Github messages for voidlinux
 help / color / Atom feed
* [PR PATCH] wayland-compositors: use elogind
@ 2020-04-22  2:44 travankor
  2020-04-22 17:25 ` ericonr
                   ` (30 more replies)
  0 siblings, 31 replies; 32+ messages in thread
From: travankor @ 2020-04-22  2:44 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 343 bytes --]

There is a new pull request by travankor against master on the void-packages repository

https://github.com/travankor/void-packages wayland
https://github.com/void-linux/void-packages/pull/21233

wayland-compositors: use elogind
Hopefully fixes #20930

A patch file from https://github.com/void-linux/void-packages/pull/21233.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-wayland-21233.patch --]
[-- Type: text/x-diff, Size: 4442 bytes --]

From 1758bf127d8a1349810cf742d419fd36b9699347 Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:39:44 -0700
Subject: [PATCH 1/4] sway: enable elogind build option by default.

---
 srcpkgs/sway/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/sway/template b/srcpkgs/sway/template
index 964702f3948..1bd914ce0ef 100644
--- a/srcpkgs/sway/template
+++ b/srcpkgs/sway/template
@@ -17,6 +17,7 @@ distfiles="https://github.com/swaywm/${pkgname}/archive/${version}.tar.gz"
 checksum=e2805291fc01d49e21dda4b273e38170d1fff4e1757215439729edbed880dfbe
 
 build_options="elogind"
+build_options_default="elogind"
 desc_option_elogind="Uses elogind instead of setuid for privilege escalation"
 
 post_patch() {
@@ -26,7 +27,7 @@ post_patch() {
 post_install() {
 	vlicense LICENSE
 	if [ -z "$build_option_elogind" ]; then
-		# must be setuid without logind!
+		# must be setuid without logind
 		chmod u+s ${DESTDIR}/usr/bin/sway
 	fi
 }

From edb143abd7b55479c2fa9d3445e36bd62f09d25e Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:40:00 -0700
Subject: [PATCH 2/4] wayfire: add and enable elogind build option by default.

---
 srcpkgs/wayfire/template | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/srcpkgs/wayfire/template b/srcpkgs/wayfire/template
index 4f7aabbef14..adfb0f55160 100644
--- a/srcpkgs/wayfire/template
+++ b/srcpkgs/wayfire/template
@@ -5,6 +5,7 @@ revision=1
 build_style=meson
 hostmakedepends="pkg-config wayland-devel"
 makedepends="xcb-util-wm-devel xcb-util-errors-devel glm cairo-devel wf-config-devel"
+depends="xorg-server-xwayland $(vopt_if elogind elogind)"
 short_desc="3D wayland compositor"
 maintainer="Young Jin Park <youngjinpark20@gmail.com>"
 license="MIT"
@@ -12,6 +13,10 @@ homepage="https://wayfire.org"
 distfiles="https://github.com/WayfireWM/wayfire/archive/${version}.tar.gz"
 checksum=9c009c01bccce97149d0695b5429cf44787fdc1423c58425ba8e8de601019e97
 
+build_options="elogind"
+build_options_default="elogind"
+desc_option_elogind="Uses elogind instead of setuid for privilege escalation"
+
 if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
 	makedepends+=" libexecinfo-devel"
 fi
@@ -19,4 +24,8 @@ fi
 post_install() {
 	vlicense LICENSE
 	vsconf wayfire.ini
+	if [ -z "$build_option_elogind" ]; then
+		# must be setuid without logind
+		chmod u+s ${DESTDIR}/usr/bin/wayfire
+	fi
 }

From 6c23ae19eec85304615075ec773c868a0a91cebd Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:40:21 -0700
Subject: [PATCH 3/4] cage: add and enable elogind build option by default.

---
 srcpkgs/cage/template | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/srcpkgs/cage/template b/srcpkgs/cage/template
index 49342bf81c7..f079f83954f 100644
--- a/srcpkgs/cage/template
+++ b/srcpkgs/cage/template
@@ -5,6 +5,7 @@ revision=2
 build_style=meson
 hostmakedepends="pkg-config wayland-devel"
 makedepends="xcb-util-wm-devel xcb-util-errors-devel libxkbcommon-devel pixman-devel wayland-devel wlroots-devel"
+depends="$(vopt_if elogind elogind)"
 short_desc="Kiosk compositor for Wayland"
 maintainer="Illia Shestakov <ishestakov@airmail.cc>"
 license="MIT"
@@ -12,7 +13,15 @@ homepage="https://www.hjdskes.nl/projects/cage/"
 distfiles="https://github.com/Hjdskes/cage/archive/v${version}.tar.gz"
 checksum=63efbe96cf307381f2bedf9b80153343e255970a70d612515da7dc325dd49478
 
+build_options="elogind"
+build_options_default="elogind"
+desc_option_elogind="Uses elogind instead of setuid for privilege escalation"
+
 post_install() {
 	vlicense LICENSE
 	vdoc README.md
+	if [ -z "$build_option_elogind" ]; then
+		# must be setuid without logind
+		chmod u+s ${DESTDIR}/usr/bin/cage
+	fi
 }

From c3b7a9ad131a5d549c135e53e2dc42912ffcda19 Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:40:36 -0700
Subject: [PATCH 4/4] weston: enable elogind build option by default.

---
 srcpkgs/weston/template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/srcpkgs/weston/template b/srcpkgs/weston/template
index 5248a920dd9..ece6fa3ba83 100644
--- a/srcpkgs/weston/template
+++ b/srcpkgs/weston/template
@@ -23,6 +23,7 @@ lib32disabled=yes
 
 # Package build options
 build_options="elogind vaapi"
+build_options_default="elogind"
 desc_option_elogind="Use elogind for suidless startup"
 
 case "$XBPS_TARGET_MACHINE" in

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
@ 2020-04-22 17:25 ` ericonr
  2020-04-23  1:12 ` ericonr
                   ` (29 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-04-22 17:25 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 437 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-617919108

Comment:
Looks good to me. Removing setuid feels like the correct path. We should perhaps document that this is the correct way of setting up Wayland compositors (not sure where that would go, though).

@Duncaen Do you think it would be bad to completely remove the elogind option to make it compulsory?

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
  2020-04-22 17:25 ` ericonr
@ 2020-04-23  1:12 ` ericonr
  2020-04-23  1:12 ` ericonr
                   ` (28 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-04-23  1:12 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 472 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-618119427

Comment:
https://github.com/swaywm/sway/wiki/Running-Sway-without-systemd

As a reference: upstream recommends logind or elogind. setuid is the next best solution, with security implications. Capabilities seems to be the worst. As a distro we can, of course, make the choice to use setuid, even if I believe it's far from the best method.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
  2020-04-22 17:25 ` ericonr
  2020-04-23  1:12 ` ericonr
@ 2020-04-23  1:12 ` ericonr
  2020-04-23  7:08 ` travankor
                   ` (27 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-04-23  1:12 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 467 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-618119427

Comment:
https://github.com/swaywm/sway/wiki/Running-Sway-without-systemd

As a reference: upstream recommends logind or elogind. setuid is the next best solution, with security implications. Capabilities seems to be the worst. As a distro we can, of course, make the choice to use setuid, even if I believe it's not the best method.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (2 preceding siblings ...)
  2020-04-23  1:12 ` ericonr
@ 2020-04-23  7:08 ` travankor
  2020-04-23  7:09 ` travankor
                   ` (26 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-04-23  7:08 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 1171 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-618221977

Comment:
Well, I set elogind as the default option, and added setuid so that people can opt-in to setuid. This seems perfectly reasonable to me.

Some reasons I don't like logind off the top of my head:

- Dbus/polkit integration: polkit literally depends on a javascript interpreter and people striving for a KISS desktop don't need these

- Musl is a second class citizen (no upstream support, and elogind has a bus factor of one)

- Xorg is still root by default on Void

- There are nontrivial issues with elogind and ACPI (like crashing after suspend or not suspending at all)

- Code churn and upstream has zero interest in regression testing

- Logind is more LOC than sway+wlroots combined

- If dbus breaks, elogind probably will too

- freedesktop.org specifications are dumb

The only two upsides of logind are 1) it works out of the box and 2) multi-seat, which 95% of people don't use.

setuid on a local machine is less of a concern than say running a web server locally or using ssh agent forwarding.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (3 preceding siblings ...)
  2020-04-23  7:08 ` travankor
@ 2020-04-23  7:09 ` travankor
  2020-04-23  7:10 ` travankor
                   ` (25 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-04-23  7:09 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 1183 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-618221977

Comment:
Well, I set elogind as the default option, and added setuid so that people can opt-in to setuid. This seems perfectly reasonable to me.

Some reasons I don't like logind off the top of my head:

- Dbus/polkit integration: polkit literally depends on a javascript interpreter and people striving for a KISS desktop don't need these

- Musl is a second class citizen (no upstream support, and elogind has a bus factor of one)

- Xorg is still root by default on Void

- There are nontrivial issues with elogind and ACPI (like crashing after suspend or not suspending at all)

- Code churn and upstream has zero interest in regression testing

- Logind is more LOC than sway+wlroots combined

- If dbus breaks, elogind probably will too

- freedesktop.org specifications are dumb

The only two upsides of logind that I know are 1) it works out of the box and 2) multi-seat, which 95% of people don't use.

setuid on a local machine is less of a concern than say running a web server locally or using ssh agent forwarding.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (4 preceding siblings ...)
  2020-04-23  7:09 ` travankor
@ 2020-04-23  7:10 ` travankor
  2020-04-23 20:21 ` ericonr
                   ` (24 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-04-23  7:10 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 1190 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-618221977

Comment:
Well, I set elogind as the default option, and added setuid so that people can opt-in to setuid. This seems perfectly reasonable to me.

Some reasons I don't like logind off the top of my head:

- Dbus/polkit integration: polkit literally depends on a javascript interpreter and people striving for a KISS desktop don't need these

- Musl is a second class citizen (no upstream support, and elogind has a bus factor of one)

- Xorg is still root by default on Void

- There are nontrivial issues with elogind and ACPI (like crashing after suspend or not suspending at all)

- Code churn and upstream has zero interest in regression testing

- Logind is more LOC than sway+wlroots combined

- If dbus breaks, elogind probably will too

- freedesktop.org specifications are dumb

The only two upsides of logind that I know are 1) it works out of the box and 2) multi-seat, which 95% of people don't use.

setuid on a local machine is less of a concern than say running a public web server locally or using ssh agent forwarding.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (5 preceding siblings ...)
  2020-04-23  7:10 ` travankor
@ 2020-04-23 20:21 ` ericonr
  2020-04-23 20:22 ` ericonr
                   ` (23 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-04-23 20:21 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 1314 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-618645476

Comment:
> Dbus/polkit integration: polkit literally depends on a javascript interpreter and people striving for a KISS desktop don't need these

I think D-Bus is ok, it adds a lot of value, at least from my experience. Polkit I agree has a lot of architectural issues, which is why I only enabled it when I was trying to get flatpak to work.

