Xpra port?

Norman Feske norman.feske at ...1...
Tue Sep 8 10:39:36 CEST 2015 

Hi Jookia,

On 05.09.2015 18:39, Jookia wrote:
> After disappearing and thinking for a while about how to have some kind of
> support for GNU/Linux sandboxes with seamless integration to the window manager.
> I've thought a lot about how the Qubes approach does it using shared memory and
> Xorg messages but this doesn't work over the network, so I'm starting to wonder
> if it'd be better to just use something like Xpra. I'm not sure how big the TCB
> of it is versus just passing X messages, but it shouldn't really be that bad if
> you only give it access to files shared with the sandboxed system, meaning it'd
> be counterproductive to break in to Xpra.
> 
> Xpra also plans a Wayland port which might map well. Thoughts?

thanks to the pointer to the Xpra project. I was not aware of it. It
looks very interesting. My thoughts after a quick look at the project's
Wikipedia page:

* The complexity of the client does not matter because we would
  instantiate one client per guest, don't we? The client can merely
  talk to the nitpicker GUI server but has no special privileges.
  It does not even interact with the network, disk, or other devices.
  Hence, from Genode's perspective, the client does not need to be
  trusted.

* The mechanism relies on the network as communication channel. This
  raises the question of how to connect the client with the server
  running in the guest. Should there be a dedicated virtual network
  for this purpose? If the guest uses networking (e.g., when running
  a browser), we seem to need special routing tweaks and set up the
  VM with two NICs. This is a bit inconvenient but certainly not a
  big issue.

* Compared to the Qubes approach, the use of Xpra involves copying the
  pixel data. One could argue that this copy affects the performance in
  a negative way. However, on my 5-years old machine, the memory
  throughput is > 3 GiB per second. Copying an entire full-HD
  frame with 1920x1080 at 32-bit color depth (circa 8 MiB of data)
  takes less than 3 milliseconds. In my opinion, these costs are
  acceptable for the gain in simplicity (compared to setting up
  shared memory between the application running in the guest and
  the nitpicker GUI server).

In short, I find the project very interesting. A port might also be
useful for scenarios where a Genode system is used as a thin client.

Cheers
Norman

-- 
Dr.-Ing. Norman Feske
Genode Labs

http://www.genode-labs.com · http://genode.org

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth

More information about the users mailing list