Hi,
On Tue, 7 May 2024 at 12:15, Daniel Vetter daniel@ffwll.ch wrote:
On Mon, May 06, 2024 at 04:01:42PM +0200, Hans de Goede wrote:
On 5/6/24 3:38 PM, Daniel Vetter wrote: I agree that bad applications are an issue, but not for the flathub / snaps case. Flatpacks / snaps run sandboxed and don't have access to a full /dev so those should not be able to open /dev/dma_heap/* independent of the ACLs on /dev/dma_heap/*. The plan is for cameras using the libcamera software ISP to always be accessed through pipewire and the camera portal, so in this case pipewere is taking the place of the compositor in your kms vs render node example.
Yeah essentially if you clarify to "set the permissions such that pipewire can do allocations", then I think that makes sense. And is at the same level as e.g. drm kms giving compsitors (but _only_ compositors) special access rights.
That would have the unfortunate side effect of making sandboxed apps less efficient on some platforms, since they wouldn't be able to do direct scanout anymore ...
Cheers, Daniel