There are two distinct sets of hardware that are owned by group video:
- Video rendering devices (e.g.:
drm).
- Video input devices (e.g.: webcams).
On a typical Wayland setup, a dedicated daemon arbitrates access to video rendering devices (e.g.: seatd) and allows only a single process (generally a compositor) to access the hardware. Other processes are denied access to the video rendering hardware.
This is considered a security measure, and prevents arbitrary user processes from screen-scraping, or screen-spoofing.
However, in order to use a webcam, a user must be a member of the video group, which breaks the above security measure entirely.
I believe that one potential fix for this to change the ownership of webcams to the camera group. This is, however, a breaking changing where all downstreams will need to adapt.
There are two distinct sets of hardware that are owned by group
video:drm).On a typical Wayland setup, a dedicated daemon arbitrates access to video rendering devices (e.g.:
seatd) and allows only a single process (generally a compositor) to access the hardware. Other processes are denied access to the video rendering hardware.This is considered a security measure, and prevents arbitrary user processes from screen-scraping, or screen-spoofing.
However, in order to use a webcam, a user must be a member of the
videogroup, which breaks the above security measure entirely.I believe that one potential fix for this to change the ownership of webcams to the
cameragroup. This is, however, a breaking changing where all downstreams will need to adapt.