|
|
Log in / Subscribe / Register

Walsh: Cool things with SELinux... Introducing sandbox -X

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 17, 2009 15:38 UTC (Thu) by nix (subscriber, #2304)
Parent article: Walsh: Cool things with SELinux... Introducing sandbox -X

Very cool stuff.

As an aside, the lack of resizing Dan complains about could be fixed by using Xnest under xpra as the sandboxed X server. (This probably won't be quite good enough until the keyboard works properly in xpra, which is really a deficiency in Xnest: there's no way to pass it Xkb options that I can see, so if you specify Xkb options in your xorg.conf, they never reach Xnest, so your keyboard is shagged in xpra. I 'fixed' it by changing the Xkb defaults and recompiling Xnest, but that's hardly a practical solution for everyone!)

to post comments

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 17, 2009 21:04 UTC (Thu) by martinfick (subscriber, #4455) [Link] (2 responses)

Xnest does not work very well. If I remember correctly, the last time I tried, video playing, such as with flash, does not work in Xnest yet. With time, I suppose (hope) these deficiencies will be fixed.

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 18, 2009 3:34 UTC (Fri) by njs (subscriber, #40338) [Link] (1 responses)

Perhaps try Xephyr instead of Xnest? (It's not terribly well maintained either, but it does support all the modern extensions.)

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 18, 2009 3:41 UTC (Fri) by drag (guest, #31333) [Link]

I like Xephyr, but damn does it screw up the keyboard mappings and I have no clue how to fix it.

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 18, 2009 15:32 UTC (Fri) by nix (subscriber, #2304) [Link] (2 responses)

Most of my mentions of 'Xnest' there should be 'Xvfb'. Xvfb is a lot less disgusting than Xnest, but still doesn't support xkb option setting :(

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 18, 2009 22:41 UTC (Fri) by njs (subscriber, #40338) [Link] (1 responses)

Yeah, in principle xpra should be able to reconfigure the keyboard using the Xkb API, but... this involves the Xkb API.

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 20, 2009 19:50 UTC (Sun) by nix (subscriber, #2304) [Link]

Really we need to give Xvfb the same xkb-setting command-line parameters
as Xorg itself. I'll do that next time I go near that code (my existing
just-change-the-global-defaults hack is too ugly to live).

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 25, 2009 19:56 UTC (Fri) by oak (guest, #2786) [Link]

I don't understand why Walsh claims that Xephyr window is not
resizable. "xrandr -s <width>x<height>" resizes it just fine.

As to:
"Maybe the X team will fix this, or provide a rootless X on X server,
which would let us allow sandboxed applications to at least communicate
with each other."

He could run them on the same Xephyr instance. Applications can be
switched for example with keyboard shortcuts or
using "matchbox-remote -next":
http://matchbox-project.org/documentation/manual/wm.html#...


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds