Distinct inter/intra vm clipboard shortcuts
73 views
Skip to first unread message
Jean-Philippe Ouellet
May 23, 2017, 1:51:32 AM5/23/17
to qubes-devel, Zrubi, Joanna Rutkowska
Hello,
The original arch spec [1] described the copy/paste operations as only
needing a single key combination to copy and a single key combination
to paste between VMs (e.g. only Ctrl+Shift+C, Ctrl+Shift+V, instead of
Ctrl+C, Ctrl+Shift+C, Ctrl+Shift+V, Ctrl+V). Relevant paragraphs (from
section 5.5, page 27) reproduced below.
Is the reason that these actions (copy inside vm & save to global
clipboard / send global to vm & paste in vm) are not combined into
single key combinations today an intentional design decision?
(Possibly some QSB-13-like [2] consideration?) Or just something that
was never gotten around to?
I was reminded of this curiosity by Zrubi's recent blog post [3][4].
My (admittedly non-exhaustive) search of the list archives did not
shed light on this question.
-----
# Clipboard algorithm for the “copy” operation
1. The copy operation is initialized by the magic key combination for
the copy operation (e.g. Shift-Ctrl-C) entered in Dom0 into the
focused AppViewer
2. The AppViewer does not pass the keystrokes to the AppVM. Instead it
builds and sends the get_clipboard command over the GUI communication
channel to the GUI agent running in the AppVM.
3. The Agent in the AppVM receives the get_clipboard command and, in
response creates a response command (clipboard) where it copies
whatever is currently “marked” in the AppVM, limited to the max
allowed buffer size.
4. AppViewer receives the clipboard message and copies the content
into the defined storage space in Dom0. This storage space could be
e.g. a dedicated file in the Dom0ʼs /tmp or /dev/shm directory.
Particularly this should not be placed into the Dom0ʼs Window
Managerʼs clipboard buffer, to make sure that the user doesnʼt
mistakenly paste the buffer into any of the Dom0ʼs applications. The
user should only be allowed to paste the contents of the clipboard
buffer into another AppViewer window.
# Clipboard protocol for the “paste” operation
1. The paste operation is initialized by the magic key combination for
the paste operation (e.g. Shift-Ctrl-V) entered in Dom0 into the
focused AppViewer
2. The AppViewer does not pass the keystrokes to the AppVM, instead
the AppViewer sends the clipboard message to the agent in the AppVM.
3. The agent copies the contents from the clipboard packet to the VMʼs
Window Manager clipboard buffer and simulates and initializes the
paste operation into the focused application (as if the user pressed
Ctrl-V locally in the AppVM).
-----
[1]: https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf
[2]: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-013-2015.txt
[3]: https://groups.google.com/d/topic/qubes-users/4km22rTlufc/discussion
[4]: http://zrubi.hu/en/2017/use-more-buttons/
The original arch spec [1] described the copy/paste operations as only
needing a single key combination to copy and a single key combination
to paste between VMs (e.g. only Ctrl+Shift+C, Ctrl+Shift+V, instead of
Ctrl+C, Ctrl+Shift+C, Ctrl+Shift+V, Ctrl+V). Relevant paragraphs (from
section 5.5, page 27) reproduced below.
Is the reason that these actions (copy inside vm & save to global
clipboard / send global to vm & paste in vm) are not combined into
single key combinations today an intentional design decision?
(Possibly some QSB-13-like [2] consideration?) Or just something that
was never gotten around to?
I was reminded of this curiosity by Zrubi's recent blog post [3][4].
My (admittedly non-exhaustive) search of the list archives did not
shed light on this question.
-----
# Clipboard algorithm for the “copy” operation
1. The copy operation is initialized by the magic key combination for
the copy operation (e.g. Shift-Ctrl-C) entered in Dom0 into the
focused AppViewer
2. The AppViewer does not pass the keystrokes to the AppVM. Instead it
builds and sends the get_clipboard command over the GUI communication
channel to the GUI agent running in the AppVM.
3. The Agent in the AppVM receives the get_clipboard command and, in
response creates a response command (clipboard) where it copies
whatever is currently “marked” in the AppVM, limited to the max
allowed buffer size.
4. AppViewer receives the clipboard message and copies the content
into the defined storage space in Dom0. This storage space could be
e.g. a dedicated file in the Dom0ʼs /tmp or /dev/shm directory.
