Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hybrid mode GUI domain - without real GPU passthrough #5662

Closed
marmarek opened this issue Feb 17, 2020 · 6 comments
Closed

Hybrid mode GUI domain - without real GPU passthrough #5662

marmarek opened this issue Feb 17, 2020 · 6 comments
Assignees
@fepitre
Labels
C: core C: gui-virtualization P: major Priority: major. Between "default" and "critical" in severity. release notes This issue should be mentioned in the release notes. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Milestone
Release 4.2

Comments

@marmarek
Copy link
Member

ITSTM we can attempt to create the first version of GUI domain without the need to have a GPU passthorugh working (which itself is a complex topic). This is the sketch of the idea (for Qubes 4.x):

  1. Designate one of the AppVMs as "GuiDom". Allow GuiDom to run as full screen.
  2. Run a full screen Xephyr there as the only application shown on the real screen by gui-daemon in dom0.
  3. Run only a very minimal window manager in Dom0. In theory only to display the GuiDom window, in practice we might want it to be able to handle some hot keys and open a terminal window (e.g. when Qubes booted in "debug" or "admin" mode). Do not provide trusted decorations.
  4. Run one of the normal Qubes-aware window managers in GuiDom, e.g. Xfce4 with Qubes customization. Connect it to the Xephyr server, not X server with a dummy driver.
  5. Run gui-daemons (guids) in the GuiDom, and have other VMs connect to these GuiDom's guids.

Pros:

  1. Ability to lock down the user. I.e. the user has no full admin access (no full access to Dom0), only a limited access as allowed by our management policy (which is coming in Qubes 4.0). This is considered a required functionality for any business/corporate deployment of Qubes OS,
  2. Isolation of the whole Desktop Environment software stack from Dom0,
  3. Provides a smooth way to switch to "true GuiDom" (i.e. one with full GPU pass-through) in the future.

Cons:

  1. No GPU acceleration for the (effective) window manager, e.g. no nice eye candy effects. But we already don't have much of these in Xfce4... (but maybe shadows will be no longer?)
  2. No isolation of (potentially compromised) GPU device (but we don't have that now anyway).

The #1 will be a regression from the present state (GuiDom = Dom0). It will be fixed by switching to a true GuiDom later. Meanwhile we can offer this feature as an opt-in during installation.

Of course this all requires ability to run e.g. Qubes Manager and qvm-tools in GuiDom and have control over what these management tools can and cannot do. And this is exactly what our shiny new exciting Qubes API Management will allow in 4.0 :)

Originally posted by @rootkovska in #833 (comment)
(adjusted description to the simplified version)
This was referenced Feb 17, 2020
Merged
Merged
Merged
Merged
Merged
Merged
@marmarek marmarek added C: core C: gui-virtualization P: major Priority: major. Between "default" and "critical" in severity. release notes This issue should be mentioned in the release notes. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. labels Feb 17, 2020
@marmarek marmarek added this to the Release 4.1 milestone Feb 17, 2020
@fepitre fepitre mentioned this issue Feb 17, 2020
Merged
This was referenced Feb 27, 2020
Merged
Merged
Merged
Closed
Merged
Merged
marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue Mar 1, 2020
@marmarek
Adjust version of required qubes-gui-agent
731a87f 
The "qubes-sysinit: set GUI_OPTS in gui-agent-linux" commit breaks
gui-agent-linux lacking its counterpart. Express this in the package
metadata.

QubesOS/qubes-issues#5662
@pwmarcz
Copy link

pwmarcz commented Mar 25, 2020

Screenshot_2020-03-25_20-22-52

Screenshot from R4.1: sys-gui as a Xephyr window, showing windows for VMs for which it is the designated GuiVM. It also shows RPC confirmation prompts and notifications (#3904) for calls originating from these VMs.

@marmarek marmarek mentioned this issue Jun 7, 2020
Open
marmarek added a commit to marmarek/qubes-mgmt-salt-dom0-virtual-machines that referenced this issue Jun 11, 2020
@marmarek
Allow GUI domain to set the keyboard layout
10c82f5 
And also improve indentation.

QubesOS/qubes-issues#5662
@qubesos-bot qubesos-bot mentioned this issue Jun 11, 2020
Closed
pwmarcz added a commit to pwmarcz/qubes-core-admin-client that referenced this issue Jul 21, 2020
@pwmarcz
Add a lightdm session for sys-gui
cbdf94c 
Starts just sys-gui VM and qvm-start-daemon in a special mode.

See QubesOS/qubes-issues#5662.
@pwmarcz pwmarcz mentioned this issue Jul 21, 2020
Closed
pwmarcz added a commit to pwmarcz/qubes-core-admin-client that referenced this issue Jul 22, 2020
@pwmarcz
Add a lightdm session for sys-gui
f0645e6 
Starts just sys-gui VM and qvm-start-daemon in a special mode.

See QubesOS/qubes-issues#5662.
@marmarek
Copy link
Member Author

marmarek commented Jul 25, 2020
edited
Loading

This all can be installed using salt (in recent R4.1 version):

sudo qubesctl top.enable qvm.sys-gui
sudo qubesctl top.enable qvm.sys-gui pillar=True
sudo qubesctl --all state.highstate
sudo qubesctl top.disable qvm.sys-gui

This will create sys-gui VM, which can be set as global default-guivm or a guivm for selected VMs only (use qubes-prefs and qvm-prefs respectively).
Note this is still highly experimental feature.

@92VV3M42d3v8
Copy link

92VV3M42d3v8 commented Jul 26, 2020
edited
Loading

Is it planned to provide sys-gui by default like sys-net or its going to be just user installable. BTW I tried this and 3rd command failed with qubesctl error no such option --all. I will install build today posted on openqa and report back.
Edit: Global default is set but any VM will start and no GUI will be there in latest testing build. Can anyone try to set it as default GuiVM so issue can be reproduced. If you want @marmarek, I can reproduce and provide logs. Let me know which logs may be needed. BTW the issue seems to be related to some packages missing from fedora-32-xfce template.

@marmarek
Copy link
Member Author

Is it planned to provide sys-gui by default like sys-net

No, see https://www.qubes-os.org/news/2020/03/18/gui-domain/#what-will-actually-be-in-qubes-41 for the plans.

failed with qubesctl error no such option --al

Ah, indeed I placed --all in the wrong position. I've updated the comment.

@pwmarcz pwmarcz mentioned this issue Jul 29, 2020
Merged
marmarek added a commit to marmarek/qubes-mgmt-salt-dom0-virtual-machines that referenced this issue Aug 2, 2020
@marmarek
sys-gui: enable fullscreen and add xsession entry
6cec852 
QubesOS/qubes-issues#5662
This was referenced Aug 2, 2020
Merged
Open
@qubesos-bot qubesos-bot mentioned this issue Aug 6, 2020
Closed
@andrewdavidwong
Copy link
Member

Qubes user panati tested this and reported the experience in this thread:

https://qubes-os.discourse.group/t/missing-packages-in-fedora-32-xfce/619/

@DemiMarie
Copy link

This now works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fepitre fepitre

Labels
C: core C: gui-virtualization P: major Priority: major. Between "default" and "critical" in severity. release notes This issue should be mentioned in the release notes. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
None yet
Milestone
Release 4.2
Development

No branches or pull requests
6 participants
@pwmarcz @marmarek @DemiMarie @andrewdavidwong @fepitre @92VV3M42d3v8