William Young wrote: > LingBo Tang wrote: >> Hi all, >> >> The attached file is the summary of investigation on TX with >> virtual console project. Your feedback are appreciated. > This looks like a good summary to me. > > A few concerns I have are: > > Whether the system will remain properly usable without the hotkeys and > will not leave open hidden sessions. I.e. when starting X it must move > automatically to the new VT (if X is started on a new VT) and must kill > any existing commandline login and must also transition back correctly. >
When X start on a new VT, it will not kill anything because it will open a fresh VT to use. For instance, there are 6 VTs in text mode, and the default X server runs on the 7th VT. Whenever we start a new X server via gdmflexiserver or other ways, the new X server will open the 8th VT to use. Because the console login was disabled and can not be switch, I think this way is safe. > While it is necessary for TX systems to have hotkeys off by default, we > do allow administrators to intentionally enable solaris features that > would not pass evaluation. My preference would be to first use a (SMF?) > property if the administrator has explicitely set it but otherwise > determine the default of whether hot keys are enabled by > libc::is_system_labeled(). > > From the perspective of solaris secure by default, I do not think it is > acceptable if hotkeys are session remappable either. I think you need > the keys to be administrator configurable and then need to deliver key > events first to the VT management and if they do not match a VT hot key, > on to the active VT session. > > Multiple X servers and a gui switch event is an interesting problem. It > will be necessary to disable the possibility of any single label X > sessions or one can visually emulate the switcher with trusted path. I > don't think that is a concern right now, but should be a noted > requirement if a secure X switcher is mentioned. > > Thanks, > -Will >> >> Regards, >> Lingbo > > _______________________________________________ > vconsole-discuss mailing list > vconsole-discuss at opensolaris.org > http://opensolaris.org/mailman/listinfo/vconsole-discuss
