Comment 1 for bug 1379266

A description of the underlying cause:

The DRM auth magic cookie used to authenticate file descriptors is tied to, and can only be authenticated against, the DRM master that is active at the time of the drmGetMagic() call.

Currently, when a nested server wants to give a client an authenticated fd, it creates a DRM fd and gets a magic cookie for it. It then sends the cookie to the host for authentication. However, if the nested server gets the magic cookie while the host server is paused (and is therefore no longer the DRM master), the cookie is useless since it is not tied to the proper DRM master (the host). So, when the host server resumes and receives the request to authenticate the cookie, it fails to do so, since the cookie was not registered with it.

A solution is to introduce a mir_connection_drm_get_auth_fd() client API, so that the host can handle the whole process of creating an auth fd on its own (like it does when sending an authenticated fd when a client connects), avoiding the problem of invalid magic cookies.

The need for an additional platform specific function has triggered some discussions on the topic (see thread [1]) , so I will postpone implementation until a decision has been reached (hopefully by the end of next week)

[1] https://lists.ubuntu.com/archives/mir-devel/2014-October/000923.html