ChanServ changed the topic of #wayland to: https://wayland.freedesktop.org | Discussion about the Wayland protocol and its implementations, plus libinput | register your nick to speak
<tleydxdy>
I don't see why it can't get special compositor support
<tleydxdy>
how does sandboxed wayland client work?
<tleydxdy>
that's true ofc
<tleydxdy>
but idk why that make it impossible
<tleydxdy>
also it could just use wayland for things that works and use xwayland for things that doesn't
<tleydxdy>
what's the difference between frontend and backend?
jmdaemon has joined #wayland
<tleydxdy>
so sounds like xwayland would just be one of those frontends?
jmd has quit [Ping timeout: 480 seconds]
<tleydxdy>
the backend speak wayland, and frontend speak whatever the application speaks
luc4 has quit []
Ampera has quit [Quit: Like a fart in an elevator, my transgressions are soon forgotten]
co1umbarius has joined #wayland
columbarius has quit [Ping timeout: 480 seconds]
Ampera has joined #wayland
hardening has quit [Ping timeout: 480 seconds]
cabal704 has quit [Quit: WeeChat 3.5]
cousinofthor[m] has quit [Server closed connection]
cousinofthor[m] has joined #wayland
DragoonAethis has quit [Quit: hej-hej!]
DragoonAethis has joined #wayland
ybogdano has quit [Ping timeout: 480 seconds]
Poly[m] has quit [Server closed connection]
Poly[m] has joined #wayland
<riteo>
gtg, bye!
riteo has quit [Quit: epic wl_array moment]
Moprius has joined #wayland
Ampera has quit [Quit: Like a fart in an elevator, my transgressions are soon forgotten]
Ampera has joined #wayland
cool110_ has quit [Quit: ZNC 1.8.2+deb2build5 - https://znc.in]
<DemiMarie>
idkrn[m]: That is because Chromium’s sandbox doesn’t allow access to Xorg. All rendering must go through the GPU process. That process is (assuming a secure compositor) sandboxed on Wayland, but X11 allows it to escape the sandbox.
<DemiMarie>
idkrn[m]: 🤣
<DemiMarie>
Yeah, I’m a Qubes OS developer.
caveman has joined #wayland
<DemiMarie>
How is it wild?
hardening has quit [Ping timeout: 480 seconds]
zebrag has joined #wayland
ybogdano has quit [Ping timeout: 480 seconds]
SardemFF7 has quit [Server closed connection]
<DemiMarie>
idkrn[m]: Because Chromium’s sandbox is one of the most battle tested in existence, and almost nobody else even tries to do that.
<DemiMarie>
idkrn[m]: I am saying that Xorg can be used for a sandbox escape. Wayland cannot, if (and this is a big if) the compositor properly restricts access to privileged protocols.
robert_mader has joined #wayland
robert_mader has quit []
d42 has quit []
<DemiMarie>
idkrn[m]: Probably 🙂
<DemiMarie>
idkrn[m]: Renderers do not have access to Xorg at all. That is enforced via the same sandbox that prevents them from e.g. writing to your `~/.profile` or clobbering your home directory.
<DemiMarie>
idkrn[m]: It can be used to escape the sandbox that the GPU process is in. It cannot be used to escape the render process sandbox without first finding a vulnerability somewhere else.
d42 has joined #wayland
<DemiMarie>
If the Wayland compositor properly restricts access to any privileged protocols, then Wayland cannot be used for a sandbox escape.
dos1 has quit [Server closed connection]
dos1 has joined #wayland
<DemiMarie>
Unless there is a vulnerability in the compositor.
<DemiMarie>
The difference is that an Xorg client does not need a vulnerability to do all sorts of nasty things.
<DemiMarie>
Because the X11 protocol allows them by design.
<DemiMarie>
So with Wayland there can be one more layer of defense-in-depth.
<DemiMarie>
Ah, I see. An unsandboxed program can do anything it wants, subject only to whatever restrictions the OS imposes on its user account, and even then only if it cannot find a privilege escalation flaw to get root access. The difference is that with Wayland, one can (in theory, at least) allow sandboxed GUI programs without needing Xephyr or a similar nested compositor.
<DemiMarie>
In particular, the X11 override redirect flag has been a thorn in Qubes OS’s side for basically as long as Qubes OS has existed. Wayland simply does not have the concept of such a flag.