> Xorg is still root by default on Void

This is, of course, something we can try to change.

> multi-seat, which 95% of people don't use

Good point.

> Logind is more LOC than sway+wlroots combined

Fork elogind and remove multi-seat implementation? Not kidding, I'd be very interested in knowing about a small program for the elogind functionality we need (and if that's even possible). I know ConsoleKit2 was a part of that, but it's unmaintained and seemed quite large still.

> setuid on a local machine is less of a concern than say running a public web server locally or using ssh agent forwarding.

I don't know how to make this judgment. If it's determined not to be a huge risk, I don't have any issue with removing `elogind` as the default option. I mostly want Wayland compositors to have uniform templates.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (6 preceding siblings ...)
  2020-04-23 20:21 ` ericonr
@ 2020-04-23 20:22 ` ericonr
  2020-04-24  6:59 ` travankor
                   ` (22 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-04-23 20:22 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 1351 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-618645476

Comment:
> Dbus/polkit integration: polkit literally depends on a javascript interpreter and people striving for a KISS desktop don't need these

I think D-Bus is ok, it adds a lot of value, at least from my experience. Polkit I agree has a lot of architectural issues, which is why I only enabled it when I was trying to get flatpak to work. D-Bus is a dependency, polkit isn't.

> Xorg is still root by default on Void

This is, of course, something we can try to change.

> multi-seat, which 95% of people don't use

Good point.

> Logind is more LOC than sway+wlroots combined

Fork elogind and remove multi-seat implementation? Not kidding, I'd be very interested in knowing about a small program for the elogind functionality we need (and if that's even possible). I know ConsoleKit2 was a part of that, but it's unmaintained and seemed quite large still.

> setuid on a local machine is less of a concern than say running a public web server locally or using ssh agent forwarding.

I don't know how to make this judgment. If it's determined not to be a huge risk, I don't have any issue with removing `elogind` as the default option. I mostly want Wayland compositors to have uniform templates.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (7 preceding siblings ...)
  2020-04-23 20:22 ` ericonr
@ 2020-04-24  6:59 ` travankor
  2020-04-25 18:22 ` ShinyRice
                   ` (21 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-04-24  6:59 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 1216 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-618221977

Comment:
Well, I set elogind as the default option, and added setuid so that people can opt-in to setuid. This seems perfectly reasonable to me.

Some reasons I don't like logind off the top of my head:

- Dbus/polkit integration: polkit literally depends on a javascript interpreter and people striving for a KISS desktop don't need these

- Musl is a second class citizen (no upstream support, and elogind has a bus factor of one)

- Xorg is still root by default on Void

- There are nontrivial issues with elogind and ACPI (like crashing after suspend or not suspending at all)

- Code churn and upstream has zero interest in regression testing

- Logind is more LOC than sway+wlroots combined

- If dbus breaks, elogind probably will too

- freedesktop.org specifications are dumb

The only two upsides of logind that I know are 1) it works out of the box and 2) multi-seat, which 95% of people don't use.

setuid (with adequate priv drop) on a local machine is less of a concern than say running a public web server locally or using ssh agent forwarding.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (8 preceding siblings ...)
  2020-04-24  6:59 ` travankor
@ 2020-04-25 18:22 ` ShinyRice
  2020-04-25 18:23 ` ShinyRice
                   ` (20 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ShinyRice @ 2020-04-25 18:22 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 774 bytes --]

New comment by ShinyRice on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-619421007

Comment:
Can't both elogind and setuid options coexist, though? Or maybe I just imagined that happening in Artix? Do correct me if I'm wrong here.

I do have one argument in favour of setuid: one of the things elogind does for you is to correctly set XDG_RUNTIME_DIR and, more importantly, creating that folder in /run/user/$UID, instead of having it in /home/$USER, for security reasons if I'm not mistaken here either. Can't that just be done with a simple service that creates it at boot? Or does elogind offer more functionality for Sway and its wlroots ilk? Otherwise, I can't really fathom having to install elogind just to do that.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (9 preceding siblings ...)
  2020-04-25 18:22 ` ShinyRice
@ 2020-04-25 18:23 ` ShinyRice
  2020-04-25 19:43 ` hippi777
                   ` (19 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ShinyRice @ 2020-04-25 18:23 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 778 bytes --]

New comment by ShinyRice on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-619421007

Comment:
Can't both elogind and setuid options coexist, though? Or maybe I just imagined that happening in Artix? Do correct me if I'm wrong here.

I do have one argument in favour of setuid: one of the things elogind does for you is to correctly set XDG_RUNTIME_DIR and, more importantly, creating that folder at /run/user/$UID, instead of having it within /home/$USER, for security reasons if I'm not mistaken here either. Can't that just be done with a simple service that creates it at boot? Or does elogind offer more functionality for Sway and its wlroots ilk? Otherwise, I can't really fathom having to install elogind just to do that.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (10 preceding siblings ...)
  2020-04-25 18:23 ` ShinyRice
@ 2020-04-25 19:43 ` hippi777
  2020-04-25 19:48 ` hippi777
                   ` (18 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: hippi777 @ 2020-04-25 19:43 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 1274 bytes --]

New comment by hippi777 on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-619431069

Comment:
hi there! :)

(others: plz correct me in case of need)

@ShinyRice: i believe they can, but that renders elogind useless, as it is a capability based protection right for avoiding setuid, or maybe im wrong here, as most likely it is about what u r already running in case of graphics stuffs, instead of what can be run... setuid is considered to be harmful cuz if the given app has a way to do anything nasty (like when it has a small bug or forgotten corner case), then it will do that with root privileges, and it can reach more stuffs than anything limited by capabilities... otherwise using a system alone (dont forget about special users, like admin for vesta control panel, just for an irrelevant example, as u probably wont have vesta on ur daily driver and u probably wont have graphics on ur server) means that other users wont be an issue for ur security, but if u run anything with ur own privileges that can harm u, then most likely u r already wrecked, as priv escalation have so many ways, and u probably care about ur data, not ur system, and ur data is already in the wrong hands even before a priv escalation :D

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (11 preceding siblings ...)
  2020-04-25 19:43 ` hippi777
@ 2020-04-25 19:48 ` hippi777
  2020-04-27 14:44 ` ericonr
                   ` (17 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: hippi777 @ 2020-04-25 19:48 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 1643 bytes --]

New comment by hippi777 on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-619431069

Comment:
hi there! :)

(others: plz correct me in case of need)

@ShinyRice: i believe they can, but that renders elogind useless, as it is a capability based protection right for avoiding setuid, or maybe im wrong here, as most likely it is about what u r already running in case of graphics stuffs, instead of what can be run... setuid is considered to be harmful cuz if the given app has a way to do anything nasty (like when it has a small bug or forgotten corner case), then it will do that with root privileges, and it can reach more stuffs than anything limited by capabilities... otherwise using a system alone (dont forget about special users, like admin for vesta control panel, just for an irrelevant example, as u probably wont have vesta on ur daily driver and u probably wont have graphics on ur server) means that other users wont be an issue for ur security, but if u run anything with ur own privileges that can harm u, then most likely u r already wrecked, as priv escalation have so many ways, and u probably care about ur data, not ur system, and ur data is already in the wrong hands even before a priv escalation :D

btw i think firejail, apparmor and whatever else could be used as well, but im not really in the depths of these topics to be enough self-confident about what im saying here :D

btw/2 is that possible to run whatever desktop environment that is installed into ~/ with the user as its owner (in case of a single user system), or they need some special permissions?

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (12 preceding siblings ...)
  2020-04-25 19:48 ` hippi777
@ 2020-04-27 14:44 ` ericonr
  2020-04-27 20:56 ` [PR PATCH] [Updated] " travankor
                   ` (16 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-04-27 14:44 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 429 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-620031915

Comment:
@travankor you need to change the `INSTALL.msg` for `wayfire`, because it will either stop requiring elogind or elogind will be installed already.

I support setuid as a solution, btw. Sway, at least, seems to use elogind even with setuid, so it seems to drop privileges pretty quickly.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR PATCH] [Updated] wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (13 preceding siblings ...)
  2020-04-27 14:44 ` ericonr
@ 2020-04-27 20:56 ` travankor
  2020-04-27 20:57 ` travankor
                   ` (15 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-04-27 20:56 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 348 bytes --]

There is an updated pull request by travankor against master on the void-packages repository

https://github.com/travankor/void-packages wayland
https://github.com/void-linux/void-packages/pull/21233

wayland-compositors: use elogind
Hopefully fixes #20930

A patch file from https://github.com/void-linux/void-packages/pull/21233.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-wayland-21233.patch --]
[-- Type: text/x-diff, Size: 4909 bytes --]

From 1758bf127d8a1349810cf742d419fd36b9699347 Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:39:44 -0700
Subject: [PATCH 1/4] sway: enable elogind build option by default.

---
 srcpkgs/sway/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/sway/template b/srcpkgs/sway/template
index 964702f3948..1bd914ce0ef 100644
--- a/srcpkgs/sway/template
+++ b/srcpkgs/sway/template
@@ -17,6 +17,7 @@ distfiles="https://github.com/swaywm/${pkgname}/archive/${version}.tar.gz"
 checksum=e2805291fc01d49e21dda4b273e38170d1fff4e1757215439729edbed880dfbe
 
 build_options="elogind"
+build_options_default="elogind"
 desc_option_elogind="Uses elogind instead of setuid for privilege escalation"
 
 post_patch() {
@@ -26,7 +27,7 @@ post_patch() {
 post_install() {
 	vlicense LICENSE
 	if [ -z "$build_option_elogind" ]; then
-		# must be setuid without logind!
+		# must be setuid without logind
 		chmod u+s ${DESTDIR}/usr/bin/sway
 	fi
 }

From 0adf2098b133eee4d1ccd28b9dc036e259f9fb8a Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:40:00 -0700
Subject: [PATCH 2/4] wayfire: add and enable elogind build option by default.

