Hi Jookia,
On 05.09.2015 18:39, Jookia wrote:
After disappearing and thinking for a while about how to have some kind of support for GNU/Linux sandboxes with seamless integration to the window manager. I've thought a lot about how the Qubes approach does it using shared memory and Xorg messages but this doesn't work over the network, so I'm starting to wonder if it'd be better to just use something like Xpra. I'm not sure how big the TCB of it is versus just passing X messages, but it shouldn't really be that bad if you only give it access to files shared with the sandboxed system, meaning it'd be counterproductive to break in to Xpra.
Xpra also plans a Wayland port which might map well. Thoughts?
thanks to the pointer to the Xpra project. I was not aware of it. It looks very interesting. My thoughts after a quick look at the project's Wikipedia page:
* The complexity of the client does not matter because we would instantiate one client per guest, don't we? The client can merely talk to the nitpicker GUI server but has no special privileges. It does not even interact with the network, disk, or other devices. Hence, from Genode's perspective, the client does not need to be trusted.
* The mechanism relies on the network as communication channel. This raises the question of how to connect the client with the server running in the guest. Should there be a dedicated virtual network for this purpose? If the guest uses networking (e.g., when running a browser), we seem to need special routing tweaks and set up the VM with two NICs. This is a bit inconvenient but certainly not a big issue.
* Compared to the Qubes approach, the use of Xpra involves copying the pixel data. One could argue that this copy affects the performance in a negative way. However, on my 5-years old machine, the memory throughput is > 3 GiB per second. Copying an entire full-HD frame with 1920x1080 at 32-bit color depth (circa 8 MiB of data) takes less than 3 milliseconds. In my opinion, these costs are acceptable for the gain in simplicity (compared to setting up shared memory between the application running in the guest and the nitpicker GUI server).
In short, I find the project very interesting. A port might also be useful for scenarios where a Genode system is used as a thin client.
Cheers Norman