Wayland protocols
Martin Gräßlin
mgraesslin at kde.org
Mon Aug 18 16:22:42 UTC 2014
On Monday 18 August 2014 17:48:03 Pier Luigi wrote:
> 2014-08-15 7:35 GMT+02:00 Martin Gräßlin <mgraesslin at kde.org>:
> > On Thursday 14 August 2014 21:05:01 Marco Martin wrote:
> >> On Thursday 14 August 2014, Pier Luigi wrote:
> >> > Hi,
> >> >
> >> > Just pushed some initial draft of the Wayland protocols on Github [1]
> >> >
> >> > I need people with knowledge of KF5 and plasmashell to comment it and
> >> > suggest improvements.
> >>
> >> just some quick comments after taking a quick glance at
> >> https://github.com/plfiorini/protocols/blob/master/shell.xml
> >>
> >> since i'm just getting into it now, those question are mostly to
> >> understand
> >> it better myself ;)
> >>
> >> * set_position
> >> since often is needed to set position and size, maybe a set_geometry that
> >> does all in one go?
> >>
> >> * set_grab_surface
> >> just little clarification: "The surface set by this request will receive
> >> a
> >> fake pointer" what exactly is its use case?
> >>
> >> * set_desktop_role/set_config_role etc
> >> maybe set_surface_role(output, surface, enum role) ?
> >>
> >> * prepare_lock_surfaces: why a separate step from lock()?
> >>
> >> * quit: would that be equivalent to logging out?
> >
> > some more thoughts:
> > * set_overlay_role: should we make the name more explicit:
> > set_on_screen_display_role?
>
> I like set_overlay_role (well the overlay enum value for
> set_surface_role now), less verbose but still understandable.
>
> > * concerning the lock/unlock: I would like to have the lock way better
> > integrated in KWin. That is KWin should be responsible for locking and
> > nobody else. My though is that KWin takes over the screen locker dbus
> > interface and starts the screenlocker greeter when it's needed. It could
> > pass a dedicated fd to greeter and thus would know that it's the lock
> > screen surface implicitly. That way we would not need a protocol at all
> > and it's completely controlled by KWin.
>
> How do you know its wl_surface?
>
> Would be better to move lock/unlock to a separate .xml file and have
> ksmserver handle that imho.
> kwin or any other compositor would recognize the surface by its role then.
I had thought about it over the weekend how it could work:
*) ksld gets split into an own library
*) kwin uses this ksld library
*) ksld gets extended so that we can provide additional arguments to be passed
to the greeter
*) we pass the fd or socket name to the greeter
*) any wl_surface coming over this fd with the greeter's pid is a lock screen
surface
(maybe only providing the fullscreen protocol for this socket)
What's important to me is to have the lock screen absolutely secure and that
includes that in KWin I do not want to trust any other process and especially
want to have the basics around screen locking inside KWin and being controlled
by KWin. As soon as the screen is supposed to be locked, the input processing
must stop, no matter whether the greeter is ready or not. If we leave it in
ksmserver there will always be a timing vector and also the problem of knowing
when to unlock - attacking the greeter should not result in chances to unlock
the screen.
>
> > * add_trusted_client: I kind of don't understand how that's supposed to
> > work. Where's the fd coming from and how does the shell user know about
> > it?
> It's the fd of a socket to the Wayland server open by the client that
> need to be trusted.
>
> This comes from Weston having the screenshooter interface and a screenshot
> tool. The idea was to forbid clients not in the whitelist to use that
> interface and thus avoid malicious programs to capture your screen.
> A shell would open the screenshooter program when it needs to do a
> screenshot and add it to the whitelist.
>
> This can probably go away although I don't know how ksnapshot will
> work on Wayland.
ah well - I know there was a discussion about handling such clients. Not to
myself: read those mails ;-) In general I'm not a fan of whitelists as that
makes everything just more complex - we allow ksnapshot, but what about krita?
My suggestion would be to keep that as a questionmark till the XDC where I
could get some briefing by the people working on it ;-)
Cheers
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20140818/ebb032a7/attachment.sig>
More information about the Plasma-devel
mailing list