From timlee126 at yahoo.com Wed Dec 4 23:11:50 2019 From: timlee126 at yahoo.com (Tim) Date: Wed, 4 Dec 2019 23:11:50 +0000 (UTC) Subject: [winswitch] Why can't I start xpra on a remote host and connect to it? References: <1443309080.8955269.1575501110786.ref@mail.yahoo.com> Message-ID: <1443309080.8955269.1575501110786@mail.yahoo.com> Hi,I use the following commands to start xpra server on a remote host and connect to it.But half of time it doesn't work, while sometimes it works.The first command is to kill any remote xpra server process if any. it seems to increase the chance of working a bit, but not always. Thanks. ??? $ ssh "olive" killall xpra ??? $ xpra shadow ssh:olive:0 ??? sh: 0: getcwd() failed: Input/output error ??? 2019-11-26 17:52:33,854 Xpra gtk2 client version 2.1.3-r17247M 64-bit ??? 2019-11-26 17:52:33,854? running on Linux Ubuntu 18.04 bionic ??? sh: 0: getcwd() failed: Input/output error ??? 2019-11-26 17:52:36,757 GStreamer version 1.14.5 for Python 2.7.15 64-bit ??? 2019-11-26 17:52:38,389 Warning: vendor 'Intel Open Source Technology Center' is greylisted, ??? 2019-11-26 17:52:38,390? you may want to turn off OpenGL if you encounter bugs ??? 2019-11-26 17:52:38,411 PyOpenGL warning: missing accelerate module ??? 2019-11-26 17:52:38,486 OpenGL enabled with Mesa DRI Mobile Intel? GM45 Express Chipset ??? 2019-11-26 17:52:38,570? keyboard settings: rules=evdev, model=pc105, layout=us ??? 2019-11-26 17:52:38,575? desktop size is 1440x900 with 1 screen: ??? 2019-11-26 17:52:38,575?? :0.0 (381x238 mm - DPI: 96x96) workarea: 1440x876 ??? 2019-11-26 17:52:38,576???? monitor 1 (303x190 mm - DPI: 120x120) ??? 2019-11-26 17:52:39,266 Error: cannot watch for video device changes without pyinotify: ??? 2019-11-26 17:52:39,267? No module named pyinotify ??? Warning: cannot use the system proxy for 'shadow' subcommand, ???? failed to connect to '/run/xpra/system': ???? [Errno 2] No such file or directory ??? Entering daemon mode; any further errors will be reported to: ????? /run/user/1000/xpra/:0.log ??? InitException: failed to identify the new server display! ??? xpra initialization error: ???? failed to identify the new server display! ??? 2019-11-26 17:52:59,270 Error: failed to receive anything, not an xpra server? ??? 2019-11-26 17:52:59,270?? could also be the wrong protocol, username, password or port ??? 2019-11-26 17:52:59,270 Connection lost ??? 2019-11-26 17:52:59,273 Error: printing disabled: ??? 2019-11-26 17:52:59,273? No module named cups From antoine at nagafix.co.uk Thu Dec 5 11:39:58 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Thu, 5 Dec 2019 18:39:58 +0700 Subject: [winswitch] Why can't I start xpra on a remote host and connect to it? In-Reply-To: <1443309080.8955269.1575501110786@mail.yahoo.com> References: <1443309080.8955269.1575501110786.ref@mail.yahoo.com> <1443309080.8955269.1575501110786@mail.yahoo.com> Message-ID: On 05/12/2019 06:11, Tim via shifter-users wrote: > Hi,I use the following commands to start xpra server on a remote host and connect to it.But half of time it doesn't work, while sometimes it works.The first command is to kill any remote xpra server process if any. it seems to increase the chance of working a bit, but not always. That's probably because your version of xpra is woefully out of date and full of bugs and security issues: https://xpra.org/trac/wiki/Packaging/DistributionPackages If you still have problems with a supported version of xpra, please use: https://xpra.org/trac/wiki/ReportingBugs Thanks, Antoine > Thanks. > > ??? $ ssh "olive" killall xpra > ??? $ xpra shadow ssh:olive:0 > ??? sh: 0: getcwd() failed: Input/output error > ??? 2019-11-26 17:52:33,854 Xpra gtk2 client version 2.1.3-r17247M 64-bit > ??? 2019-11-26 17:52:33,854? running on Linux Ubuntu 18.04 bionic > ??? sh: 0: getcwd() failed: Input/output error > ??? 2019-11-26 17:52:36,757 GStreamer version 1.14.5 for Python 2.7.15 64-bit > ??? 2019-11-26 17:52:38,389 Warning: vendor 'Intel Open Source Technology Center' is greylisted, > ??? 2019-11-26 17:52:38,390? you may want to turn off OpenGL if you encounter bugs > ??? 2019-11-26 17:52:38,411 PyOpenGL warning: missing accelerate module > ??? 2019-11-26 17:52:38,486 OpenGL enabled with Mesa DRI Mobile Intel? GM45 Express Chipset > ??? 2019-11-26 17:52:38,570? keyboard settings: rules=evdev, model=pc105, layout=us > ??? 2019-11-26 17:52:38,575? desktop size is 1440x900 with 1 screen: > ??? 2019-11-26 17:52:38,575?? :0.0 (381x238 mm - DPI: 96x96) workarea: 1440x876 > ??? 2019-11-26 17:52:38,576???? monitor 1 (303x190 mm - DPI: 120x120) > ??? 2019-11-26 17:52:39,266 Error: cannot watch for video device changes without pyinotify: > ??? 2019-11-26 17:52:39,267? No module named pyinotify > ??? Warning: cannot use the system proxy for 'shadow' subcommand, > ???? failed to connect to '/run/xpra/system': > ???? [Errno 2] No such file or directory > ??? Entering daemon mode; any further errors will be reported to: > ????? /run/user/1000/xpra/:0.log > ??? InitException: failed to identify the new server display! > ??? xpra initialization error: > ???? failed to identify the new server display! > ??? 2019-11-26 17:52:59,270 Error: failed to receive anything, not an xpra server? > ??? 2019-11-26 17:52:59,270?? could also be the wrong protocol, username, password or port > ??? 2019-11-26 17:52:59,270 Connection lost > ??? 2019-11-26 17:52:59,273 Error: printing disabled: > ??? 2019-11-26 17:52:59,273? No module named cups > > > > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From timlee126 at yahoo.com Sun Dec 8 02:48:08 2019 From: timlee126 at yahoo.com (Tim) Date: Sun, 8 Dec 2019 02:48:08 +0000 (UTC) Subject: [winswitch] Why can't I start xpra on a remote host and connect to it? In-Reply-To: <1443309080.8955269.1575501110786@mail.yahoo.com> References: <1443309080.8955269.1575501110786.ref@mail.yahoo.com> <1443309080.8955269.1575501110786@mail.yahoo.com> Message-ID: <252561980.10313140.1575773288715@mail.yahoo.com> Hi Antoine, I am using xpra on Lubuntu 18.04, with version ??? $ xpra --version ??? xpra v2.1.3-r17247M Is it up to date or out dated? Does the link you gave https://xpra.org/trac/wiki/Packaging/DistributionPackages only list outdated packages? Which package shall I install instead? Thanks,Tim On Wednesday, December 4, 2019, 11:11:57 PM UTC, Tim wrote: Hi,I use the following commands to start xpra server on a remote host and connect to it.But half of time it doesn't work, while sometimes it works.The first command is to kill any remote xpra server process if any. it seems to increase the chance of working a bit, but not always. Thanks. ??? $ ssh "olive" killall xpra ??? $ xpra shadow ssh:olive:0 ??? sh: 0: getcwd() failed: Input/output error ??? 2019-11-26 17:52:33,854 Xpra gtk2 client version 2.1.3-r17247M 64-bit ??? 2019-11-26 17:52:33,854? running on Linux Ubuntu 18.04 bionic ??? sh: 0: getcwd() failed: Input/output error ??? 2019-11-26 17:52:36,757 GStreamer version 1.14.5 for Python 2.7.15 64-bit ??? 2019-11-26 17:52:38,389 Warning: vendor 'Intel Open Source Technology Center' is greylisted, ??? 2019-11-26 17:52:38,390? you may want to turn off OpenGL if you encounter bugs ??? 2019-11-26 17:52:38,411 PyOpenGL warning: missing accelerate module ??? 2019-11-26 17:52:38,486 OpenGL enabled with Mesa DRI Mobile Intel? GM45 Express Chipset ??? 2019-11-26 17:52:38,570? keyboard settings: rules=evdev, model=pc105, layout=us ??? 2019-11-26 17:52:38,575? desktop size is 1440x900 with 1 screen: ??? 2019-11-26 17:52:38,575?? :0.0 (381x238 mm - DPI: 96x96) workarea: 1440x876 ??? 2019-11-26 17:52:38,576???? monitor 1 (303x190 mm - DPI: 120x120) ??? 2019-11-26 17:52:39,266 Error: cannot watch for video device changes without pyinotify: ??? 2019-11-26 17:52:39,267? No module named pyinotify ??? Warning: cannot use the system proxy for 'shadow' subcommand, ???? failed to connect to '/run/xpra/system': ???? [Errno 2] No such file or directory ??? Entering daemon mode; any further errors will be reported to: ????? /run/user/1000/xpra/:0.log ??? InitException: failed to identify the new server display! ??? xpra initialization error: ???? failed to identify the new server display! ??? 2019-11-26 17:52:59,270 Error: failed to receive anything, not an xpra server? ??? 2019-11-26 17:52:59,270?? could also be the wrong protocol, username, password or port ??? 2019-11-26 17:52:59,270 Connection lost ??? 2019-11-26 17:52:59,273 Error: printing disabled: ??? 2019-11-26 17:52:59,273? No module named cups From antoine at nagafix.co.uk Sun Dec 8 03:40:12 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Sun, 8 Dec 2019 10:40:12 +0700 Subject: [winswitch] Why can't I start xpra on a remote host and connect to it? In-Reply-To: <252561980.10313140.1575773288715@mail.yahoo.com> References: <1443309080.8955269.1575501110786.ref@mail.yahoo.com> <1443309080.8955269.1575501110786@mail.yahoo.com> <252561980.10313140.1575773288715@mail.yahoo.com> Message-ID: <861e9d28-40c9-4d44-509d-fd04dab6e6f3@nagafix.co.uk> On 08/12/2019 09:48, Tim via shifter-users wrote: > Hi Antoine, > I am using xpra on Lubuntu 18.04, with version > ??? $ xpra --version > ??? xpra v2.1.3-r17247M > Is it up to date or out dated? It is totally out of date and it contains serious bugs and security issues. This branch was retired 2 years ago. > Does the link you gave https://xpra.org/trac/wiki/Packaging/DistributionPackages only list outdated packages? I have added a link to the current versions at the top of this page: https://xpra.org/trac/wiki/Versions > Which package shall I install instead? https://xpra.org/trac/wiki/Download#Linux Cheers, Antoine > > Thanks,Tim > > > > > > On Wednesday, December 4, 2019, 11:11:57 PM UTC, Tim wrote: > > Hi,I use the following commands to start xpra server on a remote host and connect to it.But half of time it doesn't work, while sometimes it works.The first command is to kill any remote xpra server process if any. it seems to increase the chance of working a bit, but not always. > Thanks. > > ??? $ ssh "olive" killall xpra > ??? $ xpra shadow ssh:olive:0 > ??? sh: 0: getcwd() failed: Input/output error > ??? 2019-11-26 17:52:33,854 Xpra gtk2 client version 2.1.3-r17247M 64-bit > ??? 2019-11-26 17:52:33,854? running on Linux Ubuntu 18.04 bionic > ??? sh: 0: getcwd() failed: Input/output error > ??? 2019-11-26 17:52:36,757 GStreamer version 1.14.5 for Python 2.7.15 64-bit > ??? 2019-11-26 17:52:38,389 Warning: vendor 'Intel Open Source Technology Center' is greylisted, > ??? 2019-11-26 17:52:38,390? you may want to turn off OpenGL if you encounter bugs > ??? 2019-11-26 17:52:38,411 PyOpenGL warning: missing accelerate module > ??? 2019-11-26 17:52:38,486 OpenGL enabled with Mesa DRI Mobile Intel? GM45 Express Chipset > ??? 2019-11-26 17:52:38,570? keyboard settings: rules=evdev, model=pc105, layout=us > ??? 2019-11-26 17:52:38,575? desktop size is 1440x900 with 1 screen: > ??? 2019-11-26 17:52:38,575?? :0.0 (381x238 mm - DPI: 96x96) workarea: 1440x876 > ??? 2019-11-26 17:52:38,576???? monitor 1 (303x190 mm - DPI: 120x120) > ??? 2019-11-26 17:52:39,266 Error: cannot watch for video device changes without pyinotify: > ??? 2019-11-26 17:52:39,267? No module named pyinotify > ??? Warning: cannot use the system proxy for 'shadow' subcommand, > ???? failed to connect to '/run/xpra/system': > ???? [Errno 2] No such file or directory > ??? Entering daemon mode; any further errors will be reported to: > ????? /run/user/1000/xpra/:0.log > ??? InitException: failed to identify the new server display! > ??? xpra initialization error: > ???? failed to identify the new server display! > ??? 2019-11-26 17:52:59,270 Error: failed to receive anything, not an xpra server? > ??? 2019-11-26 17:52:59,270?? could also be the wrong protocol, username, password or port > ??? 2019-11-26 17:52:59,270 Connection lost > ??? 2019-11-26 17:52:59,273 Error: printing disabled: > ??? 2019-11-26 17:52:59,273? No module named cups > > > > > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From totaam at xpra.org Tue Dec 10 17:57:31 2019 From: totaam at xpra.org (Antoine Martin) Date: Wed, 11 Dec 2019 00:57:31 +0700 Subject: [winswitch] [ANNOUNCE] Xpra 3.0.3: many fixes, some important Message-ID: Hi, This update fixes quite a few bugs, in particular: * The OpenGL paint issues should finally be fixed correctly on all platforms, with all Python / GTK combinations. * Other window painting issues: GDK scaling compatibility, slow repaints, HTML5 video, etc * Many MacOS fixes: dialog focus, remote start via ssh, fullscreen/maximized windows, window resizing, etc * Installer errors on MS Windows * Library updates and compatibility fixes, ie: Python2 vs Python3 regressions And much more. Updating is recommended. Full release notes: * fix clipboard synchronization with HTML5 client * fix window repaints with GTK3 * fix GDK scaling causing window painting issues (force off) * fix slow repaint with OpenGL and combined updates (ie: scrolling) * fix missing video screen updates with 32-bit browsers: disable video * fix for X11 applications requesting invalid clipboard targets * fix "xpra top" errors when the terminal window is too small * fix blank xpra dialog windows when closed then shown again (ie: server commands) * fix compilation on non-i386 32-bit platforms * fix platform query errors causing command failures * fix Python2 builds: ignore GTK2 deprecation warnings * fix X11 property synchronization with Python2 builds * fix XSetClassHint call with Python 3 * fix window move + resize shortcut * fix ssh proxy options not preserved when loading session files * fix focus of dialogs with MacOS clients (ie: SSH dialogs) * fix error and missing refresh after changing quality or