On Tue, Dec 09, 2025 at 05:55:22AM -0500, Demi Marie Obenour wrote:
> On 12/9/25 03:56, Alyssa Ross wrote:
> > This will allow clients running as unprivileged users to connect to
> > the compositor.
> >
> > Signed-off-by: Alyssa Ross <hi@alyssa.is>
> > ---
> >  host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
> >  host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
> >  2 files changed, 6 insertions(+)
> >
> > diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> > index e3ade46..fe72eb7 100644
> > --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> > +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> > @@ -13,3 +13,4 @@ disk:x:11:
> >  cdrom:x:12:
> >  tape:x:13:
> >  kvm:x:14:
> > +wayland:x:15:
> > diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
> > index aa1e7b6..7cb182f 100644
> > --- a/host/rootfs/image/etc/s6-rc/weston/run
> > +++ b/host/rootfs/image/etc/s6-rc/weston/run
> > @@ -20,4 +20,9 @@ importas -i home HOME
> >  cd $home
> >  if { udevadm wait /dev/dri/card0 }
> >  unshare --cgroup --ipc --net --uts
> > +
> > +s6-envuidgid root
> > +s6-envuidgid -g wayland
> > +s6-applyuidgid -Uz
> > +umask 002
> >  weston -S $WAYLAND_DISPLAY
>
> Can the socket be chmod'd after Weston starts?  Running with 002
> umask is not great.

If we use sd-notify-adapter, then I think so, but it wouldn't be very
nice.

What's the problem with umask 002?