Re: [spice-gtk] Add --spice-disable-clipboard option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Jan 18, 2018 at 12:13:45PM +0100, Christophe Fergeau wrote:
> On Thu, Jan 18, 2018 at 12:06:34PM +0100, Marc-André Lureau wrote:
> > Hi
> > 
> > On Thu, Jan 18, 2018 at 10:31 AM, Christophe Fergeau
> > <cfergeau@xxxxxxxxxx> wrote:
> > > At least on X.org, malicious code could run the equivalent of "watch
> > > xsel -o --clipboard" in a VM, and would then be able to track all the
> > > clipboard content, even when the spice-gtk widget is not focused.
> > >
> > > At the moment, applications call spice_set_session_option(), and then
> > > set SpiceGtkSession::auto-clipboard to TRUE (or to its saved state).
> > > This commit adds a --spice-disable-clipboard option, and if it's set,
> > > SpiceGtkSession::auto-clipboard will not be changeable and will always
> > > be FALSE.
> > > The only side effect I noticed is that enabling "clipboard sharing" in
> > > GNOME Boxes VM preferences will appear to work, but will not enable
> > > clipboard, and will be reset to off next time the preferences dialog is
> > > open.
> > >
> > > https://bugzilla.redhat.com/show_bug.cgi?id=1320263
> > 
> > Looks reasonable to me. However, I thought we wanted a way to disable
> > clipboard by default.
> > 
> > Wouldn't it make sense to introduce some GSetting key(s) for that instead?
> > 
> > This way, the behaviour can be enforced globally without changing the
> > way applications are started.
> 
> I think you want both, you don't necessarily want c&p for all or none of
> your VMs. I don't know if we can check if the admin locked down a
> particular GSettings through the API? If the global value is locked down
> to FALSE, then we should enforce it, otherwise we should accept
> --spice-disable-clipboard.
> So a GSettings patch would probably be a followup to that one.

Can we move forward with that command line addition? Or is adding a
GSettings key a prerequisite to getting this in?

Thanks,

Christophe

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]