Phoronix: Moblin 2.0 To Not Run X Server As Root

Intel's Arjan van de Ven has fired off an email letting us know that Moblin 2.0 will have its X Server running without root privileges. The first feature of their new "Moblin Secure X project" is to integrate NRX technology, which we take to mean "No-Root X" and is described as "NRX is a set of OS changes and patches that makes it possible to no longer run the X server as the privileged 'root' user." Just last week we reported on a root-less X Server nearing reality. Traditionally the X Server has been run as root so that it can communicate directly with the graphics hardware, but with the mainlining of kernel mode-setting, it's now easily possible to run the X Server without root privileges...

http://www.phoronix.com/vr.php?view=NzM3NA

I wouldnt be surprised if this is just to make sure that ion chips can't run moblin....

well, that's nvidia's fault! their problem. perhaps sometimes they realize that they *have* to give out docs and open their driver (hehe hope for more pressure for chrome os).

seems that for every improvement made to linux there's always someone paranoid....

breaking the binary nvidia driver is easy, if that were the objective, that doesn't need something as complex as the whole non-root-X work. It's not the objective.

The objective is a real improvement to the Linux security model.
With all the work done in the X stack over the last two years,
running X no longer as root is finally possible. That is great
progress if you ask me.

Lordmozilla: if you want to run some binary driver just put the setuid bit back on.. that's one shell command.

What i really dislike with moblin is that the default X is compiled just to break nvidia. The instruction to enable it requires X recompilation thats really crap. Vbox + Nvidia drivers should compile and work without extra work.

Kano: I'm sorry but you're very wrong.
Moblin X is not compiled "just to break nvidia".

I don't know if the nvidia binary stuff works out of the box or not; I'm personally not interested in machines with nvidia hardware. But to try to say that Moblin deliberately compiles X to break that... No.

Then tell me why xinerama is disabled by default? Nvidia binary expects that to be enabled.

seems that for every improvement made to linux there's always someone paranoid....

breaking the binary nvidia driver is easy, if that were the objective, that doesn't need something as complex as the whole non-root-X work. It's not the objective.

The objective is a real improvement to the Linux security model.
With all the work done in the X stack over the last two years,
running X no longer as root is finally possible. That is great
progress if you ask me.

Lordmozilla: if you want to run some binary driver just put the setuid bit back on.. that's one shell command.

If it is required at all ... afaik the driver just needs access to /dev/nvidia*

seems that for every improvement made to linux there's always someone paranoid....

breaking the binary nvidia driver is easy, if that were the objective, that doesn't need something as complex as the whole non-root-X work. It's not the objective.

The objective is a real improvement to the Linux security model.
With all the work done in the X stack over the last two years,
running X no longer as root is finally possible. That is great
progress if you ask me.

Lordmozilla: if you want to run some binary driver just put the setuid bit back on.. that's one shell command.

It was a snarky comment. I know rootless X is a great thing and that its easy to break the nvidia binary....

Incidentally the binary allready breaks cause they build xorg without xinerama on moblin. I'd guess its to speed up start times since with recompiled xorg i found mine started a ltitle slower, but then again i didnt time it.

Kano recompile the src.rpm with xinerama, its not hard. I show how on my site www.madeo.co.uk

Why should i recompile it? That's a wrong design decision to disable it by default.

Why should i recompile it? That's a wrong design decision to disable it by default.

Why should an open source project, mainly drived by Intel but now run by the Linux Foundation and open to community contributions, care about closed source drivers of other vendors?

It's like asking me the keys of my car without even giving me yours... :p

Then tell me why xinerama is disabled by default? Nvidia binary expects that to be enabled.

We don't use xinerama. XRANDR has replaced that for years now.

NVIDIA can make a driver that works without xinerama; I suspect this is just a bug on their side. But why would we add code size, startup time and the security risk of unused code ??

I don't think that Nv will create a moblin specific driver. Did you try vboxvideo with moblin?

something tells me that if intel were really just trying to create a distro that was innoperable with hardware other than their own they wouldn't have handed the project over to the FSF, who can realistically add support for completely non-intel platforms like tegra....

doesn't really add up to me.

I don't think that Nv will create a moblin specific driver.Arjan is pretty obviously not suggesting a "moblin specific driver", but a general driver that also works on Moblin. On the other hand, you're suggesting that code should be added to Moblin specifically to support Nvidia's driver - added to an OS that is targeted at devices in which Linux-supported Nvidia GPUs have almost no market share.

something tells me that if intel were really just trying to create a distro that was innoperable with hardware other than their own they wouldn't have handed the project over to the FSF, who can realistically add support for completely non-intel platforms like tegra....I wouldn't hold out for Tegra support any time soon. The Zune HD is apparently the first big Tegra design win, and Nvidia folks have accordingly been making very pro-WinCE and anti-Linux noises.

