[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: keybase.io

On Sat, Apr 05, 2014 at 12:45:53PM -0700, Russ Allbery wrote:

> If someone would write up a good step-by-step guide for how to isolate
> one's web browser in a VM running on the same host, so that you can still
> get reasonable display performance but have a real separation boundary
> between the web browser and the rest of the system, I for one would be
> extremely grateful.  The same technique would work for things like Skype.
> I'm sure it's possible, but I don't know enough about the various
> virtualization systems to be able to figure it out quickly, and I've yet
> to get interested enough to spend several days figuring out a method.

By all means, I'd love that. This is where I got to.

Keith Packard assured me that running software in a nested X server like
Xephyr is a way to prevent them from accessing the outside X session,
and I considered it an interesting way of running skype, as a dedicated
user, after checking that my home dir permissions are sound.

Still, skype also wants access to hardware like a webcam, and I haven't
yet felt like putting in effort to audit udev rules, and figuring out
what having access to webcam hardware really allows one to do[1].

[1] Instinctively, that should only be "get images out of the webcam";
    that wasn't the case for firewire[2]. Also, how is the LED light
    next to my webcam wired? Can the webcam be turned on leaving the LED
    switched off? [3]
[2] And I grew up thinking that video hardware would just drive some
    video output, while nowadays on a Raspberry PI it'll read FAT
    filesystems on an SD card, parse config files and boot the system.
[3] Anyway, there is no activity LED for the microphone. Can I have a
    panel applet thingie which shows if some process is reading from a
    microphone or webcam device?



GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>

Attachment: signature.asc
Description: Digital signature

Reply to: