Date: Tue, 09 Jun 2020 08:48:54 +0200 From: Alexander Leidinger <Alexander@leidinger.net> To: squiggly foo <foo.squiggly@yandex.com> Cc: freebsd-jail@freebsd.org Subject: Re: Running GUI applications in jails Message-ID: <20200609084854.Horde.hoNVb-yBxmnHiEt74ihgT0n@webmail.leidinger.net> In-Reply-To: <245071591669961@mail.yandex.com> References: <18251591386410@mail.yandex.com> <20200606192222.Horde.68H7pQpeZSUfwBodPHen_Lh@webmail.leidinger.net> <245071591669961@mail.yandex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format and has been PGP signed. --=_bpnVkkuOBKfevbTpyJTSZT4 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting squiggly foo <foo.squiggly@yandex.com> (from Mon, 08 Jun 2020=20=20 21:35:23=20-0500): > Hi Alexander, > > You seem to have a lot of experience with X11 so I'm happy to hear=20=20 >=20your advice. > To answer your first question about where the graphical output needs=20= =20 >=20to happen: > > I am not sure I am understanding your question, but I am using one=20=20 >=20computer for > all of this. The Xserver component of X11 is running on this=20=20 >=20computer on the host > (not jailed) and the xclients are the jailed gui applications. My=20=20 >=20basic problem is to > make sure that jailed gui applications cannot access the keystokes=20=20 >=20of other jailed gui > applications. I guess I am confused by your question (maybe cause=20=20 >=20i'm thinking inside > the box) but what other options are there for running the Xserver=20=20 >=20and Xclients on a single > computer. Or maybe you are suggesting multiple computers running=20=20 >=20Xservers? Please > let me know whatever your are thinking as a solution because I am=20=20 >=20open to ideas and > thinking outside the box. With X11 it doesn't matter if you talk about 1 or multiple computers.=20=20 Within=20the same network and with a fast enough speed of the network,=20= =20 it=20should work (edge-cases may differ). > Maybe I was also incorrect about running multiple Xservers on the=20=20 >=20same machine on > different ttys but I thought that was an option. I should check=20=20 >=20with X11 mailing > list. > > It's funny that you mention running a Xvnc server inside of a jail=20=20 >=20with each gui > application. I have actually done that before but I never=20=20 >=20considered it as a possible > option for solving my problem until now that you mentioned it. So I=20= =20 >=20will look into that > more. My only issue with this: the application that I want jailed=20=20 >=20the most is my > "general browsing" firefox instance used for media websites like=20=20 >=20youtube but I am not > sure how well a 1080p video will look over a vnc connection. But I=20=20 >=20haven't tested this > idea in awhile. For your particular use cases you will only know if you test it. As=20=20 you=20are doing this locally, the "network" speed is a combination of=20=20 the=20internal bus / CPU / memory speed, and some vnc settings like=20=20 compression=20may play arole here too, but my gut feeling is, that this=20= =20 could=20work. > I suppose using Xephyr would be a similar yet heavier solution that=20=20 >=20just using your > Xvnc server idea inside each jail. Would you agree? > > I might also look into statically compiling Xpra (if possible) so=20=20 >=20that it at least feels > cleaner that all the dependencies are inside one binary instead of=20=20 >=20all over my system. I do not know Xephyr or Xpra. I had a very quick look at the=20=20 homepages,=20and it looks like they are "just" a normal X server (with=20= =20 some=20special features) and use the X11 protocol. As such I do not=20=20 expect=20that their use will solve your problem (read: I expect that you=20= =20 will=20be able to see keystrokes across all jails). Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_bpnVkkuOBKfevbTpyJTSZT4 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJe3zDVAAoJEBINsJsD+NiGaFMP/1Vn7cqr6ZFcVul0I3gHkS2I WvnDj+CziMfl5K4mJwFAVzi57wKYKNDQH8DAGBSFl9gRkO0tfvI4AWLGmbbXMQj3 /EESbY7ZwT64SG9DlYsSfP8INbX56xwbHzKihha1OeFS40Gixwwf5yb0gupcEyvC 1y05WgrjWqRe6I7eojTxkvKEOWP18VFKmNJJzjCrK280kk1d/3VTTfe9P2F3Kj9V De6D1v0qQKBlLNgwz9ueQ/p3oKVEq46d7HYNoJACXUlne65TkpJyVSV20OEynOoP yvvn9bqyOUGTgbbs/jCK4yNu3RbJtB/UlA3qFHW75K8qYe/4Z4HyIfiyZp5t2PkR HObDrfYv0VjFAHAlYp+xX0QT/rnXmrBuwRjCbsSEQjU1vpflzjtOu1TVh8sPvkAY EIj7Yn6eIOPfy1xAB9IMxzzlZINvZjnBprLuoc0XPwXvGe3dISk/wOLkfrBsuyPr yZQQyxD0Ax+TtveqyFYnjdjg0w5xzp09xtjAWCtmBrqhfm1T/fekSFOVce3CYpv/ erP/xdeqT9yDgdz7yFsnRoVY3iih0g8CBHoc7StBYfA+8NYCiEcAmG0Yaqx1d7bZ z2ZpirKnkoqEAfpZA/cH5egUaK8kWqSxbCMkJFQKzunxAXM1D8ngsM8h9zpRgZQD k5SolvA8AjX8w4oZ7gtJ =gnAU -----END PGP SIGNATURE----- --=_bpnVkkuOBKfevbTpyJTSZT4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200609084854.Horde.hoNVb-yBxmnHiEt74ihgT0n>