---
 srcpkgs/wayfire/INSTALL.msg | 2 --
 srcpkgs/wayfire/template    | 9 +++++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/wayfire/INSTALL.msg b/srcpkgs/wayfire/INSTALL.msg
index 164d23c2b3a..622f1a4a6c4 100644
--- a/srcpkgs/wayfire/INSTALL.msg
+++ b/srcpkgs/wayfire/INSTALL.msg
@@ -1,5 +1,3 @@
 Before running Wayfire, copy the default configuration file to your user:
 
   cp /usr/share/examples/wayfire/wayfire.ini ~/.config/wayfire.ini
-
-You also probably want to install elogind, then restart your computer
diff --git a/srcpkgs/wayfire/template b/srcpkgs/wayfire/template
index 4f7aabbef14..adfb0f55160 100644
--- a/srcpkgs/wayfire/template
+++ b/srcpkgs/wayfire/template
@@ -5,6 +5,7 @@ revision=1
 build_style=meson
 hostmakedepends="pkg-config wayland-devel"
 makedepends="xcb-util-wm-devel xcb-util-errors-devel glm cairo-devel wf-config-devel"
+depends="xorg-server-xwayland $(vopt_if elogind elogind)"
 short_desc="3D wayland compositor"
 maintainer="Young Jin Park <youngjinpark20@gmail.com>"
 license="MIT"
@@ -12,6 +13,10 @@ homepage="https://wayfire.org"
 distfiles="https://github.com/WayfireWM/wayfire/archive/${version}.tar.gz"
 checksum=9c009c01bccce97149d0695b5429cf44787fdc1423c58425ba8e8de601019e97
 
+build_options="elogind"
+build_options_default="elogind"
+desc_option_elogind="Uses elogind instead of setuid for privilege escalation"
+
 if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
 	makedepends+=" libexecinfo-devel"
 fi
@@ -19,4 +24,8 @@ fi
 post_install() {
 	vlicense LICENSE
 	vsconf wayfire.ini
+	if [ -z "$build_option_elogind" ]; then
+		# must be setuid without logind
+		chmod u+s ${DESTDIR}/usr/bin/wayfire
+	fi
 }

From 1af93186a663933f3d0da0966b1da6ee0f74b681 Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:40:21 -0700
Subject: [PATCH 3/4] cage: add and enable elogind build option by default.

---
 srcpkgs/cage/template | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/srcpkgs/cage/template b/srcpkgs/cage/template
index 49342bf81c7..f079f83954f 100644
--- a/srcpkgs/cage/template
+++ b/srcpkgs/cage/template
@@ -5,6 +5,7 @@ revision=2
 build_style=meson
 hostmakedepends="pkg-config wayland-devel"
 makedepends="xcb-util-wm-devel xcb-util-errors-devel libxkbcommon-devel pixman-devel wayland-devel wlroots-devel"
+depends="$(vopt_if elogind elogind)"
 short_desc="Kiosk compositor for Wayland"
 maintainer="Illia Shestakov <ishestakov@airmail.cc>"
 license="MIT"
@@ -12,7 +13,15 @@ homepage="https://www.hjdskes.nl/projects/cage/"
 distfiles="https://github.com/Hjdskes/cage/archive/v${version}.tar.gz"
 checksum=63efbe96cf307381f2bedf9b80153343e255970a70d612515da7dc325dd49478
 
+build_options="elogind"
+build_options_default="elogind"
+desc_option_elogind="Uses elogind instead of setuid for privilege escalation"
+
 post_install() {
 	vlicense LICENSE
 	vdoc README.md
+	if [ -z "$build_option_elogind" ]; then
+		# must be setuid without logind
+		chmod u+s ${DESTDIR}/usr/bin/cage
+	fi
 }

From 2a8fd4174ba337d67f14fad7a8e9ab5d863dc87f Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:40:36 -0700
Subject: [PATCH 4/4] weston: enable elogind build option by default.

---
 srcpkgs/weston/template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/srcpkgs/weston/template b/srcpkgs/weston/template
index 5248a920dd9..ece6fa3ba83 100644
--- a/srcpkgs/weston/template
+++ b/srcpkgs/weston/template
@@ -23,6 +23,7 @@ lib32disabled=yes
 
 # Package build options
 build_options="elogind vaapi"
+build_options_default="elogind"
 desc_option_elogind="Use elogind for suidless startup"
 
 case "$XBPS_TARGET_MACHINE" in

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (14 preceding siblings ...)
  2020-04-27 20:56 ` [PR PATCH] [Updated] " travankor
@ 2020-04-27 20:57 ` travankor
  2020-05-06  4:04 ` ericonr
                   ` (14 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-04-27 20:57 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 300 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-620230033

Comment:
Thanks and fixed.

>Sway, at least, seems to use elogind even with setuid, so it seems to drop privileges pretty quickly.

