Hello folks, I'd like to let you know I'm working on a new Xserver extension that's putting clients into different "namespaces", so they can be isolated from each other.
The idea is a bit similar to Linux namespaces (containers), where processes inside a container can operate quite like they've been alone on the machine. XNS extension goes a similar way: clients of different namespaces cant see/touch each other (except for those in parent NS'es) In contrast to the old Xsecurity extension, XNS tries to emulate prohibited things in a way that the client doesn't even recognize. (several existing clients crashing when running unprivileged on Xsecurity, since they're not expecting certain operations being refused). One of many practical use cases I'm planning for the future is mobile applications (eg. "smartphones"). For now everything's still WIP, very early state, not practically usable yet (at least it's not crashing anything ;-)). There's still a lot to do, but I'm moving step by step. https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1865 Feel free to comment in the MR :) have fun, --mtx -- --- Hinweis: unverschlüsselte E-Mails können leicht abgehört und manipuliert werden ! Für eine vertrauliche Kommunikation senden Sie bitte ihren GPG/PGP-Schlüssel zu. --- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering i...@metux.net -- +49-151-27565287
