• Emil Velikov's avatar
    drm: rework SET_MASTER and DROP_MASTER perm handling · 45bc3d26
    Emil Velikov authored
    This commit reworks the permission handling of the two ioctls. In
    particular it enforced the CAP_SYS_ADMIN check only, if:
     - we're issuing the ioctl from process other than the one which opened
    the node, and
     - we are, or were master in the past
    
    This ensures that we:
     - do not regress the systemd-logind style of DRM_MASTER arbitrator
     - allow applications which do not use systemd-logind to drop their
    master capabilities (and regain them at later point) ... w/o running as
    root.
    
    See the comment above drm_master_check_perm() for more details.
    
    v1:
     - Tweak wording, fixup all checks, add igt test
    
    v2:
     - Add a few more comments, grammar nitpicks.
    
    Cc: Adam Jackson <ajax@redhat.com>
    Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
    Cc: Pekka Paalanen <ppaalanen@gmail.com>
    Testcase: igt/core_setmaster/master-drop-set-user
    Signed-off-by: default avatarEmil Velikov <emil.velikov@collabora.com>
    Reviewed-by: default avatarAdam Jackson <ajax@redhat.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20200319172930.230583-1-emil.l.velikov@gmail.com
    45bc3d26
drm_auth.c 11.9 KB