diff options
author | Patrick Steinhardt <ps@pks.im> | 2020-09-03 21:25:33 +0200 |
---|---|---|
committer | Simon Ser <contact@emersion.fr> | 2020-09-04 11:39:25 +0200 |
commit | fa05d3cde68de73df4cac9762f6623c6001651cc (patch) | |
tree | c35444bcde0cd73761ac8d400cbb6bbc03a3f6e1 /backend | |
parent | efe6414640aa15cfad975dec3db427936c0450a4 (diff) |
session: Don't refuse unprivileged creation of "direct" backend
When starting a compositor that's using the "direct" session backend,
wlroots needs to handle calls to `drmSetMaster()` and `drmDropMaster()`.
As both calls used to require `CAP_SYS_ADMIN`, wlroots thus simply
refused starting in case the process doesn't enjoy evelated privileges.
Permission rules have changed since linux.git commit 45bc3d26c95a (drm:
rework SET_MASTER and DROP_MASTER perm handling, 2020-03-19). As a
result, starting with Linux v5.8, both ioctls will now also succeed if
the process is currently or has been the DRM master. And as the first
process to open render nodes will become the DRM master automatically,
this effectively means that process elevation is not strictly required
in all setups anymore.
So let's drop the `geteuid() != 0` permission check to allow those new
rules to do their magic.
Diffstat (limited to 'backend')
-rw-r--r-- | backend/session/direct-ipc.c | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/backend/session/direct-ipc.c b/backend/session/direct-ipc.c index 94f34a88..d98d4e66 100644 --- a/backend/session/direct-ipc.c +++ b/backend/session/direct-ipc.c @@ -24,16 +24,6 @@ enum { DRM_MAJOR = 226 }; -static bool have_permissions(void) { -#ifdef __linux__ - if (geteuid() != 0) { - wlr_log(WLR_ERROR, "Do not have root privileges; cannot become DRM master"); - return false; - } -#endif - return true; -} - static void send_msg(int sock, int fd, void *buf, size_t buf_len) { char control[CMSG_SPACE(sizeof(fd))] = {0}; struct iovec iovec = { .iov_base = buf, .iov_len = buf_len }; @@ -223,10 +213,6 @@ void direct_ipc_finish(int sock, pid_t pid) { } int direct_ipc_init(pid_t *pid_out) { - if (!have_permissions()) { - return -1; - } - int sock[2]; if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, sock) < 0) { wlr_log_errno(WLR_ERROR, "Failed to create socket pair"); |