From: Puck Meerburg <puck@puckipedia.com>
To: devel@spectrum-os.org
Cc: Puck Meerburg <puck@puckipedia.com>
Subject: [RFC PATCH nixpkgs 0/4] Wayland security-context support
Date: Fri, 30 Sep 2022 19:45:56 +0000 [thread overview]
Message-ID: <20220930194600.1033126-1-puck@puckipedia.com> (raw)
NOTE: These patches are designed to apply on top of the previous
Wayland support series at [1].
This series contains the patches necessary to build the demo repository
for Wayland security-context[2] support. As the Spectrum support for
Wayland is also very WIP, and uses a different WM than the one I was
focused on (Weston versus sway), it's not yet integrated with Spectrum
itself. Of course, my decision to use Sway in this demo isn't setting
Spectrum's own window manager in stone; the hope is this protocol gets
implemented into as many compositors (and sandboxes) as possible :)
To try out the demo, see [3] for the repository and instructions.
A few of these patches (wlroots, sway) have been sent upstream
already[4][5]. The crosvm patches need a tiny bit of work before I'm
completely confident sending them upstream.
One major issue that is worked around but not entirely solved is a bit
of a mystery to me: After a short amount of messages, the virtio-gpu
driver stops sending and receiving Wayland messages. As far as I can
tell, this is likely a quirk of running crosvm with only cross-domain
enabled, but one I haven't been able to delve into the Linux source
code for to figure out how to properly solve.
[1]: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.1583791-1-alyssa.ross@unikie.com/
[2]: https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/68
[3]: https://puck.moe/git/security-context-demo
[4]: https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3589
[5]: https://github.com/swaywm/sway/pull/7187
Puck Meerburg (4):
cloud-hypervisor: workaround keymap mmap
wlroots: apply security-context patches
sway: apply security-context patches
crosvm: apply security-context patches
...ry-mapping-shared-memory-as-RO-if-RW.patch | 57 ++++++++
.../cloud-hypervisor/default.nix | 1 +
.../virtualization/crosvm/default.nix | 10 +-
.../window-managers/sway/default.nix | 22 +++
pkgs/development/libraries/wlroots/0.15.nix | 20 ++-
.../libraries/wlroots/security-context-v1.xml | 131 ++++++++++++++++++
6 files changed, 235 insertions(+), 6 deletions(-)
create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-devices-try-mapping-shared-memory-as-RO-if-RW.patch
create mode 100644 pkgs/development/libraries/wlroots/security-context-v1.xml
--
2.35.1
next reply other threads:[~2022-09-30 19:48 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-30 19:45 Puck Meerburg [this message]
2022-09-30 19:45 ` [RFC PATCH nixpkgs 1/4] cloud-hypervisor: workaround keymap mmap Puck Meerburg
2022-09-30 19:45 ` [RFC PATCH nixpkgs 2/4] wlroots: apply security-context patches Puck Meerburg
2022-09-30 19:45 ` [RFC PATCH nixpkgs 3/4] sway: " Puck Meerburg
2022-09-30 19:46 ` [RFC PATCH nixpkgs 4/4] crosvm: " Puck Meerburg
2022-09-30 22:08 ` [RFC PATCH nixpkgs 0/4] Wayland security-context support Puck Meerburg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220930194600.1033126-1-puck@puckipedia.com \
--to=puck@puckipedia.com \
--cc=devel@spectrum-os.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).