On Thu, 2009-08-06 at 01:36 -0400, Ben Boeckel wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dave Airlie wrote: > > > On Mon, 2009-08-03 at 15:08 +0530, Rahul Sundaram wrote: > >> Hi > >> > >> A few days back I ran into > >> > >> http://lists.x.org/archives/xorg-devel/2009-July/001293.html > >> > >> I am wondering, since we are already using KMS in most places > in Fedora, > >> how far are we from achieving this by default in a Fedora > release? > > > > non-root X is a big security hole at the moment, and until we > get > > revoke() support in the kernel, we can probably move X to > running as a > > special user, and maybe once we get revoke to running as the > real user. > > > > However it doesn't solve the issue how we know we need or > don't need > > root since X only figures out what graphics drivers are needed > after > > starting, so if you needed a non-kms gpu driver we wouldn't > know > > until after we'd started as non-root. > > > > Dave. > > > > Could permissions be raised temporarily? PolicyKit with > (defaulted) auto-approve to load an appropriate driver? Maybe we could do something with SELinux, but I don't think we can do anything without getting revoke. or maybe some process capabilties if such things worked. Dave. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
