https://bugs.kde.org/show_bug.cgi?id=429857
Pedro V <voidpointertonull+bugskde...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |voidpointertonull+bugskdeor
| |g...@gmail.com
--- Comment #2 from Pedro V <voidpointertonull+bugskde...@gmail.com> ---
Now this is what could be an XY problem, at least I believe I see what's the
basic desire which is quite reasonable, but instead of that being described, a
not really great potential solution was pitched instead.
There are multiple forms of the generic idea, but it's all based on the problem
of locking being all or nothing. There are some program-specific "layers" like
password managers having separate locking, but there's no generic solution for
allowing partial access to the system with seamless switching to full/different
access.
I'm not up to date on the topic, but consider some already existing solutions:
- Android offers "app pinning" which is possibly the closest to what the user
desires. A program can be "pinned" which makes it usable while the system
itself is locked, so the device can be handed over to others, giving access to
just a single program.
- Android offers various forms of "secure containers" which is somewhat all
over the place, but the general idea is having another layer of security to
access specific programs. The implementations tend to be quite odd, but this
tends to have the seamless desire as "secure" programs appear just like others
once unlocked.
- Multiple different operating systems are multi-user to some degree, so
there's typically some kind of user switching. Currently on Linux at least
sound is handled weirdly as PipeWire is user-level so audio setup is torn down
during switching which is not handled by all programs too well, and it's
generally not really a seamless process.
It's likely still early to have related desires, but back when I've seen early
multi-seat discussions about Wayland, one of the possible use cases I
envisioned is quite relevant.
The privilege separation part is tricky so I'll leave parts up to imagination,
but it would be great if a single Wayland session could contain multiple
different security contexts. Going with the reporter's simple desire, if mpv
was started with a separate not really privileged user, then it would be great
if the privileged user's session could be locked making its windows disappear,
but the mpv window from the unlocked user would be still around.
One user per monitor is a lower bar that used to be possible, and it could be a
good enough solution given enough flexibility like "roaming" mouse and the
ability to easily move a session from one monitor to another, but given that
this direction mostly regressed, I'm not expecting such features any soon. Some
relevant links:
Bug 416720
Bug 256242
https://wiki.archlinux.org/title/xorg_multiseat
--
You are receiving this mail because:
You are watching all bug changes.