By the way, the turnover was to the Linux Foundation, not the FSF.

I don't think that Nv will create a moblin specific driver. Did you try vboxvideo with moblin?

Using cutting-edge software usually uncovers issues. That's especially true if you have chosen to use closed-source drivers.

Have you logged bugs with Nvidia and VBox?

I wouldn't hold out for Tegra support any time soon. The Zune HD is apparently the first big Tegra design win, and Nvidia folks have accordingly been making very pro-WinCE and anti-Linux noises.

yeah, it was just an example, i was watching the nvidia tegra promotional videos the other day so its the first thing that came into my head, but the point is it could be supported, or any other number of ARM platforms etc.

if intel were so dead set on keeping this intel hardware specific i doubt they would have turned over the project and even made that a possibility.

By the way, the turnover was to the Linux Foundation, not the FSF.

oh, haha, yeah....

So nvidia does still not support RandR? I read it was their top priority, at some point in 2008.

RandR is not a replacement for Xinerama. What if you want to use DisplayLink devices, for example?

Xinerama is crap, that's why it's disabled by default. It's not efficient and causes all sorts of limitations. The display link thing, if it's true you need it to run extended desktop (which I am suspicious of) then that would be a legit reason to keep it around.

Otherwise I am happy to see it go.

Nvidia's plays by their own rules. They don't want to work with other people and want to do things their own ways that run contrary to how things are normally done in Linux.

Intel, on the other hand is working with Linux kernel developers and Xorg people to improve the state of art so that the software will be able to take advantage of the hardware.


----------------------

For example...

The design of Linux and X.org is that you provide 3D acceleration by using a userspace driver that communicates to a relatively simple DRM driver in the kernel by way of the DRI protocol.

That is the design of the graphics driver for Linux and X. This is done so that you have the majority of the code outside the kernel.

This design is suppose to be API and ABI 'stable'.

However that is not good enough for Nvidia. Instead of working with people to make the Linux kernel and DRI stuff more suitable for their graphics card Nvidia chooses to shoehorn MEGABYTES worth of ported Windows driver code into a running Linux kernel. And then they provide their own hacked up hybrid-Xorg X server with it's own 2D acceleration model and whatnot.

Then you have a bunch of Linux users crying about how changes in the Linux kernel or Xorg stuff tends to break the Nvidia driver on a regular basis.

Well _no_shit_. Instead of working with people and using the stable interfaces provided by the kernel and X they have taken on the burden of designing their own proprietary driver stack. And since they refuse to work with anybody else Linux and X folks can't work with Nvidia to avoid breakages. Instead if there is any progress at all in Linux and X then it's entirely up to Nvidia to fix problems that come up.

So quit all you guys bitching.

Using what ever scripts or whatever packages that Nvidia will provide for Ion, if they do that at all, then Nvidia can add xinerama support, reduce the security of your OS, along with shoveling Windows driver code* into your kernel along with it's 'GPL'd shim. None of this would require very large changes to Nvidia's installation stuff and cause very little, if any, extra work on the side of the user if Nvidia does their installer correctly.

*(and that is how I believe that Nvidia gets around the GPL'd license. GPL says that derived works much be GPLed also. However the majority of the Nvidia code was originally designed for other OSes and is not derived from the Linux kernel code)


----------------


No-Root X is a fantastic achievement and people have been working for YEARS to get to this point. It's one of the original goals of the Xorg split from XFree86 and is a big step in the right direction.


It means that X is using standard application APIs for it's programming. That means that it's using a standardized, unified driver model that while mostly userspace the access to to hardware is still regulated by the Linux kernel.

This means simpler driver models, improved multiuser support, possibly improved support for non-X windowing technology, a big step towards using a unified Gallium driver, improved stability, and a number of other positive benefits.



But of course I am expected to give up all those positive benefits because Nvidia doesn't work well with others and some people may want to use Moblin on a Ion netbook. Why should I have to have a less secure system becuase of Nvidia? You Nvidia users are the ones that are paying Nvidia for your hardware, they got your money so tell them to fix their shit.

However that is not good enough for Nvidia. Instead of working with people to make the Linux kernel and DRI stuff more suitable for their graphics card Nvidia chooses to shoehorn MEGABYTES worth of ported Windows driver code into a running Linux kernel. And then they provide their own hacked up hybrid-Xorg X server with it's own 2D acceleration model and whatnot.Actually this is where things get ironic. nVidia replaces the GLX components of the X server whereas ATi does not. Conlusion? ATi has to port their drivers to each and every API/ABI change in the X server's GLX whereas nVidia does not. And yeah, who was it again of the two proprietary driver vendors that delive updates faster...

Well, Nvidia's own GLX is also the cause of some black screen hangs, which are miraculously fixed by replacing them with the X-supplied files.