Mir in a virtual machine
alan.griffiths at canonical.com
Fri Jan 24 10:50:16 UTC 2014
On 23/01/14 12:48, Rian Quinn wrote:
> I would prefer to run the server as non-root, but if I attempt to do
> that, it complains about not being able to open the DRM device. If I
> run the fingerprint demo as non-root, and the server as root, the
> client complains about not being able to make a connection to the
> server. And some of the clients I cannot get to connect at all
> regardless of root or not (like all of the EGL examples).
> I am a little confused though. If Mir is to replace X someday, clients
> will have to be able to be run as non-root. The ideal solution is
> where both the server/compositor, and clients are running as non-root
> which is one of the things that X doesn’t do today. Are there plans to
> fixing the privilege issue (everything needing root), or am I not
> understanding something.
Our intention (some work is still in progress) is for there to be a
system compositor (unity-system_compositor) running as root, but (unless
enabled for debug purposes) not exposing an endpoint on the filesystem.
(IPC will be used to pass sockets to authorised, non-root processes.)
These authorised, non-root processes will be user session compositors
that publish filesystem endpoint - to $XDG_RUNTIME_DIR/mir_socket - and
will accept clients from that user.
Because this is a work in progress we have the unfortunate situation
that the configuration you're trying (a root system compositor accepting
connections from a non-root client process) needs the permissions on the
endpoint to be changed to enable non-root client connections and the
client needs to access a non-default endpoint name.
The instructions on the website are out of date wrt trunk (they are
published from the saucy builds) I'll be fixing them on the development
As Kevin says, we're in the process of separating the system and session
compositors in the touch images. There are still some issues preventing
the system compositor working exactly as described above (and we
currently connect via a filesystem endpoint), but they too should be
More information about the Mir-devel