Xpra port?
Norman Feske
norman.feske at ...1...
Tue Sep 8 10:39:36 CEST 2015
Hi Jookia,
On 05.09.2015 18:39, Jookia wrote:
> After disappearing and thinking for a while about how to have some kind of
> support for GNU/Linux sandboxes with seamless integration to the window manager.
> I've thought a lot about how the Qubes approach does it using shared memory and
> Xorg messages but this doesn't work over the network, so I'm starting to wonder
> if it'd be better to just use something like Xpra. I'm not sure how big the TCB
> of it is versus just passing X messages, but it shouldn't really be that bad if
> you only give it access to files shared with the sandboxed system, meaning it'd
> be counterproductive to break in to Xpra.
>
> Xpra also plans a Wayland port which might map well. Thoughts?
thanks to the pointer to the Xpra project. I was not aware of it. It
looks very interesting. My thoughts after a quick look at the project's
Wikipedia page:
* The complexity of the client does not matter because we would
instantiate one client per guest, don't we? The client can merely
talk to the nitpicker GUI server but has no special privileges.
It does not even interact with the network, disk, or other devices.
Hence, from Genode's perspective, the client does not need to be
trusted.
* The mechanism relies on the network as communication channel. This
raises the question of how to connect the client with the server
running in the guest. Should there be a dedicated virtual network
for this purpose? If the guest uses networking (e.g., when running
a browser), we seem to need special routing tweaks and set up the
VM with two NICs. This is a bit inconvenient but certainly not a
big issue.
* Compared to the Qubes approach, the use of Xpra involves copying the
pixel data. One could argue that this copy affects the performance in
a negative way. However, on my 5-years old machine, the memory
throughput is > 3 GiB per second. Copying an entire full-HD
frame with 1920x1080 at 32-bit color depth (circa 8 MiB of data)
takes less than 3 milliseconds. In my opinion, these costs are
acceptable for the gain in simplicity (compared to setting up
shared memory between the application running in the guest and
the nitpicker GUI server).
In short, I find the project very interesting. A port might also be
useful for scenarios where a Genode system is used as a thin client.
Cheers
Norman
--
Dr.-Ing. Norman Feske
Genode Labs
http://www.genode-labs.com · http://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
More information about the users
mailing list