-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sat, Dec 24, 2016 at 10:56:41AM +0200, Ilpo Järvinen wrote: > On Sat, 24 Dec 2016, Marek Marczykowski-Górecki wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > On Sat, Dec 24, 2016 at 12:12:10AM +0200, Ilpo Järvinen wrote: > > > On Fri, 23 Dec 2016, Marek Marczykowski-Górecki wrote: > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA256 > > > > > > > > On Fri, Dec 23, 2016 at 12:21:54AM +0200, Ilpo Järvinen wrote: > > > > > > With "limited multi-user support" I meant something along these lines: > > > A special "launchvm" that is the only thing that an ordinary (non-dom0) > > > user gets when logging in. > > > > So, user interact only with "launchvm", right? How you envision to > > achieve this? In GUI domain concept it is achieved by attaching > > input/output devices to GUI domain instead of dom0. > > I/O would be done "like now". The user interacts through the X server in > dom0 but the user input on that X server should be limited to mainly > managing focus and screenlocking. In my threat model, the users are not > exactly a threat other than accidentially messing something if the > system is not enough locked down for them.
How would you define multi-user system? I think isolating one user (data) from another is fair requirement for it. So, here the user is a threat in some sense. > The key difference between "launchvm" and mgmt+GUI VM is just where > the X servers run. Cross-user separation aspects are the same > regardless where GUI is done as the GPU PCI device cannot be > shared between many VMs anyway (except perhaps with XenGT one day) > so X servers for all users in multi-user case need to run in the > same VM. If using GUI domain for multi-user system, then each user would have own GUI domain. Only one of them would be running (or have access to GPU) at the same time. Anyway, I think multi-user system, is not so needed feature. > Obviously dom0 itself is better isolated in the GUI domain > case so less tricks may be needed but I don't think GUI domain itself > is a magic bullet that solves all multi-user related problems. Yes, certainly it will not be enough itself. But will help a lot. > > > > And one more thing: please sign your code. Details: > > > > https://www.qubes-os.org/doc/code-signing/ > > > > > > Ok, I'll try (no prior experience gpg usage with email). > > > > If you like, you can also push git repository somewhere (github or > > else), with signed commits and/or signed tag at the top. > > Ok, I will probably then end up using http git repo as I don't want > to create yet-another-account github would require (at least for now). > > Anyway, it will take week or slightly more before I can test the > next version as I intentionally left myself without access to my > qubes laptop for a while :-D. :) - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYXujlAAoJENuP0xzK19cs/5QIAJMUxoy7NGbsYLe4TwYdVHU8 gu6smEhz+EbVdyYwC91K9mFVpLPomQcUJaLzM/5AL/f5hhxUBfUZvvc5WruYQst9 gD6CznshUg/zI5ryqoqrKOESAA6ceYuaL330U0ujP8tpgpvK6zFfLu+vgPpvfxw+ CErz1wMgSfYptQU1qrZTvkZnGtdKSb2tVIbkQea6AzTFBUpr9jW4W/uQsGne9EQO KmQFZ+p9EFApnpwVN6NbgX3kyfCxU7zjZsLiSHaImT3YWL9RsJH7lzVX6DN9+pw3 th5ril7YFCiLoho+d+4pgtZ618aua0L+2UnJ1OB4F8KZpneGS5UeDsNLkQgTbDw= =4gen -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161224213015.GV1239%40mail-itl. For more options, visit https://groups.google.com/d/optout.
