Cockpit is a Linux session. Normally when you connect from one login session to a second one, the second login session does not access to the first ... although the does not hold.
For example if you SSH into machineA ... and then from machineA SSH into machineB ... it is assumed (and typically the case) that the login session on machineB does not have access to the login session on machineA. In Cockpit this has not been the case. When you start a Cockpit login session on machineA ... and then in Cockpit on machineA you add machineB as a second server. The Cockpit login session tasks/code for each of those have equal access to one another via the browser. I worked with Muelli over the weekend to try and fix this and here's a basic pull request: https://github.com/cockpit-project/cockpit/pull/6260 We can ask the browser to apply the Same Origin policy and keep the sessions sandboxed. There's several places where some follow up work is needed, as seen by the dependencies of that pull request. But also it's impossible to use window.localStorage from such a browser sandbox. So if we put this in, we would likely need to implement a new window.localStorage that uses window.postMessage with "hint" messages to store/retrieve contents. Once this is done, we can enforce the separation of concerns between stuff running from different machines and start to mirror this assumed behavior of Linux login sessions. Cheers, Stef
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cockpit-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
