wayland: new policy module #969
Conversation
WavyEbuilder
force-pushed
the
wayland-base
branch
from
1348d77 to
ed79ed8
Compare
| # No need to distinguish between the shm of sandboxed and unsandboxed clients; | ||
| # all clients should have their own shm type, this attribute is only to group them | ||
| # and grant wayland_compositor access to them. | ||
| attribute wayland_client_tmpfs_type; |
There was a problem hiding this comment.
Would it be appropriate to go ahead and add files_tmpfs_file() here?
There was a problem hiding this comment.
Yea, seems reasonable, will do
There was a problem hiding this comment.
Is this resolved? I don't see a change.
There was a problem hiding this comment.
Forgot to reply, this interface doesn't appear to work on attributes?
There was a problem hiding this comment.
No, unfortunately, it's a language limitation. You'd have to put it in the interface.
| xserver_use_user_fonts(wayland_compositor) | ||
|
|
||
| xserver_read_xkb_libs(wayland_compositor) | ||
| xserver_rw_mesa_shader_cache(wayland_compositor) |
There was a problem hiding this comment.
These xserver_() calls should go into an optional.
On the other hand I know it's perfectly possible to run a Wayland desktop without Xorg at all, so maybe this highlights a need to split some of these file types out of xserver in the future.
There was a problem hiding this comment.
Maybe that's worth doing now (or possibly noting a dependency on the xserver module for now)? A compositor that doesn't have access to the mesa shader cache is pretty much useless...
There was a problem hiding this comment.
Perhaps we should generalize the X fonts to simply user fonts, in userdomain or xdg? (suggestions please).
There was a problem hiding this comment.
xdg sounds good to me, would you like a future PR for that?
WavyEbuilder
force-pushed
the
wayland-base
branch
from
ed79ed8 to
669fd8c
Compare
|
I've been building up a patchset that gets kde on wayland working with a slightly different set of primitives than this introduces. I haven't opened a PR for it partly because I hadn't yet figured out the best way to capture some of the primitives (which are captured here). If this patch set is expected to be stable, I'll start re-basing my changes on this, and open a PR soon. Let me know! And, thanks for getting this started! |
|
Hey,
Nice!
One thing I'm solving (and the final concern I have at the moment) is the shared memory (tmpfs_t) of the compositors, so I'm going to make an attribute for that tonight or latest tomorrow. After that all the interfaces should remain stable, ofc I suspect we'll in the future be able to remove some modules from kwin and future compositor modules and consolidate them into the typeattribute more as we get more practical experience of the accesses shared by compositors, but the interfaces themselves should remain stable.
No worries! Glad it could be of use. :) |
@WavyEbuilder were you going to do further changes? I haven't started reviewing because of this. |
Sorry! I made a change but forgot to commit and push. Will do now. |
WavyEbuilder
force-pushed
the
wayland-base
branch
from
669fd8c to
56496e5
Compare
| ## <param name="domain"> | ||
| ## <summary> | ||
| ## Domain allowed access. | ||
| ## </summary> | ||
| ## </param> |
There was a problem hiding this comment.
This doesn't seem to fit wayland_compositor_tmpfs_type.
There was a problem hiding this comment.
Should be resolved.
There was a problem hiding this comment.
Perhaps I need to look more at wayland internals... is there a process to handle tmpfs stuff? The attribute naming seems like it should be a file type.
There was a problem hiding this comment.
Okay so basically it's /dev/shm - Wayland clients have shared memory with the compositor that is written and read to. Take a look at https://wayland.app/protocols/wayland#wl_shm for associated interfaces. The compositor and the app have the tmpfs so basically imagine I have an app foo and a compositor bar, I'd have foo_t and foo_tmpfs_t, as well as bar_t and bar_tmpfs_t. They need to be able to rw each other's shared memory.
There was a problem hiding this comment.
In that case, the doc is wrong (parameter name and summary), as the parameter is to be used as a file type, not a domain.
| ## <param name="domain"> | ||
| ## <summary> | ||
| ## Domain allowed access. | ||
| ## </summary> | ||
| ## </param> |
There was a problem hiding this comment.
This doesn't seem to fit wayland_client_tmpfs_type.
There was a problem hiding this comment.
Should be resolved.
There was a problem hiding this comment.
Should be answered above.
WavyEbuilder
force-pushed
the
wayland-base
branch
2 times, most recently
from
12ec763 to
ea8e486
Compare
A new type attribute wayland_compositor is introduced for shared rules for Wayland compositors. To support the security-context protocol[1], two new type attributes are introduced: wayland_client for regular Wayland clients, and wayland_client_sandboxed for sandboxed Wayland clients for use in applications run by sandbox engines such as Flatpak that support security-context[2]. As a fair amount of new policy modules can be expected to work with modern Wayland desktop sessions, a new policy layer has been created, session, to contain these new policy modules. [1] https://wayland.app/protocols/security-context-v1 [2] flatpak/flatpak#4920 Signed-off-by: Rahul Sandhu <[email protected]>
WavyEbuilder
force-pushed
the
wayland-base
branch
from
ea8e486 to
ea224c5
Compare
|
I was hoping to get a more well-reasoned review for this prepared this weekend, but it will have to wait another week. The long and short of it is that, while I've (again) got KDE running, this time using the primitives set out here, the situation is very messy. Handling things like the clipboard and the sundry other permissions wayland appears to, in practice has me with a block like this: The KDE module I have working is even worse. There seem to be no mechanisms to label memfd buffers beyond specific names, which for wayland are often very opaque, and many of which in are just very long random hexadecimal strings. I'm out of time for this for now, but I'll try to keep up with the conversation throughout the week. |
These don't seem particularly egregious - what's up with that? I don't personally seeing anything wrong with just granting those. |
|
@WavyEbuilder I've cherry picked your commit, and combined it with some other work of mine to get waypipe, kde, Xwayland, and basically all my other wayland applications working. I was waiting for this patch to finalize, and then I was going to rebase (and clean up) those patches, and then submit them. The KDE patches are pretty significant, so those would come second. There are core improvements (e.g., Xwayland) and other somewhat simpler things (waypipe) that would be good examples to help work out an interface for the new module before diving into all of KDE. |
A new type attribute wayland_compositor is introduced for shared rules for Wayland compositors. To support the security-context protocol[1], two new type attributes are introduced: wayland_client for regular Wayland clients, and wayland_client_sandboxed for sandboxed Wayland clients for use in applications run by sandbox engines such as Flatpak that support security-context[2].
As a fair amount of new policy modules can be expected to work with modern Wayland desktop sessions, a new policy layer has been created, session, to contain these new policy modules.
[1] https://wayland.app/protocols/security-context-v1
[2] flatpak/flatpak#4920