Run X as a regular user
* What changes do we need to drop root privs from X in Maverick?
* Should we switch to rootless-X for Maverick?
* What testing can we do to be confident in our decision?
bryce 2010-05-07: I've gathered the ideas/requirements that have come up in the past here:
A key point is that X shouldn't run as the logged in user, but rather as a non-root service type user. See the wiki page for details.
raof, 2010-06-22: In regular use on my system:
Intel, Radeon & Nouveau will write to
raof, 2010-06-29: Upstream wonders why we need a /dev/backlight. They suggest that ConsoleKit could handle setting permissions for /sys/class/
raof, 2010-07-16: There doesn't seem to be any reason why a run-seat ConsoleKit script can't be used for what we want. Updating the work items to match this.
raof, 2010-07-22: After talking with pitti, there's actually no reason to require a ConsoleKit script, X can just chown the relevant files before dropping privs.
pitti, 2011-07-22: Is this actually desired for oneiric, or in general still? It gets a bit tight to get that into oneiric, so perhaps we should move this to the q cycle (post-LTS)?
bryce, 2011-07-22: Makes sense; there haven't been any stakeholders for this feature since before lucid.
[raof] Set up a new system user for X process (xdaemon): POSTPONED
[raof] Better generalized -nohw patch so xserver detects it automatically: POSTPONED
[raof] Talk to Jesse/upstream to see what interface is sane for /dev/backlight: DONE
[raof] Talk with Michael Frey (and tseliot) about how OEM team has approached rootless X: DONE
[raof] Check X doesn't write anything (else) to /sys or /proc: DONE