Related to #7, this adds a separate kiosk user that can be used to run daemons and other commands, such as qt-webkit-kiosk. The user is added to a video group so that permissions may be assigned onto devices such as the framebuffer. Currently the only way to assign those permissions to devices is through chmod and chgrp due to the way devtmpfs works. I will be submitting a separate PR to add those to busybox.
Note that this doesn't restrict the ability to run anything as root. It just gives us another option which is consistent with good security practices.
Related to #7, this adds a separate kiosk user that can be used to run daemons and other commands, such as
qt-webkit-kiosk
. The user is added to avideo
group so that permissions may be assigned onto devices such as the framebuffer. Currently the only way to assign those permissions to devices is throughchmod
andchgrp
due to the waydevtmpfs
works. I will be submitting a separate PR to add those to busybox.Note that this doesn't restrict the ability to run anything as root. It just gives us another option which is consistent with good security practices.