~kennylevinsen/seatd#3: 
Limit device access to seat-local devices

seatd is not currently tracking which devices are part of which seat.

An ability to assign devices to seats is necessary. Ideas:

  • A static or runtime-reloadable configuration file, containing device-to-seat mappings.
  • An IPC mechanism and command-line tool to dynamically assign devices to a seat.

In case of dynamic solutions, it may be necessary to add device_added/device_removed events to avoid races with seat clients otherwise doing their own device tracking.

Direct udev/devd integration should preferably be avoided.

Status
REPORTED
Submitter
~kennylevinsen
Assigned to
No-one
Submitted
2 years ago
Updated
10 months ago
Labels
enhancement seatd

~kennylevinsen added seatd 2 years ago

~kennylevinsen added enhancement 2 years ago

~osvein 10 months ago

How about keeping it simple and having one seatd instance per seat? Each seatd would have its own unix credentials, and unix permissions are used on devices to connect them to a seat.

SEATD_SOCK is used to select which seat a compositor session is running on, and the seatd sockets are also guarded by unix permissions. Or the launcher could pass an already connected seatd socket à la WAYLAND_SOCKET.

~kennylevinsen 10 months ago

Multiple daemons could indeed be used to offer the seats, but the primary problem remains knowing what seat a device belongs to, so that other seats can be blocked from opening unrelated devices.

Register here or Log in to comment, or comment via email.