RFC: new namespae based security extension
Enrico Weigelt, metux IT consult
info at metux.net
Fri Mar 21 12:32:04 UTC 2025
On 12.03.25 13:29, Enrico Weigelt, metux IT consult wrote:
hello friends,
> That's one of the more tricky things, especially since there's more than
> clipboard protocol ;-)
here's a little update:
1. xselections are now fully isolated:
* namespace's IDs are internally prefixed to selection names, so each
NS only seeing it's own ones. But root NS can still see them all
(eg. NS "foo"'s selection "PRIMARY" will become "<foo>PRIMARY")
2. each NS now has it's own virtual root window:
root window access (for non-root NS) is redirected to the NS's
(invisible) virtual root window (at least for properties), so e.g.
cut buffers (which are just rootwin properties) are isolated.
3. whitelisting a bunch of extensions (or specific calls to them).
--mtx
--
---
All racism is bad. All lives matter.
---
Enrico Weigelt, metux IT consult
Free software and Linux embedded engineering
info at metux.net -- +49-151-27565287
More information about the xorg-devel
mailing list