Particularly this should not be placed into the Dom0ʼs Window
Managerʼs clipboard buffer, to make sure that the user doesnʼt
mistakenly paste the buffer into any of the Dom0ʼs applications. The
user should only be allowed to paste the contents of the clipboard
buffer into another AppViewer window.
# Clipboard protocol for the “paste” operation
1. The paste operation is initialized by the magic key combination for
the paste operation (e.g. Shift-Ctrl-V) entered in Dom0 into the
focused AppViewer
2. The AppViewer does not pass the keystrokes to the AppVM, instead
the AppViewer sends the clipboard message to the agent in the AppVM.
3. The agent copies the contents from the clipboard packet to the VMʼs
Window Manager clipboard buffer and simulates and initializes the
paste operation into the focused application (as if the user pressed
Ctrl-V locally in the AppVM).
-----
[1]: https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf
[2]: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-013-2015.txt
[3]: https://groups.google.com/d/topic/qubes-users/4km22rTlufc/discussion
[4]: http://zrubi.hu/en/2017/use-more-buttons/
Ángel
May 23, 2017, 7:38:36 PM5/23/17
to qubes...@googlegroups.com
That's a very good question, Jean-Philippe.
I had actually thought about how having the secure copy/paste also
perform the local copy/paste would improve the usability, not being
aware of this earlier document.
I can only guess that, given it was implemented differently, it was made
on purpose, but I don't see why the described version would fail (using
the qsb-013 clipboard timestamping). So I will also wait intrigued for
this answer.
I had actually thought about how having the secure copy/paste also
perform the local copy/paste would improve the usability, not being
aware of this earlier document.
I can only guess that, given it was implemented differently, it was made
on purpose, but I don't see why the described version would fail (using
the qsb-013 clipboard timestamping). So I will also wait intrigued for
this answer.
Marek Marczykowski-Górecki
May 23, 2017, 7:55:01 PM5/23/17
to Jean-Philippe Ouellet, qubes-devel, Zrubi, Joanna Rutkowska
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, May 23, 2017 at 01:51:05AM -0400, Jean-Philippe Ouellet wrote:
> Hello,
>
> The original arch spec [1] described the copy/paste operations as only
> needing a single key combination to copy and a single key combination
> to paste between VMs (e.g. only Ctrl+Shift+C, Ctrl+Shift+V, instead of
> Ctrl+C, Ctrl+Shift+C, Ctrl+Shift+V, Ctrl+V). Relevant paragraphs (from
> section 5.5, page 27) reproduced below.
>
> Is the reason that these actions (copy inside vm & save to global
> clipboard / send global to vm & paste in vm) are not combined into
> single key combinations today an intentional design decision?
> (Possibly some QSB-13-like [2] consideration?) Or just something that
> was never gotten around to?
The main (and only?) reason is compatibility with various applications:
there is no universal "copy"/"paste" trigger. While most GUI application
have Ctrl+C/Ctrl+V for this, far not all of them. And for some cases,
spurious Ctrl+C/Ctrl+V may result in very unwanted effects (think:
pasting into terminal running 'cat > some-file', or copying from
terminal application).
We have also tried to paste by "typing" clipboard content into active
application, but this also works badly with some applications (AFAIR
OpenOffice with its auto completion).
> [1]: https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf
> [2]: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-013-2015.txt
> [3]: https://groups.google.com/d/topic/qubes-users/4km22rTlufc/discussion
> [4]: http://zrubi.hu/en/2017/use-more-buttons/
>
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZJMvPAAoJENuP0xzK19cs7J8H/1/BJ5+zmboyr02ACm9jm7Ku
M6SLFjd7NItaMe7IV6Ag129LUPiONh0vdeEo4iLJBQxK9PiJ+JWVs5laflWveHol
dop9kf1jUPsYTukXrTvVqGsrmmOgxaPvqlyipev3e5M4pNevxwng3gY2b3KQDKc2
/cqMwDiXj+fb7kcA1o5/PG8P9kcy22kzu7kJT5qwpzzTrn8m+X+2sM45xTIp9zXG
I0cE4f27B6I7w8p8vpe6Ja/+zkVSvQWcQ9iJmLXyh5HrJoffvt5jCRYTzHuOLfCX
xmn3AE6yx+0zXMZq4nPyMs/iKWGU+c80RBa3rMnuYYqM0Kak5zp/ze69JRZDLrI=
=ifHv
-----END PGP SIGNATURE-----
Hash: SHA256
On Tue, May 23, 2017 at 01:51:05AM -0400, Jean-Philippe Ouellet wrote:
> Hello,
>
> The original arch spec [1] described the copy/paste operations as only
> needing a single key combination to copy and a single key combination
> to paste between VMs (e.g. only Ctrl+Shift+C, Ctrl+Shift+V, instead of
> Ctrl+C, Ctrl+Shift+C, Ctrl+Shift+V, Ctrl+V). Relevant paragraphs (from
> section 5.5, page 27) reproduced below.
