From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id EDEA2121EF;
	Mon, 08 Dec 2025 21:16:41 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 9339E121E5; Mon, 08 Dec 2025 21:16:39 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fhigh-a6-smtp.messagingengine.com
 (fhigh-a6-smtp.messagingengine.com [103.168.172.157])
	by atuin.qyliss.net (Postfix) with ESMTPS id EEAFE121E3
	for <devel@spectrum-os.org>; Mon, 08 Dec 2025 21:16:38 +0000 (UTC)
Received: from phl-compute-11.internal (phl-compute-11.internal [10.202.2.51])
	by mailfhigh.phl.internal (Postfix) with ESMTP id D5967140014F
	for <devel@spectrum-os.org>; Mon,  8 Dec 2025 16:16:36 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163])
  by phl-compute-11.internal (MEProxy); Mon, 08 Dec 2025 16:16:36 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:content-transfer-encoding:content-type:date:date:from:from
	:in-reply-to:message-id:mime-version:reply-to:subject:subject:to
	:to; s=fm3; t=1765228596; x=1765314996; bh=2QCcB8ieYO4VhnJVz6tAR
	k7SiCrHv1nx4q6o+SHfdt4=; b=iMIk7pdoVfaig81zbJ8m9HJXs0Hfno8paHa84
	qWZpNeMw2nEtByjxYThnGdNg2RHt+8Y4FEgOQGJgql59QC6CuDgzC2hTlwG8d0bI
	tTe/34pypMXGc37uENgEu6VC73go5QiXnBjtZFHOCaG6t3RdZzUJI/pJ5NW7QDy1
	O7uqjcd/10/eLE+GXPb0a7cYeNlugga95oNfsRmYamZtTbG7x0FLuEPDIdBB3J5i
	FRGuiI6b+xL7DP8f4batfNnh3bL2moBiPzMg8TfNG1TUe+JLaQ1EHiOsFNy2ax/O
	Z+lu/UXljimzsTmExAZ2uMKDaxVnn9bZavgCH8Yo5iUeUnjrg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:date:date:feedback-id:feedback-id:from:from:in-reply-to
	:message-id:mime-version:reply-to:subject:subject:to:to
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1765228596; x=1765314996; bh=2QCcB8ieYO4VhnJVz6tARk7SiCrHv1nx4q6
	o+SHfdt4=; b=cfL+7yW4AhUw7FCS8LZoLbE97kJWtij/DvE+Gls8kU8VOtaa2os
	Q+UPccOUifaaXgOKxQUXdGJVaDBPw8NkHnNG+ild1AJuoT1WJuYI/QklyvTs8/IQ
	xlQK+8JEQniPz5zdsx/RUSa/WLIzbkMsu0XO/CYMvnUxpu6CgHfaBnYwYsAizKaS
	wFZ787hlVDaZqVO3Sb84xMRN5gOD0QtefXTtMdbF3l+hx+jY9idUeppjkClqzzHv
	AjcP9XPbnnqzy4WOX9zd4DgDyCeJvtM1P5kx44yckWlpBWVENqeqRd0E/nX21oqe
	87E6bR3SWYCOKLQi+H3k4r++SQQQJm2ucgg==
X-ME-Sender: <xms:NEA3aSOXdiGGppdcpDO52SrTnE1UxQCUk9aR1RoAZNCIn0nMMXPQZA>
    <xme:NEA3aW1dKeyBKU9ZkUM179aevD4Nf42r3FfUBvhJHoURujC7UMYTBHktqrQryXLiF
    5d1hJXVV6g1S43NNS-cne3FsLgtUv9ZGLvWkpUvUg0CaK8rq9jhxA>
X-ME-Received: 
 <xmr:NEA3aUWCuWYcLIXkid7KA-Loe2uDwPar900rMc4fnU1nxeIZQTxHcyQKLKDo6wzxjQ>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddujeejgecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr
    ihhlohhuthemuceftddtnecunecujfgurhephffvufffkffoggfgsedtkeertdertddtne
    cuhfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucgg
    tffrrghtthgvrhhnpeehvdffgffhteeijefgteeftdfghfdvheeuhedvjedugfeggfelje
    fgleefvefgfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhr
    ohhmpehhihesrghlhihsshgrrdhishdpnhgspghrtghpthhtohepuddpmhhouggvpehsmh
    htphhouhhtpdhrtghpthhtohepuggvvhgvlhesshhpvggtthhruhhmqdhoshdrohhrgh
X-ME-Proxy: <xmx:NEA3afiJQvz6wIHuzDwJeaM6itLJcIZ4mIQUW7TUzZ6lCiKal-qgEQ>
    <xmx:NEA3aeD5C-0aGOQc7KWz6_tMAFiarrQh2KAEN3WrMrlsVcEpAms4NQ>
    <xmx:NEA3aYcljrNwFhHfu9-s7nnxkSwHqIz3-hBQ4Bq78TiHpJA7973Rfw>
    <xmx:NEA3aec51nRG0mnEwRcr9gtHyulOKlUqGDRUMJNSb7_BJp46ya3ocg>
    <xmx:NEA3aQuTSyXtG-D233iuTE39l16pj8K3W-n20BEgarZM2LnpbmlQM8SW>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <devel@spectrum-os.org>; Mon, 8 Dec 2025 16:16:36 -0500 (EST)
Received: by fw12.qyliss.net (Postfix, from userid 1000)
	id A5E805BB1491; Mon, 08 Dec 2025 22:16:25 +0100 (CET)
From: Alyssa Ross <hi@alyssa.is>
To: devel@spectrum-os.org
Subject: [PATCH] img/app: fix X11
Date: Mon,  8 Dec 2025 22:16:07 +0100
Message-ID: <20251208211607.434907-1-hi@alyssa.is>
X-Mailer: git-send-email 2.51.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: NAOSO2EONOCFTPFPBTQRZMM22O54WYKD
X-Message-ID-Hash: NAOSO2EONOCFTPFPBTQRZMM22O54WYKD
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/NAOSO2EONOCFTPFPBTQRZMM22O54WYKD/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