<kennylevinsen>
DemiMarie: and now it's you talking to yourself :)
<i509VCB>
probably because idkrn is not registered with NickServ
<i509VCB>
Well this is an irc channel actually, and it is bridged on matrix
<DemiMarie>
kennylevinsen: have you considered moving to a different IRC provider, or even going Matrix-native? idkrn yes, by sending a direct message to NickServ with the `IDENTIFY` command.
<i509VCB>
#wayland requires you to register your nick to be heard on irc side
<i509VCB>
I think nick to speak is a per channel policy?
<i509VCB>
People hear me fine on #asahi
<DemiMarie>
idkrn[m]: Yes
<i509VCB>
No, open a PM with NickServ via the OFTC IRC Bridge status
<DemiMarie>
idkrn[m]: no, @_oftc_NickServ:matrix.org
<Arnavion>
Oh that's why people sometimes talk to themselves in this channel
<i509VCB>
!cmd /MSG NickServ should be the command you send to the bridge and you'll be invited to a room with nickserv
<i509VCB>
Arnavion: yep
<i509VCB>
You should have been invited to a "bridge status" room
<DemiMarie>
idkrn[m]: You do not need to; you can open a PM with NickServ as with any other Matrix user.
<i509VCB>
Or what Demi has mentioned I guess
<i509VCB>
I imagine some people never got the bridge status room invite
<DemiMarie>
<idkrn[m]> "Maybe this is not practical, but..." <- That is a solid maybe. GNOME is a very opinionated desktop environment, and Qubes OS has its own opinions about how a desktop needs to work. Many of the features GNOME Shell provides (such as NetworkManager and Evolution integration) would need to be either ignored or reimplemented as GNOME Shell extensions. Those do not have a stable API, creating a QA burden for the Qubes developers.
<DemiMarie>
Furthermore, GNOME Shell does not support server-side decorations, which is quite annoying for Qubes OS as implementing *accessible* client-side decorations is a PITA>
rv1sr has quit []
<idkrn[m]>
kennylevinsen: how about now
<qyliss>
that works
<idkrn[m]>
Sweet
<DemiMarie>
qyliss: I am surprised you use IRC instead of using your own Matrix server and the bridge 🙂
<idkrn[m]>
<DemiMarie> "That is a solid maybe. GNOME is..." <- I'm guessing there's no chance of using some tiling window manager like Sway?
<idkrn[m]>
Heard there where some possible implementation issues as well
<DemiMarie>
idkrn[m]: i3 is fully supported, and when Qubes OS switches to Wayland, Sway will be.
<qyliss>
DemiMarie: you'd be less surprised if you saw how badly my Matrix client works :P
<qyliss>
(it's weechat-matrix)
<DemiMarie>
qyliss: Why that one and not e.g. Flutter?
<idkrn[m]>
qyliss: Element is the worst
<idkrn[m]>
And it's the only one I use :)
<qyliss>
This is a bit OT, but Flutter is difficult to package, and using weechat-matrix lets me use the same client for IRC and Matrix, optimising for the IRC experience (which makes sense to do because I'm in 150 IRC channels and substantially fewer Matrix ones)
<idkrn[m]>
Demi: this isn't about Wayland, but I'm just curious. If you guys could start over and had a big budget, could you make Qubes work over ChromiumOS or possible FuchsiaOS?
<DemiMarie>
qyliss: Why is Flutter hard to package? I suggest reporting a bug.
<qyliss>
I don't remember
<qyliss>
I haven't personally looked into it
<qyliss>
idkrn[m]: wdym by "over ChromiumOS" exactly?
<DemiMarie>
idkrn[m]: Not sure, but better to ask in #qubes:libera.chat 🙂
<qyliss>
DemiMarie: I'm interested to hear that you're planning on supporting multiple compositors. Do you expect you'll need to modify them?
<qyliss>
or, well, I guess you didn't say that exactly, but I assume Sway won't be the only option?
<DemiMarie>
qyliss: I certainly do not speak for Marek or anyone else at ITL, so all of this is definitely provisional. As far as modification: Possibly? Depends on how customizable the compositor is.
<qyliss>
thinking of stuff like custom decorations
<DemiMarie>
For the stacking compositors client-side decorations might work for all of them, but for Sway I imagine client-side decorations would be a bad idea.
<DemiMarie>
That said I imagine you will face the same problems in SpectrumOS 🙂