On Sat, Apr 05, 2014 at 12:45:53PM -0700, Russ Allbery wrote: > If someone would write up a good step-by-step guide for how to isolate > one's web browser in a VM running on the same host, so that you can still > get reasonable display performance but have a real separation boundary > between the web browser and the rest of the system, I for one would be > extremely grateful. The same technique would work for things like Skype. > > I'm sure it's possible, but I don't know enough about the various > virtualization systems to be able to figure it out quickly, and I've yet > to get interested enough to spend several days figuring out a method. By all means, I'd love that. This is where I got to. Keith Packard assured me that running software in a nested X server like Xephyr is a way to prevent them from accessing the outside X session, and I considered it an interesting way of running skype, as a dedicated user, after checking that my home dir permissions are sound. Still, skype also wants access to hardware like a webcam, and I haven't yet felt like putting in effort to audit udev rules, and figuring out what having access to webcam hardware really allows one to do[1]. [1] Instinctively, that should only be "get images out of the webcam"; that wasn't the case for firewire[2]. Also, how is the LED light next to my webcam wired? Can the webcam be turned on leaving the LED switched off? [3] [2] And I grew up thinking that video hardware would just drive some video output, while nowadays on a Raspberry PI it'll read FAT filesystems on an SD card, parse config files and boot the system. [3] Anyway, there is no activity LED for the microphone. Can I have a panel applet thingie which shows if some process is reading from a microphone or webcam device? Ciao, Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: Digital signature