legacy X server isolation

pixelfairy pixelfairy at gmail.com
Thu Aug 11 08:39:25 UTC 2016 

Pekka said
> The issue I have seen mentioned is that there are X apps built to *need*
the single shared X server model.

What apps would those be? Are you talking about ones whos functionality
would now be the domain of the compositor? At least in my own limited use,
i can tell you many apps dont need this. for a few months ive been using
x11 apps (firefox,chrome, gimp, libreoffice, some others) in separate xpra
sessions with firejail. occasionally ill have to do something like take a
screenshot outside of the firejails to get the whole desktop, then put it
in what my gimp instance thinks is the home folder (another option of
firejail). but, this is the behavior i want between apps. some apps, like
the gimp and libreoffice dont have network access (in firejail,
protocol=unix) and they still run fine.

> Somehow you would need to know
whether a new X11 connection should be isolated or sharing some
existing X server instance.

true. my first thought was new app == new x11, but there are iffy cases. as
you said, something already running with an x server, would probably reuse
it. launched in wayland without an existing x server should spawn a new
one. some apps could use wrappers. like a web browser running a pdf reader.

On Thu, Aug 11, 2016 at 12:57 AM Pekka Paalanen <ppaalanen at gmail.com> wrote:

> On Thu, 11 Aug 2016 07:38:15 +0000
> pixelfairy <pixelfairy at gmail.com> wrote:
>
> > ive only looked at some docs and demos of wayland and tried it on a
> laptop
> > with fedora 24 briefly. in a wayland session, xinput could read the
> > keyboard of other x11 apps.
> >
> > Since wayland can have a fallback x server, why not start each x11 app
> with
> > its own x server so they'll have automatic isolation, even from each
> other?
> > (other x11 apps) waylands own mechanisms (clipboard etc) could then be
> > translated, so, for example, keepassx, which would not be able to
> autotype
> > in a setup like this, could safely (i hope) use the clipboard to enter
> > passwords without other x11 apps reading them.
> >
> > some mechanism would have to be used to really protect each x servers
> > socket, but this is already solved in os x by sandboxing and a million
> > different ways in linux.
>
> The issue I have seen mentioned is that there are X apps built to *need*
> the single shared X server model. Somehow you would need to know
> whether a new X11 connection should be isolated or sharing some
> existing X server instance.
>
> If you are thinking about a simple approach like clicking an app
> launcher icon being the trigger for a new X server instance to be
> started and then everything in that process hierarchy sharing that X
> server instance, I suppose that would be better than the
> one-shared-by-all, but it does not help if the app launches other apps
> like a web browser that should be isolated from the parent.
>
> The answer to the "why not" is that no-one has wanted it badly enough
> yet.
>
>
> Thanks,
> pq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20160811/c67c1f13/attachment.html>

More information about the wayland-devel mailing list