speed settings * fix NVENC error when pynvml is not installed * fix NVENC temporary failure retry code path * fix SSH start for shadow and start-desktop subcommands from MacOS * fix fullscreen / maximized windows on MacOS * fix bogus screen dimensions with GTK3 on MacOS * fix client launcher helper script on MacOS * fix window resizing with OpenGL on MacOS * fix DPI value from the command line with desktop-scaling * fix typo in man page * fix errors with some odd Python3 builds (subprocess.getoutput) * fix cursor packets missing encoding attribute * fix dangling symlink in html5 client Fedora RPM package * fix notification error handling the speaker forwarding error message * fix incorrect and unhelpful message on connection error * fix openssl crypto DLL errors during MS Windows installation * prevent conflict with Fedora downstream packaging of xpra * make it possible to disable colourspace synchronization * show mdns status in xpra info * MacOS library updates (many, including Python 3.8.0) * support CUDA 10.2 * disable CSD on MS Windows (GTK3 CSD bug workaround) * re-enable OpenGL on MS Windows (was GTK3 bug) The source: https://xpra.org/src/ Downloads: https://xpra.org/trac/wiki/Download Cheers Antoine From timlee126 at yahoo.com Wed Dec 11 19:17:17 2019 From: timlee126 at yahoo.com (Tim) Date: Wed, 11 Dec 2019 19:17:17 +0000 (UTC) Subject: [winswitch] client side window is too tall and wide References: <194019624.6335368.1576091837483.ref@mail.yahoo.com> Message-ID: <194019624.6335368.1576091837483@mail.yahoo.com> Hi,I am using xpra between two Lubuntu 18.04. The two laptops have different screen sizes: Thinkpad T400 with smaller display, and Toshiba satellite c55dt-a with bigger display. When running xpra client on T400 to access xpra server on C55dt-a, the client window is smaller than T400 display in both height and width. When doing the opposite, the client window on C55dt-a is bigger than C55dt-a display in both height and width.? I can resize it, and although I can move it from side to side, I can't move it from up to down, so I miss some part down below. I was wondering how I can solve the problem? Thanks. From antoine at nagafix.co.uk Thu Dec 12 02:55:52 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Thu, 12 Dec 2019 09:55:52 +0700 Subject: [winswitch] client side window is too tall and wide In-Reply-To: <194019624.6335368.1576091837483@mail.yahoo.com> References: <194019624.6335368.1576091837483.ref@mail.yahoo.com> <194019624.6335368.1576091837483@mail.yahoo.com> Message-ID: On 12/12/2019 02:17, Tim via shifter-users wrote: > > > Hi,I am using xpra between two Lubuntu 18.04. The two laptops have different screen sizes: Thinkpad T400 with smaller display, and Toshiba satellite c55dt-a with bigger display. Please include the exact resolutions causing the problem. > When running xpra client on T400 to access xpra server on C55dt-a, the client window is smaller than T400 display in both height and width. Are you using seamless mode or desktop / shadow mode? > When doing the opposite, the client window on C55dt-a is bigger than C55dt-a display in both height and width.? I can resize it, and although I can move it from side to side, I can't move it from up to down, so I miss some part down below. Even if you resize the window? Doesn't it get scrollbars then? Window placement is largely left to the client OS window manager. (LXDE in Lubuntu?) > I was wondering how I can solve the problem? Assuming that you are using shadow mode, you could use the desktop-scaling option or the scaling option from the system tray to downscale the window. If you are using another mode, please provide more details. Ideally in a ticket on the bug tracker. Cheers, Antoine From yogata at jscom.co.jp Thu Dec 12 10:29:19 2019 From: yogata at jscom.co.jp (Ogata Yuki) Date: Thu, 12 Dec 2019 10:29:19 +0000 Subject: [winswitch] [xpra] How can I enable the av-sync option on the Xpra server? Message-ID: Hi there I set up Ubuntu Server 16.04 environment with Windows Virtualbox and installed Xpra dependency library. Then I installed Xpra v3.0.2 but I can't enable the av-sync option ... When connecting from another PC Xpra client with --debug = av-sync option Server = False, Client = True was output. Are there any solutions or good ideas? yogata From antoine at nagafix.co.uk Thu Dec 12 10:49:29 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Thu, 12 Dec 2019 17:49:29 +0700 Subject: [winswitch] [xpra] How can I enable the av-sync option on the Xpra server? In-Reply-To: References: Message-ID: <56c5b78c-7ac3-94a3-5f32-a30ba7880ebb@nagafix.co.uk> On 12/12/2019 17:29, Ogata Yuki via shifter-users wrote: > Hi there > I set up Ubuntu Server 16.04 environment with Windows Virtualbox and installed Xpra dependency library. > Then I installed Xpra v3.0.2 but I can't enable the av-sync option ... > > When connecting from another PC Xpra client with --debug = av-sync option > Server = False, Client = True was output. > > Are there any solutions or good ideas? I believe this particular bug was fixed a while back. My guess is that you're using the xpra package from the Ubuntu repositories. Those are old, unmaintained and always buggy as hell. Use the packages from xpra.org and things should work: https://xpra.org/trac/wiki/Download If not, please file a ticket. Cheers, Antoine > > yogata From wolfram.humann at gmail.com Thu Dec 12 14:58:38 2019 From: wolfram.humann at gmail.com (Wolfram Humann) Date: Thu, 12 Dec 2019 15:58:38 +0100 Subject: [winswitch] Popup not shown Message-ID: Hi, (server: xpra 3.0.3 on RHEL, client: xpra 3.0.3 on Win10) I have a Java/Swing/Batik based tool that controls some electronic hardware. When I click on certain components, a popup window should appear -- but it does not. I noticed that behavior before updating xpra to 3.0.3 (some 3.0.1 or 3.0.2 versions) and hoped the update might fix it, but it doesn't. The popup does not appear when it should but an icon on the windows taskbar appears, indicating that there should be a popup. I minimized all windows to make sure that the popup is not hidden behind one of them. The popup appears when I use cygwin/xwin connection to the RHEL workstation instead of xpra. Any idea? (as a sidenote, the main-window of the tool sometimes [not always] is just black when started. This can be fixed by slightly resizing the tool's window) Regards Wolfram From antoine at nagafix.co.uk Thu Dec 12 16:16:15 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Thu, 12 Dec 2019 23:16:15 +0700 Subject: [winswitch] Popup not shown In-Reply-To: References: Message-ID: On 12/12/2019 21:58, Wolfram Humann via shifter-users wrote: > Hi, > (server: xpra 3.0.3 on RHEL, client: xpra 3.0.3 on Win10) > I have a Java/Swing/Batik based tool that controls some electronic > hardware. When I click on certain components, a popup window should appear > -- but it does not. I noticed that behavior before updating xpra to 3.0.3 > (some 3.0.1 or 3.0.2 versions) and hoped the update might fix it, but it > doesn't. Is this a regression? Did it used to work with older versions like 2.5.x or even 1.x? > The popup does not appear when it should but an icon on the windows taskbar > appears, indicating that there should be a popup. I minimized all windows > to make sure that the popup is not hidden behind one of them. Maybe it got mapped off-screen? I may have seen a bug similar to what you describe. > The popup appears when I use cygwin/xwin connection to the RHEL workstation > instead of xpra. Can I reproduce the problem myself with an app? This one or even another one? > Any idea? If I can't reproduce the problem, it will be harder to fix. You can try creating a ticket with the client's "-d window" log output of when the window is meant to show up, this may give us a clue.> (as a sidenote, the main-window of the tool sometimes [not always] is just > black when started. This can be fixed by slightly resizing the tool's > window) Sounds like window paint race condition: * turning OpenGL off might fix things, at the cost of performance * "refresh windows" from the tray menu will probably paint it properly * "re-initialize windows" from the tray menu, should fix it too Can I reproduce this problem on my systems somehow? Cheers, Antoine From mail at rudisu.li Fri Dec 13 14:17:07 2019 From: mail at rudisu.li (mail at rudisu.li) Date: Fri, 13 Dec 2019 15:17:07 +0100 Subject: [winswitch] Run an application inside an existing network namespace via xpra Message-ID: Is there a way to remotely start an application inside an existing namespace via xpra? E.g. given xpra start ssh/user at remote-host --start-child=firefox -> only firefox would need to run inside a network namespace (as if started with ip netns exec firefox). As expected, running 'ip netns exec ...' as parameter of --start-child doesn't work (but it doesn't fail either, there's simply no window showing). Any input would be appreciated! Best regards Marco From antoine at nagafix.co.uk Fri Dec 13 15:12:58 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Fri, 13 Dec 2019 22:12:58 +0700 Subject: [winswitch] Run an application inside an existing network