On 5/26/20 10:44 AM, Frediano Ziglio wrote:
I suppose you are talking about the unix socket for vdagent, right?
Right, but the same mechanism works well for adding audio for example
(but you have pulseaudio write to a socket).
Hi all,
I'm trying to get x11spice and spice-html5, at least as packaged for
Fedora, into a pretty much 'turn key' state.
I've got 3 use cases. The first is user A sharing their current
desktop, either for themselves, or to get help. That case is largely
done, imho, modulo some documentation and perhaps some streamlining.
The second is user A getting access to a new session for themselves. I
don't feel blocked on this case; the work should be straight forward, if
fiddly (I may regret those words; doing a secure 'su' like function out
of apache may be harder than I think).
I would check for the 2nd case if the session is maintained in case you
are using SystemD. I suppose the user could want to launch a background
X11 session and disconnect from the system.
Yeah, good point. In fact, gdm had a cool bug in stock Fedora 32 that
was fixed by a recent update. (If you logged in via xdmcp to any user
other than the console user, the console switched to the new user).
The 3rd case, however, has me troubled. This is the case that user A
(potentially apache) starts x11spice which then does an xdmcp request to
gdm, and eventually supports a log in by user B. This makes it
challenging to provide a way for user B to launch a spice agent or a
pulseaudio daemon and have it securely connect back to the spice process
started by user A. The approach I've used in the past is to have a
privileged binary use information from an X atom to adjust socket
permissions. But that feels unsatisfying, and it seems to me that this
is an area with a lot of modern thinking that I've largely missed.
As far as I know in the normal (physical) case in case of XDMCP two X11
sessions are involved and X11 client have to reconnect to another session.
So for symmetry you should reconnect the client and have separate socket
for vdagent. Sockets are associated (permission) to different users and
processes are associated to same user.
As an added complexity, in the ideal case, you have a vdagent running as
user A during the login process, which knows to reap itself and give way
to a vdagent launched by user B.
I was hoping that others would have modern instincts on how to more
correctly implement the third use case. Clue bats or other ideas welcome.
Cheers,
Jeremy
To be honest I don't remember last time I used XDMCP.
Yeah, the option I'm leaning towards is discarding that use case. (And,
tbh, the point of this exercise it is mostly to increase the overall
usability; I don't really have a specific problem I'm trying to solve).
Cheers,
Jeremy
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel