On Wed, Aug 14, 2013 at 12:11:41PM -0400, Dave Allan wrote:
Is it possible to use virt-sandbox to confine X applications?
At this point in time it only targets running shell commands / scripts
and system services.
I'd very much like to extend it to cover X applications - indeed confining
firefox was the original motivation for me starting this project.
What has held me back was deciding on the best way to support X apps. In
the KVM backed sandbox, my view was that we should make use of Xorg in
the guest and SPICE on the host. That would give nice support for the
dynamically resizing of windows, cut+paste, smartcards, etc, etc.
For LXC, I'm not 100% sure what the best thing todo is. It would be
nice to have a consistent use of SPICE on the host side, so perhaps it
needs to have Xspice (
http://spice-space.org/page/Features/XSpice)
running in the container. When I first started this, Xspice wasn't
really in a usable state, but it seems to have improved significantly,
so this is probably something we could look at implementing now.
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|