Hi all,

I'm trying to get x11spice and spice-html5, at least as packaged for Fedora, into a pretty much 'turn key' state.

I've got 3 use cases. The first is user A sharing their current desktop, either for themselves, or to get help. That case is largely done, imho, modulo some documentation and perhaps some streamlining. The second is user A getting access to a new session for themselves. I don't feel blocked on this case; the work should be straight forward, if fiddly (I may regret those words; doing a secure 'su' like function out of apache may be harder than I think).

The 3rd case, however, has me troubled. This is the case that user A (potentially apache) starts x11spice which then does an xdmcp request to gdm, and eventually supports a log in by user B. This makes it challenging to provide a way for user B to launch a spice agent or a pulseaudio daemon and have it securely connect back to the spice process started by user A. The approach I've used in the past is to have a privileged binary use information from an X atom to adjust socket permissions. But that feels unsatisfying, and it seems to me that this is an area with a lot of modern thinking that I've largely missed.

As an added complexity, in the ideal case, you have a vdagent running as user A during the login process, which knows to reap itself and give way to a vdagent launched by user B.

I was hoping that others would have modern instincts on how to more correctly implement the third use case. Clue bats or other ideas welcome.

Cheers,

Jeremy
_______________________________________________
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/spice-devel

Reply via email to