol in various ways, which gave us the cool features >>> we could not imagine living without today. >>> >>> Then comes Wayland. It is more secure, but the cool features aren't >>> there. Sure, each compositor can do the way it wants, but application >>> developers are embarrassed . This potentially cripples the user experience >>> and slows down Wayland adoption. >>> >>> WSM is interesting because it only tries to cover GUI applications, >>> which, basically, all have the same needs : >>> - screenshooting, screen recording, color picking.... >>> - critical actions on the outputs : fullscreen, resolution change... >>> >> >> Why are fullscreen and resolution change privileged operations? >> >> >>> - access to a central clipboard ; >>> >> - replacing a vital part of the compositor (virtual keyboard, panel, >>> systray...) >>> - .... >>> >>> A Linux Security Module goes too far, has too many implications, hence >>> why it is rarely deployed excepted on server systems. But WSM is only about >>> GUI apps ; it precisely knows what it wants to be and which problems it >>> tries to address. I think, personally, that WSM has a chance of success >>> because it is pragmatic and has the privilegied timeframe for this. >>> >> >> I will not implement support for WSMs in mutter. I have given my opinion >> on why I think technical solutions to security problems and security >> policies are bogus before. I won't bother to repeat it here. >> >> >>> Regards, >>> Manuel >>> >>> 2015-03-09 14:30 GMT+01:00 Matthias Clasen <matthias.cla...@gmail.com>: >>> >>>> On Mon, Mar 9, 2015 at 1:38 AM, Manuel Bachmann >>>> <manuel.bachm...@open.eurogiciel.org> wrote: >>>> >>>> > Any comments on this ? >>>> > >>>> >>>> I don't think it makes sense to develop a specific solution just for >>>> the portion of application sandboxing that happens to overlap with >>>> wayland protocol requests. The same questions need to be answered when >>>> a third-party application e.g. wants to open a file or send an email. >>>> >>> >>> >>> >>> -- >>> Regards, >>> >>> >>> >>> *Manuel BACHMANN Tizen Project VANNES-FR* >>> >>> _______________________________________________ >>> wayland-devel mailing list >>> wayland-devel@lists.freedesktop.org >>> http://lists.freedesktop.org/mailman/listinfo/wayland-devel >>> >>> >> >> >> -- >> Jasper >> > > > > -- > Regards, > > > > *Manuel BACHMANN Tizen Project VANNES-FR* >
_______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/wayland-devel
