From: Daniel Vetter <daniel@ffwll.ch>
To: Emil Velikov <emil.l.velikov@gmail.com>
Cc: ML dri-devel <dri-devel@lists.freedesktop.org>
Subject: Re: [PATCH 1/3] drm: change DROP_MASTER permissions to allow DRM_MASTER
Date: Thu, 20 Dec 2018 15:45:46 +0100 [thread overview]
Message-ID: <20181220144546.GK21184@phenom.ffwll.local> (raw)
In-Reply-To: <CACvgo53qw3sAR17t7VrP8DydGvz=NC-CiYASmiq6Cw+mrOOEXQ@mail.gmail.com>
On Thu, Dec 20, 2018 at 01:50:26PM +0000, Emil Velikov wrote:
> On Wed, 19 Dec 2018 at 20:36, Daniel Vetter <daniel@ffwll.ch> wrote:
> >
> > On Wed, Dec 19, 2018 at 07:22:45PM +0000, Emil Velikov wrote:
> > > From: Emil Velikov <emil.velikov@collabora.com>
> > >
> > > Currently only DRM_ROOT_ONLY is allowed to call the ioctl.
> > >
> > > Change that to DRM_MASTER, which means that only a process that is the
> > > current DRM master can drop it. Which makes sense, the process should
> > > be able to opt-out without any specific requirements.
> > >
> > > Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
> >
> > I guess this makes sense, but then you already need someone else to do the
> > setmaster for you if you want to run as non-root and be able to switch
> > between compositors. So no idea where this will be useful.
> >
> X, Weston and the Gnome/KDE wayland compositors use logind for managing that.
> Some have codepaths to manage drm{Set,Drop}Master manually, although
> they don't seems to bother adjusting privileges, I'd imagine due to VT
> switching.
>
> If ones has CONFIG_VT=n system, then it should be a matter of once-off
> drmSetMaster + lower priv.
>
> > Either way: New uapi -> needs the userspace patches to exist.
>
> Slightly confused - apps already use the uapi, what do you mean with
> "new uapi" here?
> I'm OK with adding an IGT, although beyond that I'm not sure what
> other userspace patches I could provide.
You change the uapi to allow more stuff (dropmaster without having
CAP_SYS_ADMIN), that needs userspace. Since current userspace has no use
for calling drop_master without being root.
Same way your patch to automatically auth clients if the driver supports
rendernodes is a uapi extension, and it's good to know what code exactly
it's meant for.
uapi is a lot more than include/uapi, it's anything the kernel does that
can influence userspace in a meaningful way.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
next prev parent reply other threads:[~2018-12-20 14:45 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-19 19:22 [PATCH 0/3] drm: tweak permission handling Emil Velikov
2018-12-19 19:22 ` [PATCH 1/3] drm: change DROP_MASTER permissions to allow DRM_MASTER Emil Velikov
2018-12-19 20:36 ` Daniel Vetter
2018-12-20 13:50 ` Emil Velikov
2018-12-20 14:45 ` Daniel Vetter [this message]
2018-12-20 19:09 ` Emil Velikov
2018-12-19 19:22 ` [PATCH 2/3] drm: annotate drm_core_check_feature() dev arg. as const Emil Velikov
2018-12-19 20:35 ` Daniel Vetter
2018-12-19 19:22 ` [PATCH 3/3] drm: allow render capable master with DRM_AUTH ioctls Emil Velikov
2018-12-19 20:34 ` Daniel Vetter
2018-12-20 15:16 ` Emil Velikov
2018-12-20 15:34 ` Daniel Vetter
2018-12-19 20:30 ` [PATCH 0/3] drm: tweak permission handling Daniel Vetter
2018-12-19 20:37 ` Daniel Vetter
2018-12-20 12:56 ` Emil Velikov
2018-12-20 14:43 ` Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181220144546.GK21184@phenom.ffwll.local \
--to=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=emil.l.velikov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.