Re: Camera virtualization in Spectrum

[Alyssa Ross <hi@alyssa.is>]

[-- Attachment #1: Type: text/plain, Size: 2294 bytes --]

Demi Marie Obenour <demiobenour@gmail.com> writes:

> Instead, I think it is necessary to add a media server.  This server
> would expose a virtio-media output device to the VM with the camera,
> and would expose a virtio-media capture device to all VMs on the system,
> not just those authorized to receive video.  This is because camera
> hotplug is not properly handled by at least Google Chrome, so I expect
> other applications to also mishandle it.  Instead, a VM that does not
> have camera permission can be given a camera that always records black,
> as if the user had covered the camera.  PipeWire is the only existing
> implementation of a media server I know of that allows custom media
> devices to be implemented out-of-process, so it is the best choice I
> know of.  PipeWire is also considered the future by the entire Linux
> desktop community.

I'm surprised that camera hotplug isn't handled properly, given things
like laptop camera switches and USB webcams.  How does it go wrong?

So you're proposing passing the camera through to a VM that runs a
PipeWire media server, and then exposes virtio-media outputs from that
media server to other VMs?

> One other factor that I did not consider at all during the discussion is
> the need to implement the XDG microphone and camera portals.  These
> portals are based on PipeWire, and PipeWire cannot be directly used
> across VMs.  This is partially because of security, but it is also
> because PipeWire relies on SCM_RIGHTS file descriptor passing, eventfds,
> and other Linux kernel APIs that do not work across the VM boundary.
> Therefore, it is necessary to either run PipeWire in the guest, or run
> a daemon in the guest that exposes the same interface PipeWire does.
> All portals supported in Spectrum that prompt the user require a
> Spectrum-specific implementation so that the prompt happens on the host.

It doesn't look like the Camera portal is something that
xdg-desktop-portal delegates to a backend either, so we don't have a
hook to do Spectrum-specific stuff like granting camera access in the
media server, unless we provide our own x-d-p implementation (not just a
backend)…  Would it be possible to hook into PipeWire in the guest
instead, perhaps, to do that?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]