From: Jon S. <jon...@gm...> - 2005-06-18 02:40:10
|
I'm working on making EGL run non-root. Now I'm up against the IOCTLs in DRM marked root only. DRM is a master/slave model, so this is really a list of the master only calls. With EGL the first app to open the DRI device is master, and later openers are slaves. To make EGL work PAM assigns you ownership of the DRI device so that you can open it. Does anyone know if there are reasons why you really have to have root priv to make any of these calls? Can you help with the converse and tell me which ones you are sure don't need root priv? What is the status of the various command verifiers? If we agree that it is safe I'd like to remove the general capable(CAP_SYS_ADMIN) check when making DRM IOCTL calls. If some drivers still need it we can make it a per driver option. These are the ones marked root. =09[DRM_IOCTL_NR(DRM_IOCTL_IRQ_BUSID)] =3D {drm_irq_by_busid, 0, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_SET_VERSION)] =3D {drm_setversion, 0, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_SET_UNIQUE)] =3D {drm_setunique, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_BLOCK)] =3D {drm_noop, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_UNBLOCK)] =3D {drm_noop, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_AUTH_MAGIC)] =3D {drm_authmagic, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_ADD_MAP)] =3D {drm_addmap_ioctl, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_SET_SAREA_CTX)] =3D {drm_setsareactx, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_ADD_CTX)] =3D {drm_addctx, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_RM_CTX)] =3D {drm_rmctx, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_MOD_CTX)] =3D {drm_modctx, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_SWITCH_CTX)] =3D {drm_switchctx, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_NEW_CTX)] =3D {drm_newctx, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_ADD_DRAW)] =3D {drm_adddraw, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_RM_DRAW)] =3D {drm_rmdraw, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_ADD_BUFS)] =3D {drm_addbufs, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_MARK_BUFS)] =3D {drm_markbufs, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_CONTROL)] =3D {drm_control, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_AGP_ACQUIRE)] =3D {drm_agp_acquire_ioctl, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_AGP_RELEASE)] =3D {drm_agp_release_ioctl, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_AGP_ENABLE)] =3D {drm_agp_enable_ioctl, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_AGP_ALLOC)] =3D {drm_agp_alloc, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_AGP_FREE)] =3D {drm_agp_free, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_AGP_BIND)] =3D {drm_agp_bind, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_AGP_UNBIND)] =3D {drm_agp_unbind, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_SG_ALLOC)] =3D {drm_sg_alloc, 1, 1}, =09[DRM_IOCTL_NR(DRM_IOCTL_SG_FREE)] =3D {drm_sg_free, 1, 1}, --=20 Jon Smirl jon...@gm... |