On Sat, 24 Dec 2016, Ilpo Järvinen wrote: > On Sat, 24 Dec 2016, Marek Marczykowski-Górecki wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > On Sat, Dec 24, 2016 at 12:12:10AM +0200, Ilpo Järvinen wrote: > > > On Fri, 23 Dec 2016, Marek Marczykowski-Górecki wrote: > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA256 > > > > > > > > On Fri, Dec 23, 2016 at 12:21:54AM +0200, Ilpo Järvinen wrote: > > > > > > With "limited multi-user support" I meant something along these lines: > > > A special "launchvm" that is the only thing that an ordinary (non-dom0) > > > user gets when logging in. > > > > So, user interact only with "launchvm", right? How you envision to > > achieve this? In GUI domain concept it is achieved by attaching > > input/output devices to GUI domain instead of dom0. > > I/O would be done "like now". The user interacts through the X server in > dom0 but the user input on that X server should be limited to mainly > managing focus and screenlocking. In my threat model, the users are not > exactly a threat other than accidentially messing something if the > system is not enough locked down for them. > > The key difference between "launchvm" and mgmt+GUI VM is just where > the X servers run. Cross-user separation aspects are the same > regardless where GUI is done as the GPU PCI device cannot be > shared between many VMs anyway (except perhaps with XenGT one day) > so X servers for all users in multi-user case need to run in the > same VM. Obviously dom0 itself is better isolated in the GUI domain > case so less tricks may be needed but I don't think GUI domain itself > is a magic bullet that solves all multi-user related problems.
And of course, I'm not saying that things must remain in dom0... I see it just a necessary evil if there's no better solution available. Hmm, an additional thought: Why not moving as much as possible away from the gui domain into "a userctrl VM" also in the gui domain/mgmt API case? I could try to do a drawing about that idea once I find some time (if I find the source for that figure on the mgmt page). -- i. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/alpine.DEB.2.10.1612241144100.18761%40melkinpaasi.cs.helsinki.fi. For more options, visit https://groups.google.com/d/optout.