>
> Is the reason that these actions (copy inside vm & save to global
> clipboard / send global to vm & paste in vm) are not combined into
> single key combinations today an intentional design decision?
> (Possibly some QSB-13-like [2] consideration?) Or just something that
> was never gotten around to?
there is no universal "copy"/"paste" trigger. While most GUI application
have Ctrl+C/Ctrl+V for this, far not all of them. And for some cases,
spurious Ctrl+C/Ctrl+V may result in very unwanted effects (think:
pasting into terminal running 'cat > some-file', or copying from
terminal application).
We have also tried to paste by "typing" clipboard content into active
application, but this also works badly with some applications (AFAIR
OpenOffice with its auto completion).
> [1]: https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf
> [2]: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-013-2015.txt
> [3]: https://groups.google.com/d/topic/qubes-users/4km22rTlufc/discussion
> [4]: http://zrubi.hu/en/2017/use-more-buttons/
>
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZJMvPAAoJENuP0xzK19cs7J8H/1/BJ5+zmboyr02ACm9jm7Ku
M6SLFjd7NItaMe7IV6Ag129LUPiONh0vdeEo4iLJBQxK9PiJ+JWVs5laflWveHol
dop9kf1jUPsYTukXrTvVqGsrmmOgxaPvqlyipev3e5M4pNevxwng3gY2b3KQDKc2
/cqMwDiXj+fb7kcA1o5/PG8P9kcy22kzu7kJT5qwpzzTrn8m+X+2sM45xTIp9zXG
I0cE4f27B6I7w8p8vpe6Ja/+zkVSvQWcQ9iJmLXyh5HrJoffvt5jCRYTzHuOLfCX
xmn3AE6yx+0zXMZq4nPyMs/iKWGU+c80RBa3rMnuYYqM0Kak5zp/ze69JRZDLrI=
=ifHv
-----END PGP SIGNATURE-----
Vít Šesták
Jun 3, 2017, 3:10:43 PM6/3/17
to qubes-devel
There are defined keyboard scancodes for copy&paste:
0x7B Keyboard Cut
0x7C Keyboard Copy
0x7D Keyboard Paste
Source: http://www.freebsddiary.org/APC/usb_hid_usages.php
i am not sure how much they are supported. If they are, it might be the way. However, copying might be a challenge due to potential race conditions.
Regards,
Vít Šesták 'v6ak'
0x7B Keyboard Cut
0x7C Keyboard Copy
0x7D Keyboard Paste
Source: http://www.freebsddiary.org/APC/usb_hid_usages.php
i am not sure how much they are supported. If they are, it might be the way. However, copying might be a challenge due to potential race conditions.
Regards,
Vít Šesták 'v6ak'
Jean-Philippe Ouellet
Jun 4, 2017, 3:23:29 PM6/4/17
to Vít Šesták, qubes-devel
On Sat, Jun 3, 2017 at 3:10 PM, Vít Šesták
<groups-no-private-mail--con...@v6ak.com>
wrote:
Assuming those are mapped to XF86{Cut,Copy,Paste}, they don't appear
to me to be widely supported at all unfortunately.
<groups-no-private-mail--con...@v6ak.com>
wrote:
> There are defined keyboard scancodes for copy&paste:
>
> 0x7B Keyboard Cut
> 0x7C Keyboard Copy
> 0x7D Keyboard Paste
>
> Source: http://www.freebsddiary.org/APC/usb_hid_usages.php
> i am not sure how much they are supported. If they are, it might be the way.
Good find.