Using both doesn't make sense.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (15 preceding siblings ...)
  2020-04-27 20:57 ` travankor
@ 2020-05-06  4:04 ` ericonr
  2020-05-06  8:44 ` travankor
                   ` (13 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-05-06  4:04 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 437 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-624430520

Comment:
@travankor I think you need to rebase it again. And what I meant is that even if you install Sway with setuid, if the system has elogind installed, it uses elogind to access the display. At least when I killed the elogind service in my system it killed the compositor's access to DRM immediately.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (16 preceding siblings ...)
  2020-05-06  4:04 ` ericonr
@ 2020-05-06  8:44 ` travankor
  2020-05-06  8:47 ` travankor
                   ` (12 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-05-06  8:44 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 364 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-624519503

Comment:
Let's wait for a void-pkgs committer to accept or reject this -- unless there's some ongoing discussion on IRC or something that I'm not a part of? (I don't have a bouncer, so I just join whenever I have questions to ask)

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (17 preceding siblings ...)
  2020-05-06  8:44 ` travankor
@ 2020-05-06  8:47 ` travankor
  2020-05-06  8:47 ` travankor
                   ` (11 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-05-06  8:47 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 347 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-624520754

Comment:
>And what I meant is that even if you install Sway with setuid, if the system has elogind installed, it uses elogind to access the display

This is one of the good motivations in favour for this change.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (18 preceding siblings ...)
  2020-05-06  8:47 ` travankor
@ 2020-05-06  8:47 ` travankor
  2020-05-06  8:49 ` travankor
                   ` (10 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-05-06  8:47 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 346 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-624520754

Comment:
>And what I meant is that even if you install Sway with setuid, if the system has elogind installed, it uses elogind to access the display

This is one of the good motivations in favour of this change.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (19 preceding siblings ...)
  2020-05-06  8:47 ` travankor
@ 2020-05-06  8:49 ` travankor
  2020-05-06 12:35 ` [PR PATCH] [Updated] " travankor
                   ` (9 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-05-06  8:49 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 429 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-624520754

Comment:
>And what I meant is that even if you install Sway with setuid, if the system has elogind installed, it uses elogind to access the display

This is one of the good motivations in favour of this change. If you're dual-booting with GNOME, for example, you will want the elogind variant.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR PATCH] [Updated] wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (20 preceding siblings ...)
  2020-05-06  8:49 ` travankor
@ 2020-05-06 12:35 ` travankor
  2020-05-06 19:15 ` ericonr
                   ` (8 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-05-06 12:35 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 348 bytes --]

There is an updated pull request by travankor against master on the void-packages repository

https://github.com/travankor/void-packages wayland
https://github.com/void-linux/void-packages/pull/21233

wayland-compositors: use elogind
Hopefully fixes #20930

A patch file from https://github.com/void-linux/void-packages/pull/21233.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-wayland-21233.patch --]
[-- Type: text/x-diff, Size: 4944 bytes --]

From 07e41dc719080d376f0cc3f61894efe749714ea2 Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:39:44 -0700
Subject: [PATCH 1/4] sway: enable elogind build option by default.

---
 srcpkgs/sway/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/sway/template b/srcpkgs/sway/template
index ff20221bde8..35d15a1bb54 100644
--- a/srcpkgs/sway/template
+++ b/srcpkgs/sway/template
@@ -17,6 +17,7 @@ distfiles="https://github.com/swaywm/${pkgname}/archive/${version}.tar.gz"
 checksum=e2805291fc01d49e21dda4b273e38170d1fff4e1757215439729edbed880dfbe
 
 build_options="elogind"
+build_options_default="elogind"
 desc_option_elogind="Uses elogind instead of setuid for privilege escalation"
 
 post_patch() {
@@ -26,7 +27,7 @@ post_patch() {
 post_install() {
 	vlicense LICENSE
 	if [ -z "$build_option_elogind" ]; then
-		# must be setuid without logind!
+		# must be setuid without logind
 		chmod u+s ${DESTDIR}/usr/bin/sway
 	fi
 }

From ff2bb3364325265684df9122f37c9738a20782e8 Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:40:00 -0700
Subject: [PATCH 2/4] wayfire: add and enable elogind build option by default.

---
 srcpkgs/wayfire/INSTALL.msg |  2 --
 srcpkgs/wayfire/template    | 10 +++++++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/srcpkgs/wayfire/INSTALL.msg b/srcpkgs/wayfire/INSTALL.msg
index 164d23c2b3a..622f1a4a6c4 100644
--- a/srcpkgs/wayfire/INSTALL.msg
+++ b/srcpkgs/wayfire/INSTALL.msg
@@ -1,5 +1,3 @@
 Before running Wayfire, copy the default configuration file to your user:
 
   cp /usr/share/examples/wayfire/wayfire.ini ~/.config/wayfire.ini
-
-You also probably want to install elogind, then restart your computer
diff --git a/srcpkgs/wayfire/template b/srcpkgs/wayfire/template
index 0298848a39e..ab633fc3d88 100644
--- a/srcpkgs/wayfire/template
+++ b/srcpkgs/wayfire/template
@@ -5,7 +5,7 @@ revision=2
 build_style=meson
 hostmakedepends="pkg-config wayland-devel"
 makedepends="xcb-util-wm-devel xcb-util-errors-devel glm cairo-devel wf-config-devel"
-depends="xorg-server-xwayland"
+depends="xorg-server-xwayland $(vopt_if elogind elogind)"
 short_desc="3D wayland compositor"
 maintainer="Young Jin Park <youngjinpark20@gmail.com>"
 license="MIT"
@@ -13,6 +13,10 @@ homepage="https://wayfire.org"
 distfiles="https://github.com/WayfireWM/wayfire/archive/${version}.tar.gz"
 checksum=9c009c01bccce97149d0695b5429cf44787fdc1423c58425ba8e8de601019e97
 
+build_options="elogind"
+build_options_default="elogind"
+desc_option_elogind="Uses elogind instead of setuid for privilege escalation"
+
 if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
 	makedepends+=" libexecinfo-devel"
 fi
@@ -20,4 +24,8 @@ fi
 post_install() {
 	vlicense LICENSE
 	vsconf wayfire.ini
+	if [ -z "$build_option_elogind" ]; then
+		# must be setuid without logind
+		chmod u+s ${DESTDIR}/usr/bin/wayfire
+	fi
 }

From 4ebdfe8203c005a50102805d125ed10be2a1993f Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:40:21 -0700
Subject: [PATCH 3/4] cage: add and enable elogind build option by default.

---
 srcpkgs/cage/template | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/srcpkgs/cage/template b/srcpkgs/cage/template
index 49342bf81c7..f079f83954f 100644
--- a/srcpkgs/cage/template
+++ b/srcpkgs/cage/template
@@ -5,6 +5,7 @@ revision=2
 build_style=meson
 hostmakedepends="pkg-config wayland-devel"
 makedepends="xcb-util-wm-devel xcb-util-errors-devel libxkbcommon-devel pixman-devel wayland-devel wlroots-devel"
+depends="$(vopt_if elogind elogind)"
 short_desc="Kiosk compositor for Wayland"
 maintainer="Illia Shestakov <ishestakov@airmail.cc>"
 license="MIT"
@@ -12,7 +13,15 @@ homepage="https://www.hjdskes.nl/projects/cage/"
 distfiles="https://github.com/Hjdskes/cage/archive/v${version}.tar.gz"
 checksum=63efbe96cf307381f2bedf9b80153343e255970a70d612515da7dc325dd49478
 
+build_options="elogind"
+build_options_default="elogind"
+desc_option_elogind="Uses elogind instead of setuid for privilege escalation"
+
 post_install() {
 	vlicense LICENSE
 	vdoc README.md
+	if [ -z "$build_option_elogind" ]; then
+		# must be setuid without logind
+		chmod u+s ${DESTDIR}/usr/bin/cage
+	fi
 }

From 99d0d71c295ce281803b47f9b6b336f8d7bdd6de Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Tue, 21 Apr 2020 19:40:36 -0700
Subject: [PATCH 4/4] weston: enable elogind build option by default.

---
 srcpkgs/weston/template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/srcpkgs/weston/template b/srcpkgs/weston/template
index 5248a920dd9..ece6fa3ba83 100644
--- a/srcpkgs/weston/template
+++ b/srcpkgs/weston/template
@@ -23,6 +23,7 @@ lib32disabled=yes
 
 # Package build options
 build_options="elogind vaapi"
+build_options_default="elogind"
 desc_option_elogind="Use elogind for suidless startup"
 
 case "$XBPS_TARGET_MACHINE" in

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (21 preceding siblings ...)
  2020-05-06 12:35 ` [PR PATCH] [Updated] " travankor
@ 2020-05-06 19:15 ` ericonr
  2020-05-06 21:51 ` ericonr
                   ` (7 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-05-06 19:15 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 483 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-624838049

Comment:
I haven't seen any discussion about this lately on IRC.

Regarding this

> This is one of the good motivations in favour of this change. If you're dual-booting with GNOME, for example, you will want the elogind variant.

You could want the elogind for a smaller risk surface, but the setuid version should be able to coexist peacefully.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (22 preceding siblings ...)
  2020-05-06 19:15 ` ericonr
@ 2020-05-06 21:51 ` ericonr
  2020-05-28 21:08 ` ericonr
                   ` (6 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-05-06 21:51 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 244 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-624910101

Comment:
But still, depending on elogind seems better. Looks good to me. Do you want to tag anyone to review it?

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (23 preceding siblings ...)
  2020-05-06 21:51 ` ericonr
@ 2020-05-28 21:08 ` ericonr
  2020-05-29  7:30 ` travankor
                   ` (5 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-05-28 21:08 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 377 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-635608447

Comment:
Want to wait for this patch? https://cgit.freedesktop.org/drm/drm-misc/commit/?id=45bc3d26c95a8fc63a7d8668ca9e57ef0883351c

We could still need setuid/elogind for the input devices, but it's not a certain thing from what I understand.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (24 preceding siblings ...)
  2020-05-28 21:08 ` ericonr
@ 2020-05-29  7:30 ` travankor
  2020-05-30 19:23 ` [nomerge] " ericonr
                   ` (4 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-05-29  7:30 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 643 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-635811002

Comment:
What do you mean by wait? The patch is from the kernel, so it would take a while for it to be available on all supported kernels.

Seems like this works for rootless Xorg, too, which is something void should support at some point.

