legacy X server isolation

Pekka Paalanen ppaalanen at gmail.com
Thu Aug 11 07:57:35 UTC 2016


On Thu, 11 Aug 2016 07:38:15 +0000
pixelfairy <pixelfairy at gmail.com> wrote:

> ive only looked at some docs and demos of wayland and tried it on a laptop
> with fedora 24 briefly. in a wayland session, xinput could read the
> keyboard of other x11 apps.
> 
> Since wayland can have a fallback x server, why not start each x11 app with
> its own x server so they'll have automatic isolation, even from each other?
> (other x11 apps) waylands own mechanisms (clipboard etc) could then be
> translated, so, for example, keepassx, which would not be able to autotype
> in a setup like this, could safely (i hope) use the clipboard to enter
> passwords without other x11 apps reading them.
> 
> some mechanism would have to be used to really protect each x servers
> socket, but this is already solved in os x by sandboxing and a million
> different ways in linux.

The issue I have seen mentioned is that there are X apps built to *need*
the single shared X server model. Somehow you would need to know
whether a new X11 connection should be isolated or sharing some
existing X server instance.

If you are thinking about a simple approach like clicking an app
launcher icon being the trigger for a new X server instance to be
started and then everything in that process hierarchy sharing that X
server instance, I suppose that would be better than the
one-shared-by-all, but it does not help if the app launches other apps
like a web browser that should be isolated from the parent.

The answer to the "why not" is that no-one has wanted it badly enough
yet.


Thanks,
pq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 811 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20160811/ab8adb79/attachment.sig>


More information about the wayland-devel mailing list