Hi Alexander,You seem to have a lot of experience with X11 so I'm happy to hear your advice. To answer your first question about where the graphical output needs to happen:I am not sure I am understanding your question, but I am using one computer for all of this. The Xserver component of X11 is running on this computer on the host (not jailed) and the xclients are the jailed gui applications. My basic problem is to make sure that jailed gui applications cannot access the keystokes of other jailed gui applications. I guess I am confused by your question (maybe cause i'm thinking inside the box) but what other options are there for running the Xserver and Xclients on a single computer. Or maybe you are suggesting multiple computers running Xservers? Please let me know whatever your are thinking as a solution because I am open to ideas andthinking outside the box.
With X11 it doesn't matter if you talk about 1 or multiple computers. Within the same network and with a fast enough speed of the network, it should work (edge-cases may differ).
Maybe I was also incorrect about running multiple Xservers on the same machine on different ttys but I thought that was an option. I should check with X11 mailinglist.It's funny that you mention running a Xvnc server inside of a jail with each gui application. I have actually done that before but I never considered it as a possible option for solving my problem until now that you mentioned it. So I will look into that more. My only issue with this: the application that I want jailed the most is my "general browsing" firefox instance used for media websites like youtube but I am not sure how well a 1080p video will look over a vnc connection. But I haven't tested thisidea in awhile.
For your particular use cases you will only know if you test it. As you are doing this locally, the "network" speed is a combination of the internal bus / CPU / memory speed, and some vnc settings like compression may play arole here too, but my gut feeling is, that this could work.
I suppose using Xephyr would be a similar yet heavier solution that just using yourXvnc server idea inside each jail. Would you agree?I might also look into statically compiling Xpra (if possible) so that it at least feels cleaner that all the dependencies are inside one binary instead of all over my system.
I do not know Xephyr or Xpra. I had a very quick look at the homepages, and it looks like they are "just" a normal X server (with some special features) and use the X11 protocol. As such I do not expect that their use will solve your problem (read: I expect that you will be able to see keystrokes across all jails).
Bye, Alexander. -- http://www.Leidinger.net [email protected]: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org [email protected] : PGP 0x8F31830F9F2772BF
pgpMTV9acSprU.pgp
Description: Digitale PGP-Signatur