namespace via xpra In-Reply-To: References: Message-ID: <9c4d4151-c1f3-81cc-2df0-adc90b3ccab1@nagafix.co.uk> On 13/12/2019 21:17, mail--- via shifter-users wrote: > Is there a way to remotely start an application inside an existing > namespace via xpra? > E.g. given xpra start ssh/user at remote-host --start-child=firefox -> > only firefox would need to run inside a network namespace (as if started > with ip netns exec firefox). > > As expected, running 'ip netns exec ...' as parameter of --start-child > doesn't work (but it doesn't fail either, there's simply no window showing). How do you run the "ip netns" command as a regular user? It normally requires root. And you cannot run Firefox as root from a user session. > Any input would be appreciated! I would run the commands from an xterm running inside xpra, then when you find the incantation that does what you want, either script it or add it as a --start-child= command. Cheers, Antoine > > Best regards > Marco From celeste.weingartner at gmail.com Mon Dec 16 00:59:51 2019 From: celeste.weingartner at gmail.com (Celeste Weingartner) Date: Sun, 15 Dec 2019 17:59:51 -0700 Subject: [winswitch] Hi List, Quick Xpra question Message-ID: Hi Everyone, im not sure if the devel list would be the place for this or not.. So i'll ask. Im trying to use Xpra to create an application server. For a specific application. I do not want users to be able to spawn more than 1 xpra server process. I want them to be limited to 1. Short of disabling server commands, and using firejail which im already doing, how can I further limit it to one server per user? Im willing to be there's some sort of bash magic that can be done in the xpra startup, but im unsure where to even begin there, im not a python coder... Bash I can do.. But can anyone provide some pointers or tips? Thanks in advance, Celeste From antoine at nagafix.co.uk Mon Dec 16 13:05:58 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Mon, 16 Dec 2019 20:05:58 +0700 Subject: [winswitch] Hi List, Quick Xpra question In-Reply-To: References: Message-ID: On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: > Hi Everyone, im not sure if the devel list would be the place for this or > not.. So i'll ask. > > Im trying to use Xpra to create an application server. For a specific > application. I do not want users to be able to spawn more than 1 xpra > server process. I want them to be limited to 1. Short of disabling server > commands, and using firejail which im already doing, how can I further > limit it to one server per user? Im willing to be there's some sort of > bash magic that can be done in the xpra startup, but im unsure where to > even begin there, im not a python coder... Bash I can do.. But can anyone > provide some pointers or tips? How are you going to start the sessions? Is it going to be on demand for each user? How are they connecting to the server? ssh? Are you going to give them a command line to run or an xpra URI they just click on? This is not the first time something like this has been requested, so maybe we can make it easier to setup. Cheers, Antoine > > Thanks in advance, > > Celeste > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From timlee126 at yahoo.com Wed Dec 18 13:40:12 2019 From: timlee126 at yahoo.com (Tim) Date: Wed, 18 Dec 2019 13:40:12 +0000 (UTC) Subject: [winswitch] client side window is too tall and wide References: <671016838.832418.1576676412570.ref@mail.yahoo.com> Message-ID: <671016838.832418.1576676412570@mail.yahoo.com> Here is the command output when running Xpra client on? C55dt-a? (display size 15.6") to connect to Xpra server on T400 (display size 14.1"). Both runs Lubuntu 18.04 with LXDE and OpenBox and latest Xpra version. The client window on C55dt-a has no scrollbar and resize in the window's menu is disabled. (When I run Xpra client on T400 to connect to Xpra server on C55dt-a,? same problem: the client window also has no scrollbar and resize in the window's menu is also disabled.) $ xpra shadow ssh:"$remote":0 (xpra:7808): dbind-WARNING **: 08:22:17.752: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files 2019-12-18 08:22:18,822 Xpra GTK3 X11 client version 3.0.3-r24690 64-bit 2019-12-18 08:22:19,260? running on Linux Ubuntu 18.04 bionic 2019-12-18 08:22:19,264? window manager is 'Openbox' 2019-12-18 08:22:20,135 Warning: failed to import opencv: 2019-12-18 08:22:20,136? No module named 'cv2' 2019-12-18 08:22:20,136? webcam forwarding is disabled (Xpra-Audio-query:7829): dbind-WARNING **: 08:22:22.703: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files 