[Spice-devel] [spice-gtk] Add --spice-disable-clipboard option

Christophe Fergeau cfergeau at redhat.com
Mon Feb 19 16:12:48 UTC 2018


On Thu, Jan 18, 2018 at 12:13:45PM +0100, Christophe Fergeau wrote:
> On Thu, Jan 18, 2018 at 12:06:34PM +0100, Marc-André Lureau wrote:
> > Hi
> > 
> > On Thu, Jan 18, 2018 at 10:31 AM, Christophe Fergeau
> > <cfergeau at redhat.com> wrote:
> > > At least on X.org, malicious code could run the equivalent of "watch
> > > xsel -o --clipboard" in a VM, and would then be able to track all the
> > > clipboard content, even when the spice-gtk widget is not focused.
> > >
> > > At the moment, applications call spice_set_session_option(), and then
> > > set SpiceGtkSession::auto-clipboard to TRUE (or to its saved state).
> > > This commit adds a --spice-disable-clipboard option, and if it's set,
> > > SpiceGtkSession::auto-clipboard will not be changeable and will always
> > > be FALSE.
> > > The only side effect I noticed is that enabling "clipboard sharing" in
> > > GNOME Boxes VM preferences will appear to work, but will not enable
> > > clipboard, and will be reset to off next time the preferences dialog is
> > > open.
> > >
> > > https://bugzilla.redhat.com/show_bug.cgi?id=1320263
> > 
> > Looks reasonable to me. However, I thought we wanted a way to disable
> > clipboard by default.
> > 
> > Wouldn't it make sense to introduce some GSetting key(s) for that instead?
> > 
> > This way, the behaviour can be enforced globally without changing the
> > way applications are started.
> 
> I think you want both, you don't necessarily want c&p for all or none of
> your VMs. I don't know if we can check if the admin locked down a
> particular GSettings through the API? If the global value is locked down
> to FALSE, then we should enforce it, otherwise we should accept
> --spice-disable-clipboard.
> So a GSettings patch would probably be a followup to that one.

Can we move forward with that command line addition? Or is adding a
GSettings key a prerequisite to getting this in?

Thanks,

Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20180219/c0dd7851/attachment.sig>


More information about the Spice-devel mailing list