Pmbootstrap: Do not run weston as root

Created on 19 Jul 2017  路  11Comments  路  Source: postmarketOS/pmbootstrap

We shouldn't be running weston as root. Supporting this will likely require re-enabling weston-launcher, which is currently disabled in the weston APKBUILD in aports.

architecture enhancement
Source
picture craftyguy

Most helpful comment

I can confirm that weston can be started as user.

Here what I've tried:

$ sudo apk add shadow
$ sudo groupadd weston-launch
$ sudo usermod -a -G weston-launch $USER
$ sudo chmod +s /usr/bin/weston-launch
$ sudo chown user:user /dev/fb0

changed /etc/inittab to respawn login with user instead of root
changed /etc/profile.d/start_weston.sh to call weston-launch

$ postmarketos-demos &
picture drebrez on 1 Oct 2017
🎉2

All 11 comments

Since the APKBUILD upstream also has these configuration options for disabling weston-launch and suid install, I filed an upstream bug here: https://bugs.alpinelinux.org/issues/7556

Probably worth keeping this issue open in github though, since profile.d/postmarketos.sh will have to change if upstream APKBUILD is modified to build these required components.

craftyguy picture craftyguy on 20 Jul 2017

In my experience with Alpine's bug tracker it takes some time until you get a response. I've had better results with this approach:

  • Compile the change you want to make yourself (it's easy with weston anyway, because it is in our own aports currently)
  • Test it on your device
  • Make an upstream PR
  • Hang out in #alpine-devel and ask if this could be merged

Then the Alpine devs have less work, and our changes go through faster (and we actually tested them our selves) :)

(For complex changes I suggest asking in IRC first.)

ollieparanoid picture ollieparanoid on 20 Jul 2017

The reason of --disable-weston-launch seems to be that weston-launcher is not compatible with musl (it uses GNU's error()).

I found a patch from September 2016 to fix it that never got merged.

Since we are having building issues (see https://github.com/postmarketOS/pmbootstrap/issues/546) with weston now that weston 3.0.0 is out and available for Alpine, I've merged this patch in https://github.com/postmarketOS/pmbootstrap/pull/495.

Maybe we can kill two birds with one stone by updating weston to 3.0.0 and launching it using weston-launcher from now on.

PabloCastellano picture PabloCastellano on 10 Sep 2017
🎉1

@craftyguy @PabloCastellano @ollieparanoid now that we have weston 3.0.0 we should try to make it work without root.

drebrez picture drebrez on 13 Sep 2017

Can you built Weston-launcher now? I think that suid utility is the only was to run it as a regular user.

On September 13, 2017 7:40:12 AM PDT, drebrez notifications@github.com wrote:

@craftyguy @PabloCastellano @ollieparanoid now that we have weston
3.0.0 we should try to make it work without root.

--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
https://github.com/postmarketOS/pmbootstrap/issues/199#issuecomment-329189223

craftyguy picture craftyguy on 13 Sep 2017

@craftyguy I didn't built anything, weston-launcher was already present in 3.0.0, I think thanks to @PabloCastellano 's patch

drebrez picture drebrez on 13 Sep 2017

Ah, nice! In that case, probably just a matter of someone trying to use it to start weston as user :)

craftyguy picture craftyguy on 13 Sep 2017

I can confirm that weston can be started as user.

Here what I've tried:

$ sudo apk add shadow
$ sudo groupadd weston-launch
$ sudo usermod -a -G weston-launch $USER
$ sudo chmod +s /usr/bin/weston-launch
$ sudo chown user:user /dev/fb0

changed /etc/inittab to respawn login with user instead of root
changed /etc/profile.d/start_weston.sh to call weston-launch

$ postmarketos-demos &
drebrez picture drebrez on 1 Oct 2017
🎉2

Awesome! I understand that this was just a proof of concept. Here are some remarks to integrate this properly:

  • I guess shadow should be a dependency of postmarketos-base
  • chowning /dev/fb0 seems like a big hack to me. I think distributions used to have a video group, which could access the framebuffer. Does it work without the chown, when the user is in that group?
  • Additional groups could be added to user when creating the account in the postmarketos-base post-install script python code (see #669).
  • I think the chmod +s /usr/bin/weston-launch should be done in the install step of weston
ollieparanoid picture ollieparanoid on 1 Oct 2017

Yup, instead of "chown"ing /dev/fb0, 'user' should be added to the 'video'
group. That group has R/W access to fb0.

On Sun, Oct 01, 2017 at 02:52:01AM +0000, Oliver Smith wrote:

Awesome! I understand that this was just a proof of concept. Here are some remarks to integrate this properly:

  • I guess shadow should be a dependency of postmarketos-base
  • chowning /dev/fb0 seems like a big hack to me. I think distributions used to have a video group, which could access the framebuffer. Does it work without the chown, when the user is in that group?
  • Additional groups could be added to user when creating the account in the postmarketos-base post-install script
  • I think the chmod +s /usr/bin/weston-launch should be done in the install step of weston

--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
https://github.com/postmarketOS/pmbootstrap/issues/199#issuecomment-333349640

craftyguy picture craftyguy on 1 Oct 2017

I can confirm that adding the user to the video group solves the permission:
usermod -a -G video user

drebrez picture drebrez on 2 Oct 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

zhuowei picture zhuowei  路  4Comments
montvid picture montvid  路  3Comments
pavelmachek picture pavelmachek  路  7Comments
MartijnBraam picture MartijnBraam  路  6Comments
Decatf picture Decatf  路  4Comments