~osvein


#3 Limit device access to seat-local devices 2 years ago

Comment by ~osvein on ~kennylevinsen/seatd

How about keeping it simple and having one seatd instance per seat? Each seatd would have its own unix credentials, and unix permissions are used on devices to connect them to a seat.

SEATD_SOCK is used to select which seat a compositor session is running on, and the seatd sockets are also guarded by unix permissions. Or the launcher could pass an already connected seatd socket à la WAYLAND_SOCKET.

#16 acl on audio and video devices 2 years ago

Comment by ~osvein on ~kennylevinsen/seatd

I think the reason these are not covered by seatd is partly that there is no way to revoke access to ALSA and V4L2 devices. IIRC logind doesn't have a solution to this problem either.

Ideally there would be a generic kernel facility to revoke any type of file descriptor, but this was attempted multiple times before and has turned out to be very difficult to get right.

One option for ALSA and V4L2 is to run a system-wide pipewire instance, along with its alsa-lib module and v4l2loopback.