Privledged Request Protocol

[Quackdoc]

The windowing system is not the place to restrict what applications are and are not allowed to do.

Realistically for Wayland this ship has sailed, but we ofc should be able to make the best of the situation, Wayland has "Privileged" protocols. These protocols are often quite nice, but it's somewhat arbitrary as to what a "privileged" application is. Compositors will implement these, and some while lock it down, while Cosmic allows disabling some of the security COSMIC_ENABLE_WAYLAND_SECURITY=1 (I'm not sure they have even implemented it yet) Not all compositors will.

A protocol to request becoming a privileged application would be a good compromise from Wayland's security focus and flexibility, and may make implementing "privledged" protocols more palatable

[probonopd]

As far as I am concerned, I would say that everything should work by default, and optionally untrusted applications/users might get restrictions imposed on what they can do, if so desired by a system administrator.

[Quackdoc]

while I do agree, and on compositors like sway and mentioned possibly cosmic depending on a config/env var, this is likely going to be true. but realistically, I doubt KDE and gnome would implement it as such. Wayland already is going to force users/devs into a privileged / unprivileged setup, and gnome and kde are unlikely to divert from that too far. My view is that on more libre compositors, the protocol simply does nothing and isn't needed, but users who need to suffer kde or gnome for one reason or another will at least have a choice.

[probonopd]

Wayland already is going to force users/devs into a privileged / unprivileged setup

That sounds really bad. What do you mean by this exactly, can you point to some documentation?

Wayland imho is "forcing" way too many things that don't fit everyone's workflow.

[Quackdoc]

I'm not sure there is any documentation on it since of course wayland. However when looking through the protocols themselves https://gitlab.freedesktop.org/search?group_id=1158&project_id=2891&repository_ref=main&scope=blobs&search=privileged you can clearly see terms like privileged clients ofc how to actually handle this is up to the compositor.

You can see how cosmic-comp is handling it here

for notes on privileged clients themselves

iirc sway just ignores the privileged aspect, though I don't have a source for this

as for what mutter and kwin do, dunno since I couldn't care less about them

but the goal is for sure to have the compositor bar certain applications from seeing specific protocols.

[probonopd]

I'm not sure there is any documentation on it since of course wayland.

Wow! ;-)

Isn't it a great business model? Claim that something is "the future", sparsely document it (if at all), and then make customers pay for service.

[probonopd]

https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/187 talks about "privileged", but without explaining/linking to a definition.

[myownfriend]

@probonopd ask them.