Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Fedora Rawhide Can Now Run The X.Org Server Without Root Rights

  1. #11
    Join Date
    May 2014
    Posts
    7

    Default

    Quote Originally Posted by omer666 View Post
    Awesome.
    Now having nVidia drivers with KMS support really becomes pressing. Even without Wayland, running X in user space is a real security progress.
    X always ran in user space. This step involves remove root rights and driver aperture.
    Last edited by rmiller; 06-16-2014 at 05:43 PM.

  2. #12
    Join Date
    Oct 2013
    Posts
    361

    Default

    Quote Originally Posted by Luke View Post
    OK, that worked and I can now use HW acceleration in a user X session. Two bugs remain: the sound card is not found, and Nemo loses track of where desktop icons belong. I haven't tried moving those icons back to their normal positions yet, as a write of those changes might kill whatever file their positions are stored in when using lightdm, a common bug after things like recovering from a late mount of /home/. If I can fix the sound issue and get those icon positions remembered, I will seek a way to routinely run the X session as a normal user. Possibly an autologin on console and a script as a display manager? These are single-user machines with only one user account plus root, so the security issues of multi-user machines do not apply. Would be really funny if some online attacker tried to use a browser exploit to get the priviliges X is running under, only to find those to be normal user priviliges...
    if i remember correctly... same thing for sound. it has to be in pulse (or some other) group. just currious, are you running 2 sessions of same desktop and same user? that probably wouldn't be advised since you can move the floor of another (changing configurations and so on)

    also, if you plan doing that from script and locked user, then you can probably just invoke "su - youruser -c startx /usr/bin/whateveryourun"

    this is how i made my self 2nd sandboxed session for xbmc on my game machine

  3. #13
    Join Date
    May 2013
    Posts
    507

    Default Already in Audio group, still no sound

    Quote Originally Posted by justmy2cents View Post
    if i remember correctly... same thing for sound. it has to be in pulse (or some other) group. just currious, are you running 2 sessions of same desktop and same user? that probably wouldn't be advised since you can move the floor of another (changing configurations and so on)

    also, if you plan doing that from script and locked user, then you can probably just invoke "su - youruser -c startx /usr/bin/whateveryourun"

    this is how i made my self 2nd sandboxed session for xbmc on my game machine
    One session at a time only, also not using pulseaudio for performance reasons, hardware mixer available. Using systemd, maybe logind could be used for an autologin on tty7 with my Cinnamon session then opening there? The sound issue is that the sound card is not found at all, audio group or not. Also there are network management issues affecting only making new connections, something that came up today while setting up a machine for someone with a buggy graphics card and lightdm giving a black screen. X would come up manually from the console, but I had to get a lightdm session to work in order to hook to their network over wifi. Even startx as root didn't allow connection, only a lightdm initiated session permitted new connections, which once made always work no matter how X is started.

  4. #14
    Join Date
    Oct 2013
    Posts
    361

    Default

    Quote Originally Posted by Luke View Post
    One session at a time only, also not using pulseaudio for performance reasons, hardware mixer available. Using systemd, maybe logind could be used for an autologin on tty7 with my Cinnamon session then opening there? The sound issue is that the sound card is not found at all, audio group or not. Also there are network management issues affecting only making new connections, something that came up today while setting up a machine for someone with a buggy graphics card and lightdm giving a black screen. X would come up manually from the console, but I had to get a lightdm session to work in order to hook to their network over wifi. Even startx as root didn't allow connection, only a lightdm initiated session permitted new connections, which once made always work no matter how X is started.
    seriously, i only saw strange things like that on faulty hw or completely fscked up system.

    still, you could check soundcard presence in hardware trough udev, then checking device permissions. sometimes if you don't see hw...

  5. #15
    Join Date
    Jan 2013
    Posts
    54

    Default

    Quote Originally Posted by rmiller View Post
    X always ran in user space. This step involves remove root rights and driver aperture.
    Oops sorry I mixed up, you're right.

  6. #16
    Join Date
    May 2013
    Posts
    507

    Default My guess is a file somewhere with no read permissions for non-root user

    Quote Originally Posted by justmy2cents View Post
    seriously, i only saw strange things like that on faulty hw or completely fscked up system.

    still, you could check soundcard presence in hardware trough udev, then checking device permissions. sometimes if you don't see hw...
    My guess is a file or files somewhere with no read permissions for non-root users, don't have any more time to screw with this today but will probably get back to it, simply because firing up a user X session from a regular user console login has become my main recovery system for lightdm problems. I get those a lot when trying to smooth out the buggy older version of Plymouth in Debian/Ubuntu that does not like systemd and dracut as much as the newer version 0.9 that finaly got packaged up. I expect to try that one today

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •