GNOME.org
 

Re: Collaboration on standard Wayland protocol extensions

You're probably referring to my response when you say "GNOME does not
care about cross-platform apps doing privileged operations". My
response wasn't meant to be speaking on behalf of GNOME. These are my
opinions and mine alone.

My opinion is still as follows: having seen how SELinux and PAM work
out in practice, I'm skeptical of any "Security Module" which
implements policy. The "module" part of it rarely happens, since
people simply gravitate towards a standard policy. What's interesting
to me isn't a piece of code that allows or rejects operations, it's
the resulting UI *around* those operations and managing them, since
that's really, at the end of the day, all the user cares about.

It would be a significant failure to me if we didn't have a standard
way for a user to examine or recall the policy of an application,
using whatever API they wanted. If every module implements its own
policy store separately, such a UI would be extremely difficult to
build.


From what I read, Wayland Security Modules didn't seem to even provide

that as a baseline, which is why I believe they're tackling the
problem from the wrong angle.

On Sun, Mar 27, 2016 at 1:50 PM, Martin Peres <martin peres free fr> wrote:

On 27/03/16 23:34, Drew DeVault wrote:


Greetings! I am the maintainer of the Sway Wayland compositor.

http://swaywm.org

It's almost the Year of Wayland on the Desktop(tm), and I have
reached out to each of the projects this message is addressed to (GNOME,
Kwin, and wayland-devel) to collaborate on some shared protocol
extensions for doing a handful of common tasks such as display
configuration and taking screenshots. Life will be much easier for
projects like ffmpeg and imagemagick if they don't have to implement
compositor-specific code for capturing the screen!

I want to start by establishing the requirements for these protocols.
Broadly speaking, I am looking to create protocols for the following
use-cases:

- Screen capture
- Output configuration
- More detailed surface roles (should it be floating, is it a modal,
   does it want to draw its own decorations, etc)
- Input device configuration

I think that these are the core protocols necessary for
cross-compositor compatability and to support most existing tools for
X11 like ffmpeg. Considering the security goals of Wayland, it will also
likely be necessary to implement some kind of protocol for requesting
and granting sensitive permissions to clients.

How does this list look? What sorts of concerns do you guys have with
respect to what features each protocol needs to support? Have I missed
any major protocols that we'll have to work on? Once we have a good list
of requirements I'll start writing some XML.

--
Drew DeVault



We had discussions about it years ago and here are the results of them:
http://mupuf.org/blog/2014/02/19/wayland-compositors-why-and-how-to-handle/
http://mupuf.org/blog/2014/03/18/managing-auth-ui-in-linux/

And here is the software we created, under the name "Wayland Security
Modules":
http://www.x.org/wiki/Events/XDC2014/XDC2014DodierPeresSecurity/xorg-talk.pdf
https://github.com/mupuf/libwsm

This approach has generally be liked by KDE, but not by Gnome who, last i
heard, did not care about cross-platform apps doing privileged operations.
This may have changed since they also decided to work on sandboxing
(xdg-app) and implemented something like the following approach when they
said they would never do because it changed the API:
http://mupuf.org/blog/2014/05/14/introducing-sandbox-utils-0-6-1/

I really wish we can have everyone onboard on one solution to get these
cross-platform apps and so far, I do not see any better solution than WSM.

Martin
_______________________________________________
wayland-devel mailing list
wayland-devel lists freedesktop org
https://lists.freedesktop.org/mailman/listinfo/wayland-devel




-- 
  Jasper
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]