From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [127.0.0.2] (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 9818B3DB1F; Wed, 20 Sep 2023 09:43:27 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id EA4593DA3E; Wed, 20 Sep 2023 09:43:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on atuin X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.0 Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by atuin.qyliss.net (Postfix) with ESMTPS id 189F03DA3D for ; Wed, 20 Sep 2023 09:43:21 +0000 (UTC) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 511E35C00AD; Wed, 20 Sep 2023 05:43:19 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Wed, 20 Sep 2023 05:43:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:sender:subject:subject:to:to; s=fm1; t=1695202999; x=1695289399; bh=nt7C97CTYgSYOhTf6KOkr6I3C Qqk6hnoPuMq0RbIZxM=; b=pBgdVXPwt0KHZu+nS1J7tDu3hkDLFWqV1CQt7XWvd ZPRFnlIQpWfyLY6kPmRoZc5apl8pgn5u/1Acfeu8rimQ5XUoded+lmbCfId8M2oS +/BOuM0DjGmkzNQehYUENqpQo8oOcbK8UfOT3zbGdXNngseJIHhrRoY/kqBOltC5 ygh742rml6CL8RCMjv5oJ3TSGk+Qx1H0CEMS00gtyfTj8AWbD7Ngx1lcolXvv7Bm TjyV31gFQzQDTokx+P4kYAixqjrt8H0M0t5+/LWE9RprKstUrDhyDlNaId8RHZtY G4CbNjKKqwq+n6I874akhu1AhVZJeMnexp+qC6LmiSuLg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1695202999; x=1695289399; bh=nt7C97CTYgSYOhTf6KOkr6I3CQqk6hnoPuM q0RbIZxM=; b=Wrd/YkUGV+p6MDWr6fvVTU3qfp5GrBLgK7Xc9w9lCb6nvAsEop4 eQQdR4zgDYamy78IhnWy7v0kE9xyOKbHCVlEU0pIBlakM7GaOK0gulpmeqlQGSke 5P87ApQTLzb6tU4Z0hstdYP/6/CzY7CaE9rwSBYFLMXCawsnli4KT35n9qtpwz62 u3rQHPMcPGPzwiClW6VuKHrK9ORSaRItlHME9TEfb5A0UiHZhHnSYUHSrnaVlZzJ eQlZhWCGt+7xHmZS044X8wOhkh39tx2MudCTryrWA6GEbrkduDMuWJ5PtVQhwx/X OwJSZtu2H2JEKkyy2C2tDe/sXq5mMVOYJRQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrudekfedgudekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefufffkgggtsehgtderredttddtnecuhfhrohhmpeetlhihshhsrgcu tfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpeevgfehhe eujeekieektefghfduleetleefveejhfegledvveegueejjeevfeeuleenucffohhmrghi nhepfigrhihlrghnugdrrghpphdpphhutghkrdhmohgvpdhgihhthhhusgdrtghomhenuc evlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehhihesrghl hihsshgrrdhish X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 20 Sep 2023 05:43:18 -0400 (EDT) Received: by x220.qyliss.net (Postfix, from userid 1000) id CDBCA88DD; Wed, 20 Sep 2023 09:43:15 +0000 (UTC) From: Alyssa Ross To: devel@spectrum-os.org Subject: Upcoming Wayland projects in Spectrum Date: Wed, 20 Sep 2023 09:43:07 +0000 Message-ID: <87v8c5dvtg.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Message-ID-Hash: NQ76ZY2ZKDVU7IWPYO5PIASBX27MJVKO X-Message-ID-Hash: NQ76ZY2ZKDVU7IWPYO5PIASBX27MJVKO X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: "Dom Rodriguez (shymega)" , Puck Meerburg X-Mailman-Version: 3.3.8 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, I was asked to give an overview of what Wayland-related stuff is on the radar for the near future, so here we go: crosvm security contexts =2D----------------------- The Wayland security context protocol[1] is how the compositor will know which VM is responsible for which Wayland client, which will allow us to make per-VM policy decisions. crosvm is the part of Spectrum's stack that can give this information to the compositor, so we need it to implement this protocol. Puck previously created such an implementation[2], but it was for an earlier draft of the protocol. It needs to be updated and submitted upstream. [1]: https://wayland.app/protocols/security-context-v1 [2]: https://puck.moe/git/crosvm/commit/?h=3Dwayland-security-context&id=3D= dbdba0bf64517181e30402882d36e0cbcd4934bd Customisable COSMIC =2D------------------ I plan to use the COSMIC[3] the compositor for Spectrum. As far as I know, it's the only serious Rust Wayland compositor, and it looks like it's targeting a good balance between wide usability and configurability. But Spectrum's compositor has some requirements that wouldn't make sense for upstream COSMIC. For example, we'll want to implement some sort of clipboard permissions system, and we're likely to want to do some sort of custom window decorations, maybe like Qubes does. Maintaining a fork of cosmic-comp wouldn't be sustainable, so what we need is some way to customize the compositor's behaviour without needing out-of-tree patches. The way I imagine this working is having cosmic-comp export a library that allows inserting hooks for things we might want to customise. Then we could write a very small program that used that library, set up whatever hooks we wanted, and then just told the library to run the compositor. Quick sketch: use cosmic_comp::{Hook, add_hook, run}; fn main() { add_hook(Hook::Paste, |ctx| { ... }); run(); } I've talked to upstream about this, and they're on board with the general concept. Doing it this way would mean the only code we'd have to maintain would be Spectrum-specific, and we wouldn't have to worry about running into merge conflicts forever. Once this is done, we can do things like implement security contexts in cosmic-comp. It wouldn't make much sense to do that first, because it wouldn't be used anywhere. [3]: https://github.com/pop-os/cosmic-epoch#cosmic-comp COSMIC title bars for wayland-proxy-virtwl Xwayland clients =2D---------------------------------------------------------- wayland-proxy-virtwl[4] is the program used to relay Wayland connections from the guest to the host. It implements its own unpriveleged X11 forwarding. (Normal Xwayland requires the compositor give special priveleges not given to normal Wayland clients.) For some reason, cosmic-comp does not draw title bars for these clients. It's unclear so far whether this is a cosmic-comp program or a wayland-proxy-virtwl problem. [4]: https://github.com/talex5/wayland-proxy-virtwl --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmUKvqwACgkQ+dvtSFmy ccBCTQ/7Bz4Uye934ZE2CKA1yKh+jMlDU8woCs+bljJLQatRMhqj+J25PiK/lh6A NVtOVqjqfKb7h4Zy9/IF9dYhvd/TNwcmRrlrp3iwI1WtuhEDZ5T3cDyarzQQKG0O UnVJHPQ0GRmBfpiaK4wQtSqBJkjEQM/I4kgoDfRg43J6a4Y3lhAKOciqBsi6XWRE 0jGotSOQEhpg8o+kaMGDGRM6P5yWyHebTpH7ZDssbhv201gqLoY1PPccaEM7WF9u r2HmSk+iDiqFAIc5KHSpojMMrQGRzF4A5Kh9xzHIuXb6oHgAMLeIgcFQZnc2++sT yOj1Ggufbl5nspNLdhaNsZMb8AjkfO3Qst6p0XyjxRL2iu6A7aKrdQZ02yjVrb8f /f6R+NKZ9cgfyWWBuRfE6Nhy8hG9XLSS1jnoGmGta8wyAd/E2iPieuVLxeYdnrvO K7ucaag0xODVqjW8+3kFgfy5+ghV5Vou3gw7XtUDVM91F7/4IdnC5EaIszOdYShh NyKcn5J29bmcPb7SgCZjgFoQNbHcHNv26lkobkbcELtgYca75N1/K0Kkz0HSVqaS OdQQJafgD8gkvU2nZb4zieEYquDZeVaC62uIqVO8NxaILXGMvN9PEnw9EZiqdkCE J0ybgC1gDnnsJvqT3f3PZKCL6g3UYuatujeRQgac9xMGgalYAMs= =BNyz -----END PGP SIGNATURE----- --=-=-=--