Xwayland only accepts connections from the user it's running as.  It
is started by wayland-proxy-virtwl, which does not allow passing extra
options, so we can't change its authentication method.

Therefore, the only way for X11 to work with the current software is
to run wayland-proxy-virtwl as the same user as the application.

I expect that in the near future, we will use xwayland-satellite
instead of the built-in Xwayland translation in wayland-proxy-virtwl.
When that happens, we can run the stub compositor as its own user
again.

Fixes: cb27e3a ("img/app: wayland-proxy-virtwl: run as non-root")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 img/app/image/etc/group                          | 1 -
 img/app/image/etc/mdev.conf                      | 2 +-
 img/app/image/etc/passwd                         | 1 -
 img/app/image/etc/s6-rc/wayland-proxy-virtwl/run | 2 +-
 4 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/img/app/image/etc/group b/img/app/image/etc/group
index b2c3a2e..e84da60 100644
--- a/img/app/image/etc/group
+++ b/img/app/image/etc/group
@@ -1,4 +1,3 @@
-wayland:x:1:wayland
 wireplumber:x:2:wireplumber
 pipewire:x:3:pipewire
 user:x:1000:user
diff --git a/img/app/image/etc/mdev.conf b/img/app/image/etc/mdev.conf
index d4cd825..33a07d6 100644
--- a/img/app/image/etc/mdev.conf
+++ b/img/app/image/etc/mdev.conf
@@ -4,7 +4,7 @@
 -$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS
 $INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
 $MODALIAS=virtio:d0000001Av.* 0:0 0 ! +/etc/mdev/virtiofs
-dri/card0 wayland:wayland 660 +background { /etc/mdev/listen card0 }
+dri/card0 user:user 660 +background { /etc/mdev/listen card0 }
 
 -SUBSYSTEM=sound;.* pipewire:pipewire 660
 snd/controlC0 pipewire:pipewire 660 +background { /etc/mdev/listen controlC0 }
diff --git a/img/app/image/etc/passwd b/img/app/image/etc/passwd
index 08324b0..425908e 100644
--- a/img/app/image/etc/passwd
+++ b/img/app/image/etc/passwd
@@ -1,5 +1,4 @@
 root:x:0:0:System administrator:/run/root:/bin/sh
-wayland:x:1:1:wayland-proxy-virtwl service user:/:/usr/bin/nologin
 wireplumber:x:2:2:WirePlumber service user:/:/usr/bin/nologin
 pipewire:x:3:3:PipeWire service user:/:/usr/bin/nologin
 user:x:1000:1000:Spectrum application user:/home/user:/bin/sh
diff --git a/img/app/image/etc/s6-rc/wayland-proxy-virtwl/run b/img/app/image/etc/s6-rc/wayland-proxy-virtwl/run
index 86d7f63..5d06b7a 100755
--- a/img/app/image/etc/s6-rc/wayland-proxy-virtwl/run
+++ b/img/app/image/etc/s6-rc/wayland-proxy-virtwl/run
@@ -26,6 +26,6 @@ export LISTEN_FDS 2
 export LISTEN_FDNAMES wayland:x11
 getpid LISTEN_PID
 
-s6-setuidgid wayland
+s6-setuidgid user
 
 wayland-proxy-virtwl --virtio-gpu --x-display=0

base-commit: 5104fa720ce8b00612c5487fc47124fbf99e58c6
-- 
2.51.0