This is simply a false sense of security, and is worse than just using
setuid. CAP_SYS_ADMIN is an extremely serious capability that is
effectively as powerful as root.
It also required users to be in the input group, which allows any
process to keylog the entire system.
The logind provider defaulted to systemd and in order to use elogind,
-Dlogin-provider=elogind was required. This adds 'auto' as a choice
for the login-provider option and sets it as default. Using 'auto',
the build will check for systemd first and if it's not found, try
to find and use elogind automatically.
Bumps minimum version to 0.51.0
- Remove all intermediate static libraries.
They serve no purpose and are just add a bunch of boilerplate for
managing dependencies and options. It's now managed as a list of
files which are compiled into libwlroots directly.
- Use install_subdir instead of installing headers individually.
I've changed my mind since I did that. Listing them out is annoying as
hell, and it's easy to forget to do it.
- Add not_found_message for all of our optional dependencies that have a
meson option. It gives some hints about what option to pass and what
the optional dependency is for.
- Move all backend subdirectories into their own meson.build. This
keeps some of the backend-specific build logic (especially rdp and
session) more neatly separated off.
- Don't overlink example clients with code they're not using.
This was done by merging the protocol dictionaries and setting some
variables containing the code and client header file.
Example clients now explicitly mention what extension protocols they
want to link to.
- Split compositor example logic from client example logic.
- Minor formatting changes
Previously, the path of TTY is generated using snprintf with %d format.
It works with TTY 1 to 10, but fails with TTY with greater number
because the number used in the name is in base 32 instead of base 10.
Since there is no standard function to convert a number to a string with
a custom base, this commit adds a function to do it.
Fixes: https://github.com/swaywm/wlroots/issues/1854
The documentation for wayland-server.h says:
> Use of this header file is discouraged. Prefer including
> wayland-server-core.h instead, which does not include the server protocol
> header and as such only defines the library PI, excluding the deprecated API
> below.
Replacing wayland-server.h with wayland-server-core.h allows us to drop the
WL_HIDE_DEPRECATED declaration.
In order to support compositors running as systemd user units without display manager,
a mechanism for specifying session ID exactly must exist.
Checking for `XDG_SESSION_ID` mimics loginctl behaviour e95be7def2/src/login/loginctl.c (L856).
"/org/freedesktop/login1/seat/self" path triggers seat-finding code path in logind,
which currently relies on getting the session based on caller's PID.
This behaviour is deprecated in logind as it doesn't work eg. with systemd user units,
which run outside of user session.
We check for "seat0" in logind_change_vt() already as introduced in 47985d2dc5,
so hard-coding it here is not a problem, otherwise sd_session_get_seat() could be used.
This appears to be a quick fix for compositors freezing when a dock is
disconnected. Disconnection of the dock is causing `pause_device` for
the DRM devices associated with the dock. Since these devices major
number is `DRM_MAJOR`, the session was being set to inactive. This just
makes it so the session is not set to inactive when the device's state
is `gone`.
This is the first step towards being able to run via DRM leasing and on render
nodes.
Test with:
export WLR_BACKENDS=drm
export WLR_SESSION=noop
export WLR_DRM_DEVICES=/dev/dri/renderD128
When a wlroots compositor runs as a systemd user unit there is no
session associated with the compositor process. Instead we need to
attach to an active and graphical user session.
This change first looks for an available session for the process, and if
there isn't one falls back to display in the oldest available graphical
session.
This work was modeled after a similar change to mutter -
https://gitlab.gnome.org/GNOME/mutter/merge_requests/150.
As evdev-proto is installed by CI some files have been missed:
../examples/pointer-constraints.c:2:10: fatal error: 'linux/input-event-codes.h' file not found
#include <linux/input-event-codes.h>
^~~~~~~~~~~~~~~~~~~~~~~~~~~
../examples/relative-pointer-unstable-v1.c:5:10: fatal error: 'linux/input-event-codes.h' file not found
#include <linux/input-event-codes.h>
^~~~~~~~~~~~~~~~~~~~~~~~~~~
Sessions can now be retrieved from a backend in a more general manner.
Multi-backend gets back its `session` field that contains the session
if one was created, removing the interfacing from multi backend with the
drm backend directly. This adds the possibility to use sessions even
without the drm backend.
It additionally fixes the bug that 2 session objects got created when
WLR_BACKENDS were set to "libinput,drm".
To allow vt switching without drm backend (and drm fd) on logind, start
listening to PropertiesChanged signals from dbus and parse the session
"Active" property when no master fd was created (this does not change
current drm backend behaviour in any way).
This commit implements device type discovery by calling two ioctls
(DRM_IOCTL_VERSION and EVIOCGVERSION) on the device. These iocts are
specific to drm and input devices respectively, therefore we can
determine the device type based on which one returns an error.
The VT the compositor was started from was not activated after exiting
the compositor, which resulted in arriving on a blank VT. This commit
fixes that by introducing a new field in direct_session struct that
stores the last active VT so that it can be activated in
direct_session_destroy.
The major device number does not indicate the device type on FreeBSD,
and AFAIK the only way to differentiate between DRM, input, and other
devices is checking the fd path. This commit implements that.
The drmDropmaster and drmSetmaster calls are necessary, because the
implicit drop (that should occur when the DRM fd is closed) seems not
to be working in some scenarios (e.g. if you have a tmux session
running - maybe the fd is retained somehow by tmux?). This is a
problem, because once you exit the compositor, you can't start it (or
any other program that wants to be DRM master) again until you close
all your tmux sessions.
On some systems (most notably laptops with two GPUs) there are GPUs that
don't have attached outputs. However, we still want to load those GPUs
because they could still be used by the compositor for rendering.
recvmsg(3) returns 0 if the connection partner has shut down its socket.
The communicate function considered 0 a successful message, though, and
keeps calling recvmsg(3) again and again.
Xwayland uses SIGUSR1 to signal readiness.
With direct(-freebsd) session and Xwayland, wlroots was confusing the
Xwayland readiness signal with a vt switch signal, freezing the desktop.
Same problem was found in Weston in 2014:
https://phabricator.freedesktop.org/T7080