Seatd: Difference between revisions

From Alpine Linux
(added rules with draft tag)
(moved XDG_RUNTIME_DIR to Prerequisites section)
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
[https://man.sr.ht/~kennylevinsen/seatd/ Seatd] is a [[Seat manager|seat management]] daemon, that does everything it needs to do. Nothing more, nothing less. Depends only on libc. Seat management takes care of mediating access to shared devices (graphics, input), without requiring the applications needing access to be root.
{{Verified|0}}[https://man.sr.ht/~kennylevinsen/seatd/ Seatd] is a [[Seat manager|seat management]] daemon, that does everything it needs to do. Nothing more, nothing less. Depends only on libc. Seat management takes care of mediating access to shared devices (graphics, input), without requiring the applications needing access to be root.


When using [[elogind]], seatd is not required and viceversa. Don't add both to auto-start.
When using [[elogind]], seatd is not required and viceversa. Don't add both to auto-start.
== Prerequisites ==
* Seatd requires that [[XDG_RUNTIME_DIR]] is set before starting your [[Wayland]] compositor.


== Installation ==
== Installation ==


{{Cmd|apk add {{Pkg|seatd}}       # install seatd
Install the {{Pkg|seatd}} package:{{Cmd|# apk add {{Pkg|seatd}}}}  
rc-update add seatd # configure it to auto-start
service seatd start # start it now
adduser $USER seat  # allow current user to access seatd
}}
 
If you are already logged in as a <code>$USER</code>, you will need to relogin.


== Configuration ==
== Configuration ==


Ensure that [[XDG_RUNTIME_DIR]] is set before starting your Wayland compositor.
=== Service management ===
To add the {{ic|seatd}} service to auto-start using [[OpenRC]]: {{Cmd|<nowiki># rc-update add seatd
# rc-service seatd start </nowiki>}}


== Seatd and polkit ==
To add the currently logged in user to {{ic|seat}} group issue the command: {{Cmd|$ doas adduser $USER seat}}


{{Draft|The below section needs to be tested further. This notice can be removed, if someone else tests and confirm}}
If you are already logged in as a <code>$USER</code>, you will need to relogin.
 
{{pkg|polkit}} can be used for authentication with seatd if you use groups in the polkit rules. With seatd you are restricted to YES or NO rules.


A sample polkit rule file {{Path|/etc/polkit-1/rules.d/50-my-custom-rules.rules}} which allow members of the "wheel" group to reboot without a password. This rule depends only on group membership which works with seatd can be as follows:{{Cat|/etc/polkit-1/rules.d/50-my-custom-rules.rules|<nowiki>   
=== Polkit ===
    polkit.addRule(function(action, subject) {
        if (action.id == "org.freedesktop.login1.reboot" &&
            subject.isInGroup("wheel")) {
            return polkit.Result.YES;
        }
    });
</nowiki>}}


[[elogind|Elogind]] is required for "subject.active" rules and no AUTH_ADMIN, since polkit agents need POLKIT_IS_SUBJECT. Given below is a sample polkit rule file {{Path|/etc/polkit-1/rules.d/51-require-active-session.rules}} which allow only active local sessions to suspend based on subject.active which requires [[Elogind]] can be as follows:{{Cat|/etc/polkit-1/rules.d/51-require-active-session.rules|<nowiki>
[[Polkit#Using polkit with seatd|Polkit]] can be configured and used for authentication with seatd with certain limitations. Since seatd doesn't provide detailed session tracking, polkit rules that rely on these properties (e.g., subject.active, subject.local) cannot be evaluated. Hence graphical, session-aware [[Polkit#Authentication agents|polkit authentication agents]] are not supported.
    polkit.addRule(function(action, subject) {
        if (action.id == "org.freedesktop.login1.suspend" &&
            subject.active) {
            return polkit.Result.YES;
        } else if (action.id == "org.freedesktop.login1.suspend") {
            return polkit.Result.NO; // Or polkit.Result.AUTH_ADMIN to prompt for password
        }
    });
</nowiki>}}   


Refer to [[Polkit#Example1|sample polkit rule file]] that works with seatd.


== See Also ==
== See also ==


* [https://man.sr.ht/~kennylevinsen/seatd/ seatd documentation]
* [https://man.sr.ht/~kennylevinsen/seatd/ seatd documentation]
* [https://github.com/swaywm/sway/wiki/Setting-environmental-variables sway wiki]
* [https://github.com/swaywm/sway/wiki/Setting-environmental-variables sway wiki]


[[Category:Desktop]]
[[Category:Seat_manager]]
[[Category:Seat_manager]]
[[Category:Wayland]]

Latest revision as of 12:15, 16 August 2025

Seatd is a seat management daemon, that does everything it needs to do. Nothing more, nothing less. Depends only on libc. Seat management takes care of mediating access to shared devices (graphics, input), without requiring the applications needing access to be root.

When using elogind, seatd is not required and viceversa. Don't add both to auto-start.

Prerequisites

Installation

Install the seatd package:

# apk add seatd

Configuration

Service management

To add the seatd service to auto-start using OpenRC:

# rc-update add seatd # rc-service seatd start

To add the currently logged in user to seat group issue the command:

$ doas adduser $USER seat

If you are already logged in as a $USER, you will need to relogin.

Polkit

Polkit can be configured and used for authentication with seatd with certain limitations. Since seatd doesn't provide detailed session tracking, polkit rules that rely on these properties (e.g., subject.active, subject.local) cannot be evaluated. Hence graphical, session-aware polkit authentication agents are not supported.

Refer to sample polkit rule file that works with seatd.

See also

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Seatd&oldid=30743"