On Sun, Nov 02, 2025 at 09:39:30AM +0100, Landry Breuil wrote:
> Le Sat, Nov 01, 2025 at 01:29:05PM +0100, Landry Breuil a écrit :
> > Le Fri, Oct 31, 2025 at 10:40:35PM +0100, Landry Breuil a écrit :
> > > hi,
> > > 
> > new iteration, with:
> > 
> > - "proper" login_fbtab() integration, which resets ownership to root when
> >   the wayland session exits
> > - cage -- gtkgreet runs as the unpriviledged _greetd user, the greetd
> >   daemon takes care of properly changing ownership via login_fbtab, so
> > this seems to work fine pretty transparently: greetd (as root) starts
> > gtkgreet (which starts as _greetd), upon user login the devices are
> > transferred to the user.
> > - The tempdir /var/run/greetd is owned by _greetd, and purged when
> >   greetd exits, maybe that should be done from the rust code..
> > - uid/gid 565 is reused for _greetd
> 
> another iteration, this time replacing initgroups/setuid/setgid by a
> proper call to setusercontext(NULL, LOGIN_SETALL) (as does xenodm), this
> way the limits from login.conf are properly applied to the whole wayland
> session and nextcloudclient doesnt crash bumping into nofiles..
> check greetd/patches/patch-greetd_src_session_worker_rs for the main
> changes.
> 
> i've also tested the theming abilities of gtkgreet and they work fine.
> 
> testing/feedback still more than welcome, oks too :)

gtkgreet: Please add -Dwerror=false to CONFIGURE_ARGS in gtkgreet to
avoid future pointless breakages.  You can then drop the main.c patch.
There's one extra line in Makefile.  I'd prefer having WANTLIB after
PERMIT_PACKAGE instead of at the end of the Makefile.  ok jca@ with
werror disabled.

greetd goes in the right direction but as discussed seconds ago I'm
not sure I understand the runtime dir handling.  At least the
non-_greetd path will need changes when Robert and Antoine add
XDG_RUNTIME_DIR to setusercontext.  The hardcoded LOGIN_SETALL will
need to change too.

-- 
jca