[Spice-devel] Brainstorming help with x11spice on socket permissions across users

Jeremy White jwhite at codeweavers.com
Tue May 26 16:11:33 UTC 2020 

> 
> I didn't know you could do that. I suppose the solution is X11 only? It 
> would be nice to have gnome-remote-desktop integration. Though GNOME 
> seems more interested to support RDP these days (having a glib/gobject 
> server library would certainly help them to consider Spice, *hint* ;)

Yes, although I'm not sure Wayland support would be hard.

> 
>     The second is user A getting access to a new session for themselves.  I
>     don't feel blocked on this case; the work should be straight
>     forward, if
>     fiddly (I may regret those words; doing a secure 'su' like function out
>     of apache may be harder than I think).
> 
> 
> Multiple user session is tricky. Afaik, this is mostly used for desktop 
> development. The instructions to setup such environmnent change over 
> time and desktop. Did I miss something? What's the use case?

The use case is I've got a server I'd like to get access to.  I hit a 
web page, provide my credentials, and I have a full login session. 
Using xdmcp/gdm has the virtue of going through 'standard' channels.

> 
> 
>     The 3rd case, however, has me troubled.  This is the case that user A
>     (potentially apache) starts x11spice which then does an xdmcp
>     request to
>     gdm, and eventually supports a log in by user B.  This makes it
>     challenging to provide a way for user B to launch a spice agent or a
>     pulseaudio daemon and have it securely connect back to the spice
>     process
>     started by user A.  The approach I've used in the past is to have a
>     privileged binary use information from an X atom to adjust socket
>     permissions.  But that feels unsatisfying, and it seems to me that this
>     is an area with a lot of modern thinking that I've largely missed.
> 
>     As an added complexity, in the ideal case, you have a vdagent
>     running as
>     user A during the login process, which knows to reap itself and give
>     way
>     to a vdagent launched by user B.
> 
>     I was hoping that others would have modern instincts on how to more
>     correctly implement the third use case.  Clue bats or other ideas
>     welcome.
> 
> 
> This is systemd/desktop territories, and I don't know what would be the 
> best way to do all that. I would suggest you ask the 
> gnome-remote-desktop & systemd/logind developpers, or other desktop 
> developpers how they plan or not to solve it.

Check, thanks.

Cheers,

Jeremy

More information about the Spice-devel mailing list