On Wed, May 08, 2024 at 06:46:53AM +0100, Daniel Stone wrote: > Hi, > > On Tue, 7 May 2024 at 12:15, Daniel Vetter <daniel@xxxxxxxx> wrote: > > On Mon, May 06, 2024 at 04:01:42PM +0200, Hans de Goede wrote: > > > On 5/6/24 3:38 PM, Daniel Vetter wrote: > > > I agree that bad applications are an issue, but not for the flathub / snaps > > > case. Flatpacks / snaps run sandboxed and don't have access to a full /dev > > > so those should not be able to open /dev/dma_heap/* independent of > > > the ACLs on /dev/dma_heap/*. The plan is for cameras using the > > > libcamera software ISP to always be accessed through pipewire and > > > the camera portal, so in this case pipewere is taking the place of > > > the compositor in your kms vs render node example. > > > > Yeah essentially if you clarify to "set the permissions such that pipewire > > can do allocations", then I think that makes sense. And is at the same > > level as e.g. drm kms giving compsitors (but _only_ compositors) special > > access rights. > > That would have the unfortunate side effect of making sandboxed apps > less efficient on some platforms, since they wouldn't be able to do > direct scanout anymore ... I was assuming that everyone goes through pipewire, and ideally that is the only one that can even get at these special chardev. If pipewire is only for sandboxed apps then yeah this aint great :-/ -Sima -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch