Follow

This small cat picture represents a huge step forward for Spectrum (spectrum-os.org).

It is a window of a graphical application running inside an unprivileged VM, seamlessly drawn on the host system’s window manager just like any other window.

This is done using virtio-wayland, a technology invented for Chrome OS. I think it has huge potential, but to my knowledge, this is the first time it has been used outside Chrome OS (it was a real pain to port).

Thanks @puckipedia for the help!

Code is here: spectrum-os.org/git/nixpkgs/?h

If you are running Linux and Wayland and have Nix available, you can compile and run for yourself:

git clone -b crosvm-demo spectrum-os.org/git/nixpkgs nixpkgs-spectrum
$(nix-build nixpkgs-spectrum/start-vm.nix)

I hope to publish a blog post soon explaining how all of this works, and how it can be used on other Linux systems.

@qyliss Nice! I'd been vaguely aware of/curious about the various ultra-sandboxed secure Linux distributions. X11 made this fairly easy with its network transparency model but that's about the only good thing about X11 in this day and age. I'm looking forward to seeing how you achieved this with Wayland!

(Also will this be a possible mechanism for doing window-level remote window display in Wayland? I like that approach way better than VNC/screen sharing.)

@fluffy oh it was absolutely not a good thing. X has no security model to speak of, so by sharing a socket you’ve basically given total access to your user to the remote system.

Virtio is a kernel interface for communicating between VMs, so you wouldn’t be able to use it between machines. Waypipe (gitlab.freedesktop.org/mstoeck) can do that, though, and Wayland’s security model means you don’t have the same problems as with X.

@qyliss Yeah I mean X11 has no window sandboxing or whatever and I realize that X clients can basically do anything they want to other X clients, and at best you can use XAuth to avoid random people from connecting to your display and running a keylogger (and it's absolutely shocking how many Linux distributions didn't even set *that* up by default). The advantage was just the ease of getting apps running remotely, and I didn't mean to imply there was anything secure about it at the GUI layer.

@qyliss like the good thing was that it made remote display easy and that it would integrate with your native windowing environment. Everything else about it was a nightmare, and having Wayland-style compositing with secure sandboxing around each thing is absolutely a better way of doing it.

VNC was also generally an okay way to go from a security standpoint, I just didn't like having separate per-host sessions each in their own separate desktop.

@fluffy yeah, I understand. Waypipe should be everything you want. :)

@qyliss Nice. Of course these days I primarily use macOS (mostly because of Logic Pro and Photoshop) but if I ever go back to the Linux world that seems absolutely the way to go.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!