Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 05 Jun 2020 15:10:05 -0500
From:      squiggly foo <foo.squiggly@yandex.com>
To:        freebsd-jail <freebsd-jail@freebsd.org>
Subject:   Running GUI applications in jails
Message-ID:  <18251591386410@mail.yandex.com>

next in thread | raw e-mail | index | archive | help
Thanks to Dave for pointing out that my HTML message was stripped. I am trying this again.

Hi All,

I'm using FreeBSD as a workstation trying to keep everything as lightweight and
segregated as possible. So I am running GUI applications inside a jail. My current
solution to this is null mounting the Xorg socket inside the jail which allows the
GUI applications to run on the host Xorg without issue. Unfortunately this is also
probably the least secure solution as one jail could access the key strokes of
another jail through the Xorg on the host.

I researched other solutions to this issue and listed them out below with the advantages
and disadvantages. I would like to hear everyones comments/ideas because maybe
there are betters ways.

1) Using Xpra
+ So far this seems like the most secure solution as every GUI application would have
its own xorg instance and cannot see each others key strokes.
+ I assume it's clipboard safe...?

- Good lord the dependencies! This is probably by far the most heavy weight solution.


2) Using Xephyr (Xnest)
+This solution is also just as secure as Xpra as every GUI jailed app will have its own
xorg instance.
+ Much less dependencies than Xpra and therefore more light weight
+ I assume it's clipboard safe...?

- It will produce a whole X window with windows manager in addition to just the app
that I want to run which is space inefficient for monitor real estate.


3) Null Mounting the Xorg socket in the jail
+ The easiest and the most lightweight solution

- The least secure so far according to my research
- Not clipboard safe


4) SSH -X Forwarding
+ Just slightly more weighty than null mounting a socket inside the jail

- It uses X11 security which makes it slightly more secure than a null mount
but it could still see the keystrokes I'm typing into another jail or host.
- Slower X performance..?
- Not clipboard safe


5) Using multiple X servers on different ttys
Using this solution I could group jails according to the level of security that they need.
On one Xorg instance say on tty3 I could have my most secure/trusted GUI jails and on tty4
I could have less secure less trusted GUI jails. Yes the jails inside of the same Xorg instance can
potentially see each others keystrokes but at least I have the lest trusted jails in another Xorg
instance.

+Not really that heavy of a solution dependency wise because I already have Xorg installed on
the host anyways and just running it multiple times
+I'm assuming the separate Xorg instances don't see each other's keystrokes...?
+/- I assume it's clipboard safe between the separate Xorg instances but not
in the same Xorg instance.

-Less flexible of a solution which can affect my workflow, but maybe not so bad.


6) Use Null mounts for the Xorg socket but use a script to 'KILL -17' (suspend) all jails and their
processes except for the one jail that I wish to work with at a time. Then resume them
afterwards.

+This is a pretty lightweight solution if slightly complex

-A suspended app can still receive keystrokes but will not register them until unpaused.
The only assurance I have is that the suspended jailed GUI app cannot request to
become the active window (I Think..?) and so as long as I type into the correct
non-suspended jail, the other suspended jails cannot see keystrokes.


Comments? Questions? How does everyone else do it?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18251591386410>