[Spice-devel] Brainstorming help with x11spice on socket permissions across users

Tue May 26 15:40:44 UTC 2020

Hi

On Tue, May 26, 2020 at 3:55 PM Jeremy White <jwhite at codeweavers.com> wrote:

> Hi all,
>
> I'm trying to get x11spice and spice-html5, at least as packaged for
> Fedora, into a pretty much 'turn key' state.
>
> I've got 3 use cases.  The first is user A sharing their current
> desktop, either for themselves, or to get help.  That case is largely
> done, imho, modulo some documentation and perhaps some streamlining.
>

I didn't know you could do that. I suppose the solution is X11 only? It
would be nice to have gnome-remote-desktop integration. Though GNOME seems
more interested to support RDP these days (having a glib/gobject server
library would certainly help them to consider Spice, *hint* ;)

The second is user A getting access to a new session for themselves.  I
> don't feel blocked on this case; the work should be straight forward, if
> fiddly (I may regret those words; doing a secure 'su' like function out
> of apache may be harder than I think).
>

Multiple user session is tricky. Afaik, this is mostly used for desktop
development. The instructions to setup such environmnent change over time
and desktop. Did I miss something? What's the use case?

> The 3rd case, however, has me troubled.  This is the case that user A
> (potentially apache) starts x11spice which then does an xdmcp request to
> gdm, and eventually supports a log in by user B.  This makes it
> challenging to provide a way for user B to launch a spice agent or a
> pulseaudio daemon and have it securely connect back to the spice process
> started by user A.  The approach I've used in the past is to have a
> privileged binary use information from an X atom to adjust socket
> permissions.  But that feels unsatisfying, and it seems to me that this
> is an area with a lot of modern thinking that I've largely missed.
>
> As an added complexity, in the ideal case, you have a vdagent running as
> user A during the login process, which knows to reap itself and give way
> to a vdagent launched by user B.
>
> I was hoping that others would have modern instincts on how to more
> correctly implement the third use case.  Clue bats or other ideas welcome.
>

This is systemd/desktop territories, and I don't know what would be the
best way to do all that. I would suggest you ask the gnome-remote-desktop &
systemd/logind developpers, or other desktop developpers how they plan or
not to solve it.

cheers

-- 
Marc-André Lureau
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20200526/d1d28639/attachment.htm>