From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2,
	SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id BF75D81AFA;
	Mon,  3 Oct 2022 09:36:19 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 496)
	id 2E56D81AE8; Mon,  3 Oct 2022 09:36:17 +0000 (UTC)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com
 [64.147.123.24])
	by atuin.qyliss.net (Postfix) with ESMTPS id D0C5081B49
	for <discuss@spectrum-os.org>; Mon,  3 Oct 2022 09:36:13 +0000 (UTC)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
	by mailout.west.internal (Postfix) with ESMTP id 6063A32002F9;
	Mon,  3 Oct 2022 05:36:11 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute4.internal (MEProxy); Mon, 03 Oct 2022 05:36:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-type:date:date:from:from:in-reply-to:message-id
	:mime-version:reply-to:sender:subject:subject:to:to; s=fm1; t=
	1664789770; x=1664876170; bh=WxU5a49J5xoVfcfyzhdcojkUf7FF9k+xm1W
	Ni+OYlNE=; b=k0gitFAlbdkSU9o3r+WKNIXLXPRbtYJzZkmf3MeKB0W6CbO+ukq
	LzRXOuTWd9mxPGstZH/IUKfFZi6k36iS+rihcVdVFRDaE6G3Oo5H5rTlFwXeTlce
	HJwjZk09mZm9G8Qv+sx8TjTvqz+4Ec3sGxWHIbhOozVMEUvNzbAhbiqM3T/9vqWr
	l04di9hckuqBGsVcekhIbChPI0ak/2Cqts8Sua/vUQhz4SajOeVu04lBQi5773O9
	hEpNd9FiNgySD2l1GtLpcNEzCrvk4FtJSene5kgBBvJKzB7JByyJBeOtP0MZ5guQ
	f9wdm9kvhuVl6EM/mNmuNJGrSnMeTh9vQOQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:date:date:feedback-id
	:feedback-id:from:from:in-reply-to:message-id:mime-version
	:reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1664789770; x=
	1664876170; bh=WxU5a49J5xoVfcfyzhdcojkUf7FF9k+xm1WNi+OYlNE=; b=I
	YixJUbj17WZUCxs3AJlAaLclRwspq20+DP3K51BsKJ20FmA3XyH1mMyr/lq5LH6o
	AQO9P5j5fLeyigJM9IXr6MoKp6/v2sfm3amJ3SmGIN98jrbMUkBhqzGb1d8AM6SN
	3fc1XzDNgfhxOhSCc53y0P+I2o3IZ7eSjlmYGmBhoQvYGhChoo3UXO1Nudy1xL/5
	7vo5dUMo1oEMbr3RVfXS0npAGo7HuCcss1aSHb/Z+El+yo99FGzvM9nbL3coSN5a
	jiP457nK4K+x2CsXM0R/EaaOl0GBy2ET5cuTB72JXU1mP5Xh8o52Xow67Rdjq+6k
	T9zzPDEoULb2nWWEF++Jg==
X-ME-Sender: <xms:Cq06Y6PsWNPPniabrvadCJZUQjcuj4QHaZqFNDNC3tbWk_F3eEWq7A>
    <xme:Cq06Y49Psakns_jxgXdgMgBQuwS_brEnG089OkFEwvkpJo27pB4grZATW0MYrR8_5
    zqYvQJOoqFnUrgMag>
X-ME-Received: 
 <xmr:Cq06YxSyLd8Gb_Tr8nTayNGt8pHTjBrnYht-4swSJBAxyvOFK-ZG_PEQ0J29XHghaGf7bbaayQyU8yr6wZ0rfRCLAUCLb5KGUg>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgedvfedrfeehledgudejucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
    cujfgurhephffvvefufffkgggtsehgtderredttddtnecuhfhrohhmpeetlhihshhsrgcu
    tfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpeejudelie
    etjeeffeejffdvffevhfetteefgfefteeggfevkefgtedugeduueeukeenucffohhmrghi
    nhepughiohguvgdriihonhgvpdhhthhtphhsfegrvdhfvdhfughiohguvgdriihonhgvpd
    hfrhgvvgguvghskhhtohhprdhorhhgpdhsphgvtghtrhhumhdqohhsrdhorhhgnecuvehl
    uhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihsh
    hsrgdrihhs
X-ME-Proxy: <xmx:Cq06Y6s2xtsE2k42FaldUe_fDRAz4V8qvMDNdhvFSxOy0c9P-Dq1AQ>
    <xmx:Cq06YyetapQX4-uH863UCCxXMZzZByeEwQftElOdBDRrHZJ1ZeXInA>
    <xmx:Cq06Y-1f1_s1tQlP2GJva8mQcB9OYx7dZzNJR0pz2PJduo1KPQkCgA>
    <xmx:Cq06Y6l9r3chctpA0-xA3elKLeVY_feGGc2qsN7dCpqY84CcPtbx2A>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 3 Oct 2022 05:36:10 -0400 (EDT)
Received: by x220.qyliss.net (Postfix, from userid 1000)
	id C73D2381; Mon,  3 Oct 2022 09:15:05 +0000 (UTC)
From: Alyssa Ross <hi@alyssa.is>
To: discuss@spectrum-os.org
Subject: Wayland security contexts demo
Date: Mon, 03 Oct 2022 09:14:54 +0000
Message-ID: <87czb9tgj5.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Message-ID-Hash: CEBE5T2HEQWQJDJPVGCR2TRX27SEZ4DR
X-Message-ID-Hash: CEBE5T2HEQWQJDJPVGCR2TRX27SEZ4DR
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-discuss.spectrum-os.org-0;
 header-match-discuss.spectrum-os.org-1;
 header-match-discuss.spectrum-os.org-2; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Puck Meerburg <puck@puckipedia.com>
X-Mailman-Version: 3.3.5
Precedence: list
List-Id: General high-level discussion about Spectrum
 <discuss.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/discuss@spectrum-os.org/message/CEBE5T2HEQWQJDJPVGCR2TRX27SEZ4DR/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/discuss@spectrum-os.org/>
List-Help: <mailto:discuss-request@spectrum-os.org?subject=help>
List-Owner: <mailto:discuss-owner@spectrum-os.org>
List-Post: <mailto:discuss@spectrum-os.org>
List-Subscribe: <mailto:discuss-join@spectrum-os.org>
List-Unsubscribe: <mailto:discuss-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain

Puck has created a video demonstrating the work she's been doing with
the in-development Wayland security-context protocol [1], which allows a
Wayland compositor to distinguish between applications running in
different sandboxes (e.g. in different VMs).

The video is available at

	https://diode.zone/w/2n3kKNNjXFkSWUwyjT3hgt

Or alternatively,

	magnet:?xt=urn:btih:f340dfd391be0cabbb0638eb8af6659214c5d821&dn=puck%27s%20video%20720p.mp4&tr=https%3A%2F%2Fdiode.zone%2Ftracker%2Fannounce&ws=https%3A%2F%2Fdiode.zone%2Fstatic%2Fstreaming-playlists%2Fhls%2F0b093345-a100-4051-b4c3-37292af48c81%2F176adb94-167a-4cb7-b954-a09b301c4d80-720-fragmented.mp4

As part of this work, she updated the draft wlroots and Sway
implementations to support the latest proposed version of the protocol,
exposed the security context information to Sway configuration hooks,
and created a draft crosvm implementation of exposing security context
information to the compositor.

There's some more information in Puck's post to the Spectrum development
mailing list. [2]

Thanks to NLnet and NGI Zero for funding this project.

[1]: https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/68
[2]: https://spectrum-os.org/lists/archives/spectrum-devel/5cf20f6f-9d89-4cf9-9154-6dd3c9310c06@app.fastmail.com/

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmM6qA8ACgkQ+dvtSFmy
ccCRcw/9GrgsW5KKwGbZzckNGUJ7UK8yzIEMRFAcfNGN2/dN0iF+lf832alI9VwQ
ef67VEvTbUK7KHjXSLieqRAmgipVmsjZCrZE4JJsXlpsGhOWsnuCEE1YaByZt/OY
Lg4uRGuLQLIj26R4WqhppSmmGeMj1/LljYdZki86rZRQHQNbREaU2czcHMr1fpLD
ZCJdM0AfdIEb3NiyzEGTF10uhmB3aV6v0uHFfzPrOPB+Cgi/D8FqLnvEsQPXQUej
o+8bJA1RNDLR6+lpBR0ZnYx7zyeBcuGFpMXqdv4sMv7k+X8QYgDVUlrI1ILcCeiT
5jAlkTKArSPmUPOATId5zxmhRbkkt4Y6SYts12WhfMrvflIEbJPChaycsrDj2pjp
33/ip8CuGb+3gWKjzGA7Ze9U9+eczlOUz1sfGAfSy8U1FC3QoYHJMXxpqFXAOAgZ
qTv3i66uYhy9pls4CP/Nb2WT8M5wCNU7+An7ROZ7kSkjl+tkqlHECISFgYYiziSA
JBa0C/s6Cwy1GNc0dVJMReZHTMN94r6QNMpjDlIWWgQQecKbrvjr2l1VZwZ4NGzl
Yvf3bJ00cphGffVMKuuSHSmkfLZJV1npcLuSgDE88BwxOx7YqUpTrLhKgub1cuas
t8pTOgZpZLu+O3L4rW2lS97GXe1ZVdRgG1tSCl8NwvlN4eOmrMc=
=TqGe
-----END PGP SIGNATURE-----
--=-=-=--