[oe] Requiring root access for windowmanagers?
Stanislav Brabec
utx at penguin.cz
Sat Nov 29 20:52:47 UTC 2008
Sat, 29 Nov 2008 01:04:22 +1100
Carsten Haitzler (The Rasterman) wrote:
> On Fri, 28 Nov 2008 13:20:12 +0100 Koen Kooi
> <k.kooi at student.utwente.nl> babbled:
> > What's the consensus on requiring root access for running an OE
> > built windowmanager?
> >
> > Case in point: e-wm does 'renice -10', which only root is allow to
> > do.
> >
> > Proposal: remove the 'renice' so regular users can start a window
> > manager as well.
>
> i did this specifically for performance. basically it makes things
> MUCH smoother.
I understand your trick - I do the same with video player if I want to
compile in parallel with DVD playback.
Running WM as root would increase any security hole to root access flaw.
I can see cleaner solutions:
1. Write a small SUID wrapper. Change priority, drop permissions, run
window manager.
2. Run WM as root and drop privileges after setting priority.
3. Use capabilities and enable CAP_SYS_NICE.
4. And finally, the best solution may be a different kernel scheduler.
But I don't follow the development there, so I don't know, whether
there is possible to find a good solution: "This process does not eat a
much CPU time, but it wants fast processing".
--
Stanislav Brabec
http://www.penguin.cz/~utx/zaurus
More information about the Openembedded-devel
mailing list