[Spice-devel] RFC [spice-gtk] session: Allow to delay sending clipboard to the guest

Jakub Janku jjanku at redhat.com
Thu Jan 11 17:09:52 UTC 2018


On Thu, Jan 11, 2018 at 5:42 PM, Marc-André Lureau
<marcandre.lureau at redhat.com> wrote:
> Hi
>
> ----- Original Message -----
>> On Thu, Jan 11, 2018 at 3:29 PM, Marc-André Lureau
>> <marcandre.lureau at redhat.com> wrote:
>> >
>> > Hi
>> >
>> > ----- Original Message -----
>> > > On Wed, Jan 10, 2018 at 06:48:14PM -0500, Marc-André Lureau wrote:
>> > > > Hi
>> > > >
>> > > > ----- Original Message -----
>> > > > > On Tue, Jan 09, 2018 at 12:16:33PM -0500, Marc-André Lureau wrote:
>> > > > > > I think it's problematic for traditional applications as well.
>> > > > > > clipboard access is probably going to be limited by default and
>> > > > > > only
>> > > > > > accessed through so-called "portals", just like file access etc.
>> > > > > > This
>> > > > > > topic should be brought on desktop / flatpak mailing list.
>> > > > >
>> > > > > Maybe in some distant future, all applications everyone is running
>> > > > > will
>> > > > > be flatpak, and will be using portals to improve security. The same
>> > > > > thing can be said regarding wayland, which does not have this issue.
>> > > > > Some time in the future, this will become a non-issue. However,
>> > > > > solving
>> > > > > this now on x11 is definitely not something which should be related
>> > > > > to
>> > > > > portals/flatpak in my opinion.
>> > > >
>> > > > I propose a --spice-disable-clipboard, and client UI to switch on/off
>> > > > clipboard sharing functionality.
>> > > >
>> > > > Something different will likely break some clipboard users or lower
>> > > > experience.
>> > >
>> > > One additional note on that, I was initially worried about which use
>> > > cases were going to be broken by these changes. Then I realized that the
>> > > very same use cases would be broken when using wayland (after taking into
>> > > account Jakub's comments). Since this potential breakage will happen
>> > > anyway whether we want it or not, it's not going to make a big
>> > > difference if we do the same when running on  X11.
>> >
>> > So this change isn't needed for Wayland, and your patch changes the
>> > clipboard behaviour to be similar as Wayland.
>> >
>> > Why couldn't this be done at Gtk level? This would give a similar clipboard
>> > behaviour for all Gtk app wether they run on Wayland or X, or windows etc.
>> > They would also benefit the same "added security".
>>
>> Do you think this change would make it to GTK3? I think it could
>> potentially break some apps. Note that e.g. spice-vdagent takes
>> advantage of this "security issue" in X11 - it has no window and
>> listens for the clipboard changes all the time.
>
> Those gtk applications would break on wayland today anyway, right?

Probably, unless you force GTK to use XWayland with
gdk_set_allowed_backends("x11").
But pushing this kind of change to GTK 3.22, which is supposed to be
stable, doesn't seem right to me.

>
>> (it seems that clipboard system for GTK 4 has been reworked quite a
>> bit - see https://git.gnome.org/browse/gtk+/log/?h=wip/otte/clipboard
>> - this is already merged into master)
>
> I have not much time to look at the details, but I don't think we should rush into changing the behavior of the clipboard in spice only. This is more windowing/toolkit level issue.

That's right, I just wanted to say it might take considerable amount
of time to fix this issue in spice if we were patching GTK.

Jakub


More information about the Spice-devel mailing list