Skip to content
Commit 12c06308 authored by Simon Ser's avatar Simon Ser
Browse files

security-context-v1: new protocol



This is a variation of the unveil protocol I suggested in the Weston
issue about security contexts. This lets sandbox engines such as Flatpak
attach a security context to sandboxed clients. The compositor can then
restrict which features are made available to that client.

The protocol is designed around the assumption that the sandbox engine
uses this protocol when setting up the sandboxed application. After this
inital setup, the sandbox engine isn't necessarily running anymore.
For this reason, a special "close FD" is used to indicate when to stop
the security context listener: the sandbox engine can leak the FD into
the sandboxed app's process, and the OS will automatically close the FD
when the sandboxed app exits.

Signed-off-by: Simon Ser's avatarSimon Ser <contact@emersion.fr>
References: wayland/weston#206
parent c124b641
Loading
Loading
Loading
Pipeline #925100 passed with stages
in 21 seconds
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment