On 12/9/25 03:56, Alyssa Ross wrote:
> This will allow clients running as unprivileged users to connect to
> the compositor.
> 
> Signed-off-by: Alyssa Ross <hi@alyssa.is>
> ---
>  host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
>  host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
>  2 files changed, 6 insertions(+)
> 
> diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> index e3ade46..fe72eb7 100644
> --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> @@ -13,3 +13,4 @@ disk:x:11:
>  cdrom:x:12:
>  tape:x:13:
>  kvm:x:14:
> +wayland:x:15:
> diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
> index aa1e7b6..7cb182f 100644
> --- a/host/rootfs/image/etc/s6-rc/weston/run
> +++ b/host/rootfs/image/etc/s6-rc/weston/run
> @@ -20,4 +20,9 @@ importas -i home HOME
>  cd $home
>  if { udevadm wait /dev/dri/card0 }
>  unshare --cgroup --ipc --net --uts
> +
> +s6-envuidgid root
> +s6-envuidgid -g wayland
> +s6-applyuidgid -Uz
> +umask 002
>  weston -S $WAYLAND_DISPLAY

Can the socket be chmod'd after Weston starts?  Running with 002
umask is not great.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)