[Added cc of the TX/Xtsol experts to confirm my understanding. For
their benefit, the proposal is to ship the synergy program to share
keyboard, mouse & keyboard between X servers on multiple machines.
For details, see http://synergy2.sourceforge.net/ and
http://arc.opensolaris.org/caselog/LSARC/2009/489/20090914_stuart.kreitman ]
Darren J Moffat wrote:
> How does this work when the Solaris system is running with Trusted
> Extensions enabled ? In particular given that the screensaver is a
> trusted path concept and cut and paste is intercepted on trusted path
> and subject to authorisation.
I think the answer is "probably not well, and that's a good thing."
In order to control the mouse and keyboard on the machines in the
synergy group, synergy uses an X extension called "XTEST" which was
originally designed for test suites to simulate input devices.
The TX policy file for X will block usage of the XTEST extension
in order to prevent clients being able to take control of clients
with different security labels, so I don't think synergy will be
able to run in TX by default.
If it could run (such as if you modified the policy file, since it
is a plain text file a site could vi) it would probably need to run
in the global zone, and then since it's not label aware, it's
clipboard sharing would probably violate the protections for copy
and paste between differently labeled clients.
In short, I think the best answer is probably for us to add a note
to the man pages stating that synergy is not compatible with the
restrictions of the TX multi-label desktop, and is not recommended
for use there.
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