>We could still need setuid/elogind for the input devices, but it's not a certain thing from what I understand.

udev is supposed to manage input. logind is somewhat new to this area AFAIK. Maybe logind has a better API, but udev has been around for a long time.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [nomerge] wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (25 preceding siblings ...)
  2020-05-29  7:30 ` travankor
@ 2020-05-30 19:23 ` ericonr
  2020-05-31 18:36 ` travankor
                   ` (3 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-05-30 19:23 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 775 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-636373466

Comment:
@travankor regarding rootless Xorg, I think it's due to the configuration file in `/etc/X11/Xwrapper.config`, which specifies that root rights are needed by default:

```
needs_root_rights = yes
```

It uses a setuid executable in `/usr/libexec/Xorg.wrap`. I have to test if setting it to `auto` is enough for rootless Xorg to work adequately.

I don't know enough udev, so I'm not sure how the handoff is working. What I read from discussions regarding input devices was that you could put the user in the `input` group to allow them to access those devices, but that makes implementing a keylogger extremely trivial as well.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [nomerge] wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (26 preceding siblings ...)
  2020-05-30 19:23 ` [nomerge] " ericonr
@ 2020-05-31 18:36 ` travankor
  2020-05-31 18:51 ` travankor
                   ` (2 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-05-31 18:36 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 342 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-636510469

Comment:
>but that makes implementing a keylogger extremely trivial as well.

Can this be solved by running sway as a custom user? Also there are legitimate use cases for people who want to remap keys, etc.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [nomerge] wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (27 preceding siblings ...)
  2020-05-31 18:36 ` travankor
@ 2020-05-31 18:51 ` travankor
  2020-05-31 21:29 ` ericonr
  2020-05-31 21:30 ` ericonr
  30 siblings, 0 replies; 32+ messages in thread
From: travankor @ 2020-05-31 18:51 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 441 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-636510469

Comment:
>but that makes implementing a keylogger extremely trivial as well.

Can this be solved by running sway as a custom user? Also there are legitimate use cases for people who want to remap keys, etc.

Also see this from emersion:
https://github.com/swaywm/sway/issues/3987#issuecomment-477603520

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [nomerge] wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (28 preceding siblings ...)
  2020-05-31 18:51 ` travankor
@ 2020-05-31 21:29 ` ericonr
  2020-05-31 21:30 ` ericonr
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-05-31 21:29 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 666 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-636532772

Comment:
If you need to remap keys I believe you can use `xkb` keymaps, which wlroots can load and use. Doesn't need a daemon for it.

> Can this be solved by running sway as a custom user?

I don't know but I don't think so, running graphical stuff as another user feels weird. I will try to ask over at #sway, though.

I had based my comment off of https://github.com/swaywm/wlroots/commit/906c0766df2fec4bd32c316fd1b0d46fded5fc84 , but it does seem to contrast a bit with the comment you linked to. Will ask about it as well.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [nomerge] wayland-compositors: use elogind
  2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
                   ` (29 preceding siblings ...)
  2020-05-31 21:29 ` ericonr
@ 2020-05-31 21:30 ` ericonr
  30 siblings, 0 replies; 32+ messages in thread
From: ericonr @ 2020-05-31 21:30 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 761 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/21233#issuecomment-636532772

Comment:
If you need to remap keys I believe you can use `xkb` keymaps, which wlroots can load and use. Doesn't need a daemon for it.

> Can this be solved by running sway as a custom user?

I don't know but I don't think so, running graphical stuff as another user feels weird. I will try to ask over at #sway, though.

I had based my comment off of https://github.com/swaywm/wlroots/commit/906c0766df2fec4bd32c316fd1b0d46fded5fc84 , but it does seem to contrast a bit with the comment you linked to. Will ask about it as well.

EDIT: being in the `input` group could, of course, compromise a multi-user machine instead.

^ permalink raw reply	[flat|nested] 32+ messages in thread

end of thread, back to index

Thread overview: 32+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-22  2:44 [PR PATCH] wayland-compositors: use elogind travankor
2020-04-22 17:25 ` ericonr
2020-04-23  1:12 ` ericonr
2020-04-23  1:12 ` ericonr
2020-04-23  7:08 ` travankor
2020-04-23  7:09 ` travankor
2020-04-23  7:10 ` travankor
2020-04-23 20:21 ` ericonr
2020-04-23 20:22 ` ericonr
2020-04-24  6:59 ` travankor
2020-04-25 18:22 ` ShinyRice
2020-04-25 18:23 ` ShinyRice
2020-04-25 19:43 ` hippi777
2020-04-25 19:48 ` hippi777
2020-04-27 14:44 ` ericonr
2020-04-27 20:56 ` [PR PATCH] [Updated] " travankor
2020-04-27 20:57 ` travankor
2020-05-06  4:04 ` ericonr
2020-05-06  8:44 ` travankor
2020-05-06  8:47 ` travankor
2020-05-06  8:47 ` travankor
2020-05-06  8:49 ` travankor
2020-05-06 12:35 ` [PR PATCH] [Updated] " travankor
2020-05-06 19:15 ` ericonr
2020-05-06 21:51 ` ericonr
2020-05-28 21:08 ` ericonr
2020-05-29  7:30 ` travankor
2020-05-30 19:23 ` [nomerge] " ericonr
2020-05-31 18:36 ` travankor
2020-05-31 18:51 ` travankor
2020-05-31 21:29 ` ericonr
2020-05-31 21:30 ` ericonr

Github messages for voidlinux

Archives are clonable: git clone --mirror http://inbox.vuxu.org/voidlinux-github

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.github.voidlinux


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git