> > A secure clipboard is nice to have becuase there's no tradeoff between > convenience and safety. A vm can read the global clipboard only when you > want it. The Xen based Qubes has it and I don't see why KVM's spice and > libvirt can't. Here is how they did it: > > > slide 10 from > > https://events.linuxfoundation.org/sites/events/files/slides/LinuxCon_2014_Qubes_Tutorial.pdf > > Challenge: copy clipboard from VM “Alice” to VM “Bob”, don’t let VM > “Mallory” to learn > its content in the meantime > > Solved by introducing Qubes “global clipboard” to/from which copy/paste is > explicitly > controlled by the user (Ctrl-Shift-C, Ctrl-Shift-V) > > Requires 4 stages: > Ctrl-C (in the source VM) > Ctrl-Shift-C (tells Qubes: copy this VM buffer into global clipboard) > Ctrl-Shift-V (in the destination VM: tells Qubes: make global clipboard > available to this VM) > Ctrl-V (in the destination VM) > Ctrl-Shift-C/V cannot be injected by VMs (unspoofable key combo). > > In practice almost as fast as traditional 2-stage copy-paste (don’t freak > out! ;) > > > More technical explanation > > https://www.qubes-os.org/doc/CopyPaste/ > Would not easier for user and for us to implement just Ctrl-Shift-C/V ? The idea is: - spice client see the Ctrl-Shift-C - spice send a command to agent - agent inject a Ctrl-C to copy to guest clipboard - agent detect new clipboard and copy to global one (as it knows was a Ctrl-Shift-C) Or could be implemented by spice client instead of the agent (just having a vm clipboard copied from the agent and a global one) Frediano _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel