Is it possible to use virt-sandbox to confine X applications? Dave
Daniel P. Berrange
2013-Aug-14  16:38 UTC
Re: [libvirt-users] virt-sandbox of X applications
On Wed, Aug 14, 2013 at 12:11:41PM -0400, Dave Allan wrote:> Is it possible to use virt-sandbox to confine X applications?At this point in time it only targets running shell commands / scripts and system services. I'd very much like to extend it to cover X applications - indeed confining firefox was the original motivation for me starting this project. What has held me back was deciding on the best way to support X apps. In the KVM backed sandbox, my view was that we should make use of Xorg in the guest and SPICE on the host. That would give nice support for the dynamically resizing of windows, cut+paste, smartcards, etc, etc. For LXC, I'm not 100% sure what the best thing todo is. It would be nice to have a consistent use of SPICE on the host side, so perhaps it needs to have Xspice (http://spice-space.org/page/Features/XSpice) running in the container. When I first started this, Xspice wasn't really in a usable state, but it seems to have improved significantly, so this is probably something we could look at implementing now. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|