NOTE: These patches are designed to apply on top of the previous Wayland support series at [1]. This series contains the patches necessary to build the demo repository for Wayland security-context[2] support. As the Spectrum support for Wayland is also very WIP, and uses a different WM than the one I was focused on (Weston versus sway), it's not yet integrated with Spectrum itself. Of course, my decision to use Sway in this demo isn't setting Spectrum's own window manager in stone; the hope is this protocol gets implemented into as many compositors (and sandboxes) as possible :) To try out the demo, see [3] for the repository and instructions. A few of these patches (wlroots, sway) have been sent upstream already[4][5]. The crosvm patches need a tiny bit of work before I'm completely confident sending them upstream. One major issue that is worked around but not entirely solved is a bit of a mystery to me: After a short amount of messages, the virtio-gpu driver stops sending and receiving Wayland messages. As far as I can tell, this is likely a quirk of running crosvm with only cross-domain enabled, but one I haven't been able to delve into the Linux source code for to figure out how to properly solve. [1]: https://spectrum-os.org/lists/archives/spectrum-devel/20220928170128.1583791... [2]: https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/68 [3]: https://puck.moe/git/security-context-demo [4]: https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3589 [5]: https://github.com/swaywm/sway/pull/7187 Puck Meerburg (4): cloud-hypervisor: workaround keymap mmap wlroots: apply security-context patches sway: apply security-context patches crosvm: apply security-context patches ...ry-mapping-shared-memory-as-RO-if-RW.patch | 57 ++++++++ .../cloud-hypervisor/default.nix | 1 + .../virtualization/crosvm/default.nix | 10 +- .../window-managers/sway/default.nix | 22 +++ pkgs/development/libraries/wlroots/0.15.nix | 20 ++- .../libraries/wlroots/security-context-v1.xml | 131 ++++++++++++++++++ 6 files changed, 235 insertions(+), 6 deletions(-) create mode 100644 pkgs/applications/virtualization/cloud-hypervisor/0004-virtio-devices-try-mapping-shared-memory-as-RO-if-RW.patch create mode 100644 pkgs/development/libraries/wlroots/security-context-v1.xml -- 2.35.1