Announcement

Collapse
No announcement yet.

Moblin 2.0 To Not Run X Server As Root

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Moblin 2.0 To Not Run X Server As Root

    Phoronix: Moblin 2.0 To Not Run X Server As Root

    Intel's Arjan van de Ven has fired off an email letting us know that Moblin 2.0 will have its X Server running without root privileges. The first feature of their new "Moblin Secure X project" is to integrate NRX technology, which we take to mean "No-Root X" and is described as "NRX is a set of OS changes and patches that makes it possible to no longer run the X server as the privileged 'root' user." Just last week we reported on a root-less X Server nearing reality. Traditionally the X Server has been run as root so that it can communicate directly with the graphics hardware, but with the mainlining of kernel mode-setting, it's now easily possible to run the X Server without root privileges...

    http://www.phoronix.com/vr.php?view=NzM3NA

  • #2
    I wouldnt be surprised if this is just to make sure that ion chips can't run moblin....

    Comment


    • #3
      well, that's nvidia's fault! their problem. perhaps sometimes they realize that they *have* to give out docs and open their driver (hehe hope for more pressure for chrome os).

      Comment


      • #4
        seems that for every improvement made to linux there's always someone paranoid....

        breaking the binary nvidia driver is easy, if that were the objective, that doesn't need something as complex as the whole non-root-X work. It's not the objective.

        The objective is a real improvement to the Linux security model.
        With all the work done in the X stack over the last two years,
        running X no longer as root is finally possible. That is great
        progress if you ask me.

        Lordmozilla: if you want to run some binary driver just put the setuid bit back on.. that's one shell command.

        Comment


        • #5
          What i really dislike with moblin is that the default X is compiled just to break nvidia. The instruction to enable it requires X recompilation thats really crap. Vbox + Nvidia drivers should compile and work without extra work.

          Comment


          • #6
            Kano: I'm sorry but you're very wrong.
            Moblin X is not compiled "just to break nvidia".

            I don't know if the nvidia binary stuff works out of the box or not; I'm personally not interested in machines with nvidia hardware. But to try to say that Moblin deliberately compiles X to break that... No.

            Comment


            • #7
              Then tell me why xinerama is disabled by default? Nvidia binary expects that to be enabled.

              Comment


              • #8
                Originally posted by arjan_intel View Post
                seems that for every improvement made to linux there's always someone paranoid....

                breaking the binary nvidia driver is easy, if that were the objective, that doesn't need something as complex as the whole non-root-X work. It's not the objective.

                The objective is a real improvement to the Linux security model.
                With all the work done in the X stack over the last two years,
                running X no longer as root is finally possible. That is great
                progress if you ask me.

                Lordmozilla: if you want to run some binary driver just put the setuid bit back on.. that's one shell command.
                If it is required at all ... afaik the driver just needs access to /dev/nvidia*

                Comment


                • #9
                  Originally posted by arjan_intel View Post
                  seems that for every improvement made to linux there's always someone paranoid....

                  breaking the binary nvidia driver is easy, if that were the objective, that doesn't need something as complex as the whole non-root-X work. It's not the objective.

                  The objective is a real improvement to the Linux security model.
                  With all the work done in the X stack over the last two years,
                  running X no longer as root is finally possible. That is great
                  progress if you ask me.

                  Lordmozilla: if you want to run some binary driver just put the setuid bit back on.. that's one shell command.
                  It was a snarky comment. I know rootless X is a great thing and that its easy to break the nvidia binary....

                  Incidentally the binary allready breaks cause they build xorg without xinerama on moblin. I'd guess its to speed up start times since with recompiled xorg i found mine started a ltitle slower, but then again i didnt time it.

                  Kano recompile the src.rpm with xinerama, its not hard. I show how on my site www.madeo.co.uk

                  Comment


                  • #10
                    Why should i recompile it? That's a wrong design decision to disable it by default.

                    Comment

                    Working...
                    X