Hello,
I’m using a Verdin iMX8MM with BSP v6.0.
In the tdx-reference-multimedia-image weston is started with the systemd-service /lib/systemd/system/weston.service
and the socket /lib/systemd/system/weston.socket
. In this files the user and the group are set to root
.
This allows only applications launched with root privileges to connect to the display server to show their content. I don’t think this is a good practice.
I found both files in the directory openembedded-core/meta/recipes-graphics/weston-init/
where user and group are set to weston
resp. wayland
. But the recipe meta-toradex-bsp-common/recipes-graphics/wayland/weston-init.bbappend
changed these settings to root
because of this commit.
Is this workaround still necessary? Why are user and group in weston.socket changed too?
Best regards,
Markus
Hi @Mowlwurf ,
Happy New Year 
This change was performed by NXP and we from Toradex are basing our BSP on this. You can try to remove this change and see if it works without it.
As commented on Toradex’s weston-init.bbappend
root is needed in order to access input devices and GPU.
Let us know how it goes.
Best Regards
Kevin
Hi @kevin.tx,
thank you for your fast reply.
In both files I changed back the user and group settings to the original ones and weston starts without problems. I added the unprivileged user to the groups video
and wayland
and was able to start a Qt app own by the user on a touchscreen. Touch and keyboard inputs are working too.
So for me it seems that this workaround isn’t necessary anymore.
Best regards,
Markus
Hi @Mowlwurf ,
Thanks for confirming 
We’ll pass that on internally.
Best Regards
Kevin
Hi @kevin.tx,
I discovered a little downside of this: I can run the program feh
only as user weston
. When I try it as root
I get the following error:
$ feh pictures/blue.png
Authorization required, but no authorization protocol specified
feh ERROR: Can't open X display. It *is* running, yeah?
Do you have an idea about this?
Best regards,
Markus
Hello @Mowlwurf
feh
is trying to use X, and our images have Weston with Xwayland by default, so maybe you need to check the DISPLAY environment variable in order to run feh
.
On the other hand, you have the weston.ini
file where you can set the wallpaper.
Please refer to this article to get more information about Weston. It refers to TorizonCore, but the same Weston configuration should work for our Reference images:
Best regards,
Josep
Hello @josep.tx,
thank you for your response. My environment variables and weston.ini are the default ones. So DISPLAY is set and xwayland is enabled:
$ printenv
SHELL=/bin/sh
SYSTEMD_COLORS=0
EDITOR=vi
PWD=/home/root
LOGNAME=root
HOME=/home/root
WAYLAND_DISPLAY=/run/wayland-0
SSH_CONNECTION=::ffff:192.168.0.2 54659 ::ffff:192.168.0.1 22
QT_QPA_PLATFORM=wayland-egl
TERM=xterm
USER=root
DISPLAY=:0.0
SHLVL=1
PS1=\h:\w\$
SSH_CLIENT=::ffff:192.168.0.2 54659 22
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
SSH_TTY=/dev/pts/0
_=/bin/printenv
$ cat /etc/xdg/weston/weston.ini
[core]
#gbm-format=argb8888
idle-time=0
use-g2d=1
xwayland=true
repaint-window=16
#enable-overlay-view=1
modules=screen-share.so
#[shell]
#size=1920x1080
[libinput]
enable_tap=true
touchscreen_calibrator=true
calibration_helper=/usr/bin/toradex-save-touchscreen-calibration
[output]
#name=HDMI-A-1
#mode=1920x1080@60
#transform=rotate-90
#name=DSI-1
#mode=1920x1200@60
#scale=2
#[output]
#name=HDMI-A-2
#mode=off
# WIDTHxHEIGHT Resolution size width and height in pixels
# off Disables the output
# preferred Uses the preferred mode
# current Uses the current crt controller mode
#transform=rotate-90
[screen-share]
command=/usr/bin/weston --backend=rdp-backend.so --shell=fullscreen-shell.so --no-clients-resize --rdp-tls-cert=/etc/freerdp/keys/server.crt --rdp-tls-key=/etc/freerdp/keys/server.key
When Weston is started with user and group as root, but the socket remains the original one (user = weston, group = wayland) then feh
works only with root.
So it seems that only the user that Weston is started with is allowed to run XWayland applications.
Best regards,
Markus
Hello @Mowlwurf ,
I couldn’t test feh but weston-image
I created a user torizon , added it to the groups video and wayland , copeid one picture to torizon’s home and tried to run weston-image. The result was:
verdin-imx8mm-06760561:~$ WAYLAND_DEBUG=1 weston-image IMG_1083.JPG
failed to connect to Wayland display: Permission denied
failed to create display: Permission denied
In my case I solved it to give full permissions to the Wayland socket /run/wayland0. Possibly not the most elegant solution but it did the job.
Hello @Mowlwurf ,
Were you able to solve your issue? Do you need more assistance on our side?
Best regards,
Josep