Simon Ser <cont...@emersion.fr> writes: > On Wednesday, July 28th, 2021 at 11:17, Alyssa Ross <h...@alyssa.is> wrote: > >> A further thought I've just had -- the pid lookup is generally done >> through libwayland-server's wl_client_get_credentials(), right? So if >> libwayland-server could be taught about the proxy, and the proxy could >> communicate the pid/uid/gid to libwayland-server somehow, that could >> make this possible after all, right? > > I'm not sure a proxy is a good idea, because proxying Wayland protocols > isn't straightforward and introduces latency. > > That said, allowing sandboxes to feed back security context metadata to > the compositor is something I believe would be useful in many scenarios. > Maybe have a look at [1]? > > [1]: > https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/68
Thanks for the link! That looks very useful indeed. I've read through that and the Weston discussion it links to. We're using Virtio Wayland from Chromium OS, and I think it would be very straightforward to implement security context protocol in that. Dynamic permissions are important to us, so if I'm understanding correctly, with this model the compositor would be responsible for asking the user before taking an action in response to a client request, yes? And that would have to be implemented per compositor? (But there's definitely value to static policy as well, if only so that dynamic requests don't have to be repeated for every use of e.g. a screenshot app, and the compositor doesn't have to somehow persist them.)
signature.asc
Description: PGP signature
_______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
