Wouldn't it be possible to achieve something very close with "lazy" transfer of C&P data only after paste event? In that case, when you'd copy something in source VM, it would be available in there and in client but it would get copied to guest's clipboard only if you switch to there and paste there using ctrl+V. David On Ne, 2015-04-26 at 17:52 +0200, gramps@xxxxxxxxxxxxxxx wrote: > A secure clipboard is nice to have becuase there's no tradeoff between > convenience and safety. A vm can read the global clipboard only when you > want it. The Xen based Qubes has it and I don't see why KVM's spice and > libvirt can't. Here is how they did it: > > > slide 10 from > > https://events.linuxfoundation.org/sites/events/files/slides/LinuxCon_2014_Qubes_Tutorial.pdf > > Challenge: copy clipboard from VM “Alice” to VM “Bob”, don’t let VM > “Mallory” to learn > its content in the meantime > > Solved by introducing Qubes “global clipboard” to/from which copy/paste is > explicitly > controlled by the user (Ctrl-Shift-C, Ctrl-Shift-V) > > Requires 4 stages: > Ctrl-C (in the source VM) > Ctrl-Shift-C (tells Qubes: copy this VM buffer into global clipboard) > Ctrl-Shift-V (in the destination VM: tells Qubes: make global clipboard > available to this VM) > Ctrl-V (in the destination VM) > Ctrl-Shift-C/V cannot be injected by VMs (unspoofable key combo). > > In practice almost as fast as traditional 2-stage copy-paste (don’t freak > out! ;) > > > More technical explanation > > https://www.qubes-os.org/doc/CopyPaste/ > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > http://lists.freedesktop.org/mailman/listinfo/spice-devel _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel