aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Steinhardt <ps@pks.im>2020-09-03 21:25:33 +0200
committerSimon Ser <contact@emersion.fr>2020-09-04 11:39:25 +0200
commitfa05d3cde68de73df4cac9762f6623c6001651cc (patch)
treec35444bcde0cd73761ac8d400cbb6bbc03a3f6e1
parentefe6414640aa15cfad975dec3db427936c0450a4 (diff)
session: Don't refuse unprivileged creation of "direct" backend
When starting a compositor that's using the "direct" session backend, wlroots needs to handle calls to `drmSetMaster()` and `drmDropMaster()`. As both calls used to require `CAP_SYS_ADMIN`, wlroots thus simply refused starting in case the process doesn't enjoy evelated privileges. Permission rules have changed since linux.git commit 45bc3d26c95a (drm: rework SET_MASTER and DROP_MASTER perm handling, 2020-03-19). As a result, starting with Linux v5.8, both ioctls will now also succeed if the process is currently or has been the DRM master. And as the first process to open render nodes will become the DRM master automatically, this effectively means that process elevation is not strictly required in all setups anymore. So let's drop the `geteuid() != 0` permission check to allow those new rules to do their magic.
-rw-r--r--backend/session/direct-ipc.c14
1 files changed, 0 insertions, 14 deletions
diff --git a/backend/session/direct-ipc.c b/backend/session/direct-ipc.c
index 94f34a88..d98d4e66 100644
--- a/backend/session/direct-ipc.c
+++ b/backend/session/direct-ipc.c
@@ -24,16 +24,6 @@
enum { DRM_MAJOR = 226 };
-static bool have_permissions(void) {
-#ifdef __linux__
- if (geteuid() != 0) {
- wlr_log(WLR_ERROR, "Do not have root privileges; cannot become DRM master");
- return false;
- }
-#endif
- return true;
-}
-
static void send_msg(int sock, int fd, void *buf, size_t buf_len) {
char control[CMSG_SPACE(sizeof(fd))] = {0};
struct iovec iovec = { .iov_base = buf, .iov_len = buf_len };
@@ -223,10 +213,6 @@ void direct_ipc_finish(int sock, pid_t pid) {
}
int direct_ipc_init(pid_t *pid_out) {
- if (!have_permissions()) {
- return -1;
- }
-
int sock[2];
if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, sock) < 0) {
wlr_log_errno(WLR_ERROR, "Failed to create socket pair");