do you know xpra?
65 views
Skip to first unread message
Thomas Koch
Dec 7, 2014, 6:19:31 AM12/7/14
to qubes...@googlegroups.com
Hi,
we're using KVM at work to isolate our untrusted web development tools from the host system and forward application windows with xpra[1]. I've put qubes on my list to try for the next generation of our setup.
[1] http://xpra.org
Do you know xpra? From the outside it seems, that it might fit as a component for qubes and that both projects could benefit from cooperation? Or did you reject it for any reason?
Regards, Thomas Koch
we're using KVM at work to isolate our untrusted web development tools from the host system and forward application windows with xpra[1]. I've put qubes on my list to try for the next generation of our setup.
[1] http://xpra.org
Do you know xpra? From the outside it seems, that it might fit as a component for qubes and that both projects could benefit from cooperation? Or did you reject it for any reason?
Regards, Thomas Koch
wyory
Dec 7, 2014, 2:00:32 PM12/7/14
to qubes...@googlegroups.com
Does xpra past the test described in this article?
http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html
http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html
Thomas Koch
Dec 8, 2014, 7:33:32 AM12/8/14
to qubes...@googlegroups.com, wyory
On Sunday, December 07, 2014 08:00:18 PM wyory wrote:
> Does xpra past the test described in this article?
>
> http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui
> -isolation.html
yes.
> Does xpra past the test described in this article?
>
> http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui
> -isolation.html
xpra starts a dummy X server inside a virtual machine just like qubes and
comes with its own communication protocol to forward keystrokes from the host
to the VM and window bitmaps from the VM to the host. xinput list in the VM
gives:
⎡ Virtual core pointer id=2 [master pointer (3)]
⎜ ↳ Virtual core XTEST pointer id=4 [slave pointer (2)]
⎜ ↳ dummy_mouse id=6 [slave pointer (2)]
⎜ ↳ dummy_keyboard id=7 [slave pointer (2)]
⎣ Virtual core keyboard id=3 [master keyboard (2)]
↳ Virtual core XTEST keyboard id=5 [slave keyboard (3)]
In total xpra does
VM to host:
- clipboard
- notification
- speaker
host to VM:
- clipboard
- microphone
- keyboard
All features can be turned off individually. I'm very satisfied with xpra and
the responseness of the developer. xpra can not forward windows from an MS
Windows VM since it relies on X server.
Regards, Thomas Koch
Marek Marczykowski-Górecki
Dec 8, 2014, 10:42:54 AM12/8/14
to Thomas Koch, qubes...@googlegroups.com, wyory
GUI virtualization. There is even support for mmap-based communication
channel for display content (instead of compressed images sent over the
wire), which is very similar to our inter-VM shared-memory approach.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
wyory
Dec 8, 2014, 10:46:36 PM12/8/14
to qubes...@googlegroups.com
(with GUIs!). Thanks for the tip.
Reply all
Reply to author
Forward
0 new messages