[Spice-devel] [spice-gtk] Add --spice-disable-clipboard option

[Christophe Fergeau]

On Thu, Jan 18, 2018 at 12:06:34PM +0100, Marc-André Lureau wrote:
> Hi
> 
> On Thu, Jan 18, 2018 at 10:31 AM, Christophe Fergeau
> <cfergeau at redhat.com> wrote:
> > At least on X.org, malicious code could run the equivalent of "watch
> > xsel -o --clipboard" in a VM, and would then be able to track all the
> > clipboard content, even when the spice-gtk widget is not focused.
> >
> > At the moment, applications call spice_set_session_option(), and then
> > set SpiceGtkSession::auto-clipboard to TRUE (or to its saved state).
> > This commit adds a --spice-disable-clipboard option, and if it's set,
> > SpiceGtkSession::auto-clipboard will not be changeable and will always
> > be FALSE.
> > The only side effect I noticed is that enabling "clipboard sharing" in
> > GNOME Boxes VM preferences will appear to work, but will not enable
> > clipboard, and will be reset to off next time the preferences dialog is
> > open.
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=1320263
> 
> Looks reasonable to me. However, I thought we wanted a way to disable
> clipboard by default.
> 
> Wouldn't it make sense to introduce some GSetting key(s) for that instead?
> 
> This way, the behaviour can be enforced globally without changing the
> way applications are started.

I think you want both, you don't necessarily want c&p for all or none of
your VMs. I don't know if we can check if the admin locked down a
particular GSettings through the API? If the global value is locked down
to FALSE, then we should enforce it, otherwise we should accept
--spice-disable-clipboard.
So a GSettings patch would probably be a followup to that one.

Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20180118/350bfc1b/attachment.sig>