RFC: new namespae based security extension
Alan Coopersmith
alan.coopersmith at oracle.com
Tue Mar 11 18:46:50 UTC 2025
On 3/11/25 11:02, Enrico Weigelt, metux IT consult wrote:
> Hello folks,
>
> I'd like to let you know I'm working on a new Xserver extension that's
> putting clients into different "namespaces", so they can be isolated
> from each other.
>
> The idea is a bit similar to Linux namespaces (containers), where
> processes inside a container can operate quite like they've been alone
> on the machine. XNS extension goes a similar way: clients of different
> namespaces cant see/touch each other (except for those in parent NS'es)
>
> In contrast to the old Xsecurity extension, XNS tries to emulate
> prohibited things in a way that the client doesn't even recognize.
> (several existing clients crashing when running unprivileged on
> Xsecurity, since they're not expecting certain operations being
> refused).
This sounds partially similar to the Trusted Solaris extension, which in
Solaris 10 and later relied on Solaris zones for the client isolation for
each "label", and returned fake success messages to reduce the breakage on
client applications (which I believe dates back to the original
"Less Insecure X" paper/prototype).
https://github.com/oracle/solaris-xorg/commit/612e18b3bceee995225b5ee067c7a1614dc7ff78
shows the removal of the source code for the X11 extension, so inverting
it would give the final state.
I believe Glenn Faden (the architect of Trusted Solaris) published some
papers on the design & implementation as well.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
More information about the xorg-devel
mailing list