[kwin] [Bug 479922] New: [Feature request] Improved Xwayland isolation, wayland sandboxing abilities, plasma without any X

[AT]

https://bugs.kde.org/show_bug.cgi?id=479922

            Bug ID: 479922
           Summary: [Feature request] Improved Xwayland isolation, wayland
                    sandboxing abilities, plasma without any X
    Classification: Plasma
           Product: kwin
           Version: 5.27.10
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: wishlist
          Priority: NOR
         Component: wayland-generic
          Assignee: kwin-bugs-n...@kde.org
          Reporter: atmaho...@gmail.com
  Target Milestone: ---

Wayland enables us to do proper sandboxing of programs on the desktop. However,
there are several issues that the compositor could help improve.

1. If Xwayland could use `-nolisten tcp -nolisten local` arguments, this would
avoid undermining any sandboxing efforts with the abstract socket exposed. I
don't think there is a way to use custom arguments for Xwayland right now.

2. Can we have the ability to run multiple rootless Xwayland instances, or be
provided N sockets instead of one? The main security issue of X/Xwayland is
every client can see and manipulate the other clients. This is solved if you
can run each client in their own Xwayland instance, but only kwin has the
ability to create a rootless Xwayland instance, and there is only one of them.

For reference, here is a wayland proxy that for each instance will create it's
own xwayland instance that appears rootless
https://github.com/talex5/wayland-proxy-virtwl and the author's writeup on how
complicated that was to do
https://roscidus.com/blog/blog/2021/10/30/xwayland/#running-xwayland

3. Could kwin provide a similar proxying ability? I.e. allow creation of
additional wayland sockets with specific tweaks (e.g. add prefix to caption,
set custom desktopFileName, enable/disable capabilities like clipboard). Here's
another proxy attempting to do such things:
https://gitlab.freedesktop.org/jonleivent/waydapt

And aside from sandboxing, what if you want to run plasma desktop without any
Xorg at all?

4. Can startplasma-wayland have an option to run without Xwayland? It's
hard-coded into plasma-kwin_wayland.service right now
(ExecStart=/usr/bin/kwin_wayland_wrapper --xwayland). It seems to work if the
arg is removed from that service file. But I still see calls to xorg binaries
with stuff like this printed to stdout: "/usr/bin/xrdb: Can't open display ''",
"/usr/bin/xsetroot: unable to open display ''", and "Error: could not determine
$DISPLAY". Also curiously ~/.local/share/kscreen/outputs files uses "xrandr-"
as a prefix in all the output names.

-- 
You are receiving this mail because:
You are watching all bug changes.