>
> 0x7B Keyboard Cut
> 0x7C Keyboard Copy
> 0x7D Keyboard Paste
>
> Source: http://www.freebsddiary.org/APC/usb_hid_usages.php
> i am not sure how much they are supported. If they are, it might be the way.
Assuming those are mapped to XF86{Cut,Copy,Paste}, they don't appear
to me to be widely supported at all unfortunately.
Zrubi
Jun 7, 2017, 3:39:21 AM6/7/17
to Jean-Philippe Ouellet, Vít Šesták, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
In theory you can simply bind the VM copy + qubes copy to any key
combination. in this way you may able to redefine the original qubes
copy paste key combos to include the internal Copy combo first.
The same way I bind it to a single mouse button.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZN62EAAoJEH7adOMCkunmUZcP/0vRQk3UqARTRIIFXSHQvx9N
Version: GnuPG v2
cafQKRA3EcpwowrV2w4xVzefPyLntB7TaPO3ZozfED4oDuR6pJWPRmvz6ye/rCVk
12b9fdv5j2SvDRAeh3jywqpN7N56JJOybs3Rj0yrqk3ahIQ95LFysTuOvY+hQJug
kb8wOjp6k1eHOgJEmjMM0gaKx+AQIiWURSkZOJr012u8bcY08IVUFIlfRq4Yqh16
twx+AeZeY7L5/rkNuzyRaBpKtVPw+LbPGoh0zJ93IatXQdR968plO4ldtWMceZUF
NgyBwoaStbMchoVKF6nO/iya299Es6qLc0MDo9vAeM4LYwUxAUy7HwcFtVugAbWD
tnK1kK3JoLh0p+YFS5dGnX1cVFTH4oaXck/G/3jYg2f3lo6VASD3VwABZn9gR4or
CznpkP1dgnSQfoY90T4MEF63STk1oWLSnw6DOnyGevNGVhANjYhHAqTMa6nFblTo
qgMFMJaLPQf5wiJTo4DnvInIEFbWHAXg3C+grO+TnVMZ8RFn4axu2VoGJOJz7FVa
3cS/gl1xOHfr7mWWki07LbRJPHU+gOWCor+aXhdYlayAowmGRIyZt8B1GCTGNEdb
7gDd/iBsjd9eOOXwsLId6JbZF6tbK+RDnBa8nn2REhRPUMpMEyle9FGQlY27CBae
QjyfvREjsDRYd/NO0JPO
=OtgQ
-----END PGP SIGNATURE-----
Vít Šesták
Jun 7, 2017, 11:35:14 AM6/7/17
to qubes-devel
I think that the main issue is not how to pass some keypress to the VM. the problems are:
1. How to properly perform copy/paste action in the VM? Ctrl+C/Ctrl+V is not the proper answer. It would work the most time, but it would cause issues in cases like terminal, since Ctrl+C has usually a different meaning there. The copy/paste/cut keycodes would be a much more elegant solution if they were supported.
2. How to prevent race conditions, e.g., copy from VM to dom0 happens before text is copied from selection in the VM. Maybe there is some solution.
Regards,
Vít Šesták 'v6ak'
1. How to properly perform copy/paste action in the VM? Ctrl+C/Ctrl+V is not the proper answer. It would work the most time, but it would cause issues in cases like terminal, since Ctrl+C has usually a different meaning there. The copy/paste/cut keycodes would be a much more elegant solution if they were supported.
2. How to prevent race conditions, e.g., copy from VM to dom0 happens before text is copied from selection in the VM. Maybe there is some solution.
