From: Jeremie Courreges-Anglas Subject: Re: [new/wip] greetd/gtkgreet To: Landry Breuil Cc: ports@openbsd.org Date: Sun, 2 Nov 2025 12:10:23 +0100 On Sun, Nov 02, 2025 at 09:39:30AM +0100, Landry Breuil wrote: > Le Sat, Nov 01, 2025 at 01:29:05PM +0100, Landry Breuil a écrit : > > Le Fri, Oct 31, 2025 at 10:40:35PM +0100, Landry Breuil a écrit : > > > hi, > > > > > new iteration, with: > > > > - "proper" login_fbtab() integration, which resets ownership to root when > > the wayland session exits > > - cage -- gtkgreet runs as the unpriviledged _greetd user, the greetd > > daemon takes care of properly changing ownership via login_fbtab, so > > this seems to work fine pretty transparently: greetd (as root) starts > > gtkgreet (which starts as _greetd), upon user login the devices are > > transferred to the user. > > - The tempdir /var/run/greetd is owned by _greetd, and purged when > > greetd exits, maybe that should be done from the rust code.. > > - uid/gid 565 is reused for _greetd > > another iteration, this time replacing initgroups/setuid/setgid by a > proper call to setusercontext(NULL, LOGIN_SETALL) (as does xenodm), this > way the limits from login.conf are properly applied to the whole wayland > session and nextcloudclient doesnt crash bumping into nofiles.. > check greetd/patches/patch-greetd_src_session_worker_rs for the main > changes. > > i've also tested the theming abilities of gtkgreet and they work fine. > > testing/feedback still more than welcome, oks too :) gtkgreet: Please add -Dwerror=false to CONFIGURE_ARGS in gtkgreet to avoid future pointless breakages. You can then drop the main.c patch. There's one extra line in Makefile. I'd prefer having WANTLIB after PERMIT_PACKAGE instead of at the end of the Makefile. ok jca@ with werror disabled. greetd goes in the right direction but as discussed seconds ago I'm not sure I understand the runtime dir handling. At least the non-_greetd path will need changes when Robert and Antoine add XDG_RUNTIME_DIR to setusercontext. The hardcoded LOGIN_SETALL will need to change too. -- jca