Skip to content

Drop CAP_SYS_* capabilities

Carlos Garnacho requested to merge wip/carlosg/drop-caps into main

This branch:

  • Adds a cogl-level thread that we can use to create EGLContexts.
  • Makes the SCHED_RR bits non-optional, and by default for the native backend.
  • Ensures both things are set up very early at startup, so
  • We drop capabilities before any other thread is spawned.
  • Makes the secondary GPU bits also use this API and obtain high prio contexts.

This makes mutter/gnome-shell only preserve CAP_SYS_NICE on the dedicated EGL context thread, and do everything else related early at startup so we don't drag the capabilities for any longer than strictly necessary.

Merge request reports