I suppose you are talking about the unix socket for vdagent, right? > > Hi all, > > I'm trying to get x11spice and spice-html5, at least as packaged for > Fedora, into a pretty much 'turn key' state. > > I've got 3 use cases. The first is user A sharing their current > desktop, either for themselves, or to get help. That case is largely > done, imho, modulo some documentation and perhaps some streamlining. > The second is user A getting access to a new session for themselves. I > don't feel blocked on this case; the work should be straight forward, if > fiddly (I may regret those words; doing a secure 'su' like function out > of apache may be harder than I think). > I would check for the 2nd case if the session is maintained in case you are using SystemD. I suppose the user could want to launch a background X11 session and disconnect from the system. > The 3rd case, however, has me troubled. This is the case that user A > (potentially apache) starts x11spice which then does an xdmcp request to > gdm, and eventually supports a log in by user B. This makes it > challenging to provide a way for user B to launch a spice agent or a > pulseaudio daemon and have it securely connect back to the spice process > started by user A. The approach I've used in the past is to have a > privileged binary use information from an X atom to adjust socket > permissions. But that feels unsatisfying, and it seems to me that this > is an area with a lot of modern thinking that I've largely missed. > As far as I know in the normal (physical) case in case of XDMCP two X11 sessions are involved and X11 client have to reconnect to another session. So for symmetry you should reconnect the client and have separate socket for vdagent. Sockets are associated (permission) to different users and processes are associated to same user. > As an added complexity, in the ideal case, you have a vdagent running as > user A during the login process, which knows to reap itself and give way > to a vdagent launched by user B. > > I was hoping that others would have modern instincts on how to more > correctly implement the third use case. Clue bats or other ideas welcome. > > Cheers, > > Jeremy To be honest I don't remember last time I used XDMCP. Frediano _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel