Run X as a regular user
* What changes do we need to drop root privs from X in Maverick?
* Should we switch to rootless-X for Maverick?
* What testing can we do to be confident in our decision?
Blueprint information
- Status:
- Not started
- Approver:
- Sebastien Bacher
- Priority:
- Low
- Drafter:
- Chris Halse Rogers
- Direction:
- Needs approval
- Assignee:
- Chris Halse Rogers
- Definition:
- Approved
- Series goal:
- Accepted for quantal
- Implementation:
- Deferred
- Milestone target:
- ubuntu-12.10
- Started by
- Completed by
Whiteboard
bryce 2010-05-07: I've gathered the ideas/requirements that have come up in the past here:
https:/
A key point is that X shouldn't run as the logged in user, but rather as a non-root service type user. See the wiki page for details.
raof, 2010-06-22: In regular use on my system:
Intel, Radeon & Nouveau will write to
/dev/fb0
/dev/vga_arbiter
/dev/dri/card0
/sys/class/
/dev/input/event*
/proc/mtrr
/dev/tty*
raof, 2010-06-29: Upstream wonders why we need a /dev/backlight. They suggest that ConsoleKit could handle setting permissions for /sys/class/
raof, 2010-07-16: There doesn't seem to be any reason why a run-seat ConsoleKit script can't be used for what we want. Updating the work items to match this.
raof, 2010-07-22: After talking with pitti, there's actually no reason to require a ConsoleKit script, X can just chown the relevant files before dropping privs.
pitti, 2011-07-22: Is this actually desired for oneiric, or in general still? It gets a bit tight to get that into oneiric, so perhaps we should move this to the q cycle (post-LTS)?
bryce, 2011-07-22: Makes sense; there haven't been any stakeholders for this feature since before lucid.
Work Items
Work items:
[raof] Set up a new system user for X process (xdaemon): POSTPONED
[raof] Better generalized -nohw patch so xserver detects it automatically: POSTPONED
[raof] Talk to Jesse/upstream to see what interface is sane for /dev/backlight: DONE
[raof] Talk with Michael Frey (and tseliot) about how OEM team has approached rootless X: DONE
[raof] Check X doesn't write anything (else) to /sys or /proc: DONE