Regards,
Vít Šesták 'v6ak'
Marek Marczykowski-Górecki
Jun 7, 2017, 4:51:07 PM6/7/17
to Vít Šesták, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
operations.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZOGc0AAoJENuP0xzK19cs5+kH/0flxVYisEF7adWf0BPdRsZz
Version: GnuPG v2
0FD1kjc8g2CwCI4ymJs6oTlw1m5Kj4eEclcqipGvsEIt3V1TbFWLsG34iAv6BETx
ngsVipyk7IAHZXzMdG87RSdNr4Lz8OqfwFUBCemv/7Rpz83lXUM6/6vGqVw16VAX
KgVv+QbXIue2yNhOHv7SJziKO75W4D9AVh3lmnyTkoZgdIzXjPFjsK4ntmTGVzLO
EnOYWBfwlC7xZ9h2/OC2VLVCI1uvwmXUd3fvCO2Bb010hIfkRyG+FOkDwdKRALhp
yVQtfEiLWsR27WJ/auP013fT5JwytQ6PlYQZsKnlqoqzihQPC0ThkeOQDPezCqQ=
=jBpG
-----END PGP SIGNATURE-----
Zrubi
Jun 7, 2017, 5:17:27 PM6/7/17
to Marek Marczykowski-Górecki, Vít Šesták, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On 06/07/2017 10:51 PM, Marek Marczykowski-Górecki wrote:
> On Wed, Jun 07, 2017 at 08:35:13AM -0700, Vít Šesták wrote:
>> I think that the main issue is not how to pass some keypress to
>> the VM. the problems are:
>
>> 1. How to properly perform copy/paste action in the VM?
>> Ctrl+C/Ctrl+V is not the proper answer. It would work the most
>> time, but it would cause issues in cases like terminal, since
>> Ctrl+C has usually a different meaning there. The copy/paste/cut
>> keycodes would be a much more elegant solution if they were
>> supported.
>
>> 2. How to prevent race conditions, e.g., copy from VM to dom0
>> happens before text is copied from selection in the VM. Maybe
>> there is some solution.
>
> Yes, those are exactly the problems with "integrated" copy/paste
> operations.
Maybe xclip can solve both of the problems?
> On Wed, Jun 07, 2017 at 08:35:13AM -0700, Vít Šesták wrote:
>> I think that the main issue is not how to pass some keypress to
>> the VM. the problems are:
>
>> 1. How to properly perform copy/paste action in the VM?
>> Ctrl+C/Ctrl+V is not the proper answer. It would work the most
>> time, but it would cause issues in cases like terminal, since
>> Ctrl+C has usually a different meaning there. The copy/paste/cut
>> keycodes would be a much more elegant solution if they were
>> supported.
>
>> 2. How to prevent race conditions, e.g., copy from VM to dom0
>> happens before text is copied from selection in the VM. Maybe
>> there is some solution.
>
> Yes, those are exactly the problems with "integrated" copy/paste
> operations.
https://wiki.archlinux.org/index.php/Copying_text_from_a_terminal
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZOG07AAoJEH7adOMCkunmAFEP/10Ma9mx6Q/vdqCAXMQy6Ekw
Version: GnuPG v2
4gWoiIazbtYNvjXGWibTuKib9i3VmFcJYjciuJkZN2qOqBPLX+lvZbp6FeZdls+j
Tpo7EA75JikKLwFPRoUhrCLB/uSjBwTwUIr+W8oEqbJ8POWn1iSqld9OMAPzvXTA
/SAMZI2SCa+5+1W071kYgrRPnIIBfotfkJDh1E/96WzMNIZiICphP/qH/bQBSkX7
oWEVwKDICdXAmzRCXA9pn+zShz+hEdGU0Dp5UU1HcgH4TvkKVkc5vSfpG6p5BLPW
kdVM986LXd2NUhT3fsOEK6TFRKEvPgOfem3DmrCaiZ+ZQ4jKejEEFix+Jnd3emxu
W8RZmYEFATg7bforr4Cj/49D6kGigdUv3Amz66FAh7OEB7ErRBHttjb76O4l0DZC
ZfD5zY4JE6JRyGUWNyNleuFI3wTm3Lfiqeds9YzemmrRhFJh4QEy5YhrQO5xtN7e
2X283mzYaectScTsfv2AAtRkrW34RkY/nhPPlOF9eY88G3wHNCdL2+iSX1tqyxdM
9xMTQYVoIViGtFEGrbcyF52fU/LEt52HWusEzJZn9xmIp5W4GTBwv9KEY982oy7N
dkYR91gfXVQySwa6bvuG4ggK4n18s+N2vtaCrdpz66dZTwjJRzA7FNfcjcr5I+KT
zfhaVc63gWoiCvXAHRCS
=JN98
-----END PGP SIGNATURE-----
Vít Šesták
Jun 7, 2017, 5:28:47 PM6/7/17
to qubes-devel
Hmm, copy action could be probably implemented by copying from selection, that sounds rather OK for me.
But I still don't see how to implement paste.
Reply all
Reply to author
Forward
0 new messages