On Sun, Jan 04, 2026 at 06:45:29PM +0100, Rafael Sadowski wrote: > On Sun Jan 04, 2026 at 10:06:01AM -0700, Theo de Raadt wrote: > > > alternatively for a port, we can patch to hardcode the path. > > > > I don't think that's the way to handle this. > > > > It is better to dynamically remember the path, in userland, when the > > filename open succeeds. Just copy it at that point, in userland. > > Welcome to the world of Linux(tm) Wayland. > > That was also my case. In KWin, the class "ClientConnection::" uses > wl_client_get_credentials() to find out what the client's path is (or > was at the start) in order to restrictions the DBus communications > from/to this client. > > https://wayland.freedesktop.org/docs/html/apc.html: > wl_client_get_credentials - Return Unix credentials for the client. > > void wl_client_get_credentials(const struct wl_client *client, pid_t > *pid, uid_t *uid, gid_t *gid) > > client > The display object > pid > Returns the process ID > uid > Returns the user ID > gid > Returns the group ID > > This function returns the process ID, the user ID and the group ID > for the given client. The credentials come from getsockopt() with > SO_PEERCRED, on the client socket fd. All the pointers can be NULL, > if the caller is not interested in a particular ID. > > Note, process IDs are subject to race conditions and are not a reliable > way to identify a client. > > Be aware that for clients that a compositor forks and execs and then > connects using socketpair(), this function will return the > credentials for the compositor. The credentials for the socketpair > are set at creation time in the compositor. >
This should be implemented in unix(4) sockets layer.