2019-12-18 08:22:22,855 GStreamer version 1.14.5 for Python 3.6.9 64-bit 2019-12-18 08:22:22,857 Warning: no pulseaudio information available 2019-12-18 08:22:22,858? No module named 'distutils.spawn' 2019-12-18 08:22:25,151 No OpenGL_accelerate module loaded: No module named 'OpenGL_accelerate' 2019-12-18 08:22:30,183 Error: cannot handle window transparency 2019-12-18 08:22:30,184? screen is not composited 2019-12-18 08:22:33,336 Error: cannot handle window transparency 2019-12-18 08:22:33,336? screen is not composited 2019-12-18 08:22:33,355 Warning: window 4294967295 changed its transparency attribute 2019-12-18 08:22:33,356? from False to True, behaviour is undefined 2019-12-18 08:22:34,591 OpenGL enabled with AMD KABINI (DRM 2.50.0, 4.15.0-65-generic, LLVM 8.0.0) 2019-12-18 08:22:34,994 Connected (version 2.0, client OpenSSH_7.6p1) 2019-12-18 08:22:36,246 loaded RSA private key from '/home/t/.ssh/id_rsa' 2019-12-18 08:22:36,339 Authentication (publickey) successful! 2019-12-18 08:22:38,485? keyboard settings: rules=evdev, model=pc105, layout=us 2019-12-18 08:22:38,625? desktop size is 1366x768 with 1 screen: 2019-12-18 08:22:38,626?? :0.0 (361x203 mm - DPI: 96x96) workarea: 1366x744 2019-12-18 08:22:38,626???? LVDS (345x194 mm - DPI: 100x100) 2019-12-18 08:22:38,771 no ethtool interface speed available for wlp5s0 2019-12-18 08:23:41,870 enabled remote logging 2019-12-18 08:23:41,884 Xpra GTK3 shadow server version 3.0.3-r24690 64-bit 2019-12-18 08:23:41,886? running on Linux Ubuntu 18.04 bionic 2019-12-18 08:23:42,252 server does not support xi input devices 2019-12-18 08:23:42,254? server uses: auto 2019-12-18 08:23:46,798 Warning: the sound output process has failed to start 2019-12-18 08:23:49,394 Warning: the opus sound sink has stopped On Wednesday, December 11, 2019, 7:17:23 PM UTC, Tim wrote: Hi,I am using xpra between two Lubuntu 18.04. The two laptops have different screen sizes: Thinkpad T400 with smaller display, and Toshiba satellite c55dt-a with bigger display. When running xpra client on T400 to access xpra server on C55dt-a, the client window is smaller than T400 display in both height and width. When doing the opposite, the client window on C55dt-a is bigger than C55dt-a display in both height and width.? I can resize it, and although I can move it from side to side, I can't move it from up to down, so I miss some part down below. I was wondering how I can solve the problem? Thanks. From antoine at nagafix.co.uk Wed Dec 18 17:36:23 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Thu, 19 Dec 2019 00:36:23 +0700 Subject: [winswitch] client side window is too tall and wide In-Reply-To: <671016838.832418.1576676412570@mail.yahoo.com> References: <671016838.832418.1576676412570.ref@mail.yahoo.com> <671016838.832418.1576676412570@mail.yahoo.com> Message-ID: On 18/12/2019 20:40, Tim via shifter-users wrote: > > Here is the command output when running Xpra client on? C55dt-a? (display size 15.6") to connect to Xpra server on T400 (display size 14.1"). The physical size of the display rarely matters much (only for DPI calculations), only the resolution is relevant to your problem. In this case, from your log output it seems that the client was running at 1366x768. The server resolution is not shown. > Both runs Lubuntu 18.04 with LXDE and OpenBox and latest Xpra version. The client window on C55dt-a has no scrollbar and resize in the window's menu is disabled. (When I run Xpra client on T400 to connect to Xpra server on C55dt-a,? same problem: the client window also has no scrollbar and resize in the window's menu is also disabled.) > > $ xpra shadow ssh:"$remote":0 > > (xpra:7808): dbind-WARNING **: 08:22:17.752: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files > 2019-12-18 08:22:18,822 Xpra GTK3 X11 client version 3.0.3-r24690 64-bit > 2019-12-18 08:22:19,260? running on Linux Ubuntu 18.04 bionic > 2019-12-18 08:22:19,264? window manager is 'Openbox' > 2019-12-18 08:22:20,135 Warning: failed to import opencv: > 2019-12-18 08:22:20,136? No module named 'cv2' > 2019-12-18 08:22:20,136? webcam forwarding is disabled > > (Xpra-Audio-query:7829): dbind-WARNING **: 08:22:22.703: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files > 2019-12-18 08:22:22,855 GStreamer version 1.14.5 for Python 3.6.9 64-bit > 2019-12-18 08:22:22,857 Warning: no pulseaudio information available > 2019-12-18 08:22:22,858? No module named 'distutils.spawn' > 2019-12-18 08:22:25,151 No OpenGL_accelerate module loaded: No module named 'OpenGL_accelerate' > 2019-12-18 08:22:30,183 Error: cannot handle window transparency > 2019-12-18 08:22:30,184? screen is not composited > 2019-12-18 08:22:33,336 Error: cannot handle window transparency > 2019-12-18 08:22:33,336? screen is not composited > 2019-12-18 08:22:33,355 Warning: window 4294967295 changed its transparency attribute > 2019-12-18 08:22:33,356? from False to True, behaviour is undefined It is pretty rare these days to run a DE without transparency. > 2019-12-18 08:22:34,591 OpenGL enabled with AMD KABINI (DRM 2.50.0, 4.15.0-65-generic, LLVM 8.0.0) > 2019-12-18 08:22:34,994 Connected (version 2.0, client OpenSSH_7.6p1) > 2019-12-18 08:22:36,246 loaded RSA private key from '/home/t/.ssh/id_rsa' > 2019-12-18 08:22:36,339 Authentication (publickey) successful! > 2019-12-18 08:22:38,485? keyboard settings: rules=evdev, model=pc105, layout=us > 2019-12-18 08:22:38,625? desktop size is 1366x768 with 1 screen: > 2019-12-18 08:22:38,626?? :0.0 (361x203 mm - DPI: 96x96) workarea: 1366x744 > 2019-12-18 08:22:38,626???? LVDS (345x194 mm - DPI: 100x100) > 2019-12-18 08:22:38,771 no ethtool interface speed available for wlp5s0 > 2019-12-18 08:23:41,870 enabled remote logging > 2019-12-18 08:23:41,884 Xpra GTK3 shadow server version 3.0.3-r24690 64-bit > 2019-12-18 08:23:41,886? running on Linux Ubuntu 18.04 bionic > 2019-12-18 08:23:42,252 server does not support xi input devices > 2019-12-18 08:23:42,254? server uses: auto > 2019-12-18 08:23:46,798 Warning: the sound output process has failed to start > 2019-12-18 08:23:49,394 Warning: the opus sound sink has stopped As suggested in my previous reply: "you could use the desktop-scaling option or the scaling option from the system tray to downscale the window." If that is not sufficient for your needs, please create a ticket. Cheers, Antoine > > > > > On Wednesday, December 11, 2019, 7:17:23 PM UTC, Tim wrote: > > > > Hi,I am using xpra between two Lubuntu 18.04. The two laptops have different screen sizes: Thinkpad T400 with smaller display, and Toshiba satellite c55dt-a with bigger display. > When running xpra client on T400 to access xpra server on C55dt-a, the client window is smaller than T400 display in both height and width. > When doing the opposite, the client window on C55dt-a is bigger than C55dt-a display in both height and width.? I can resize it, and although I can move it from side to side, I can't move it from up to down, so I miss some part down below. I was wondering how I can solve the problem? > Thanks. > > > > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From celeste.weingartner at gmail.com Thu Dec 19 09:19:58 2019 From: celeste.weingartner at gmail.com (Celeste Weingartner) Date: Thu, 19 Dec 2019 02:19:58 -0700 Subject: [winswitch] Hi List, Quick Xpra question In-Reply-To: References: Message-ID: im writing a frontend for Xpra that will use ssh to connect. I would like to make a ultra persistant chrome session be remotely served.. Ive got firejail working for chrome, and i can manually connect with xpra start someuser at apphost.com --start-child='google-chrome' and that works.. and i can reattach to it no problem but if i reisssue another start, it starts another x session, which i do not want.. I want it limited to one per user. max. On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users < shifter-users at lists.devloop.org.uk> wrote: > On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: > > Hi Everyone, im not sure if the devel list would be the place for this or > > not.. So i'll ask. > > > > Im trying to use Xpra to create an application server. For a specific > > application. I do not want users to be able to spawn more than 1 xpra > > server process. I want them to be limited to 1. Short of disabling server > > commands, and using firejail which im already doing, how can I further > > limit it to one server per user? Im willing to be there's some sort of > > bash magic that can be done in the xpra startup, but im unsure where to > > even begin there, im not a python coder... Bash I can do.. But can > anyone > > provide some pointers or tips? > How are you going to start the sessions? Is it going to be on demand for > each user? > How are they connecting to the server? ssh? > Are you going to give them a command line to run or an xpra URI they > just click on? > > This is not the first time something like this has been requested, so > maybe we can make it easier to setup. > > Cheers, > Antoine > > > > > Thanks in advance, > > > > Celeste > > _______________________________________________ > > shifter-users mailing list > > shifter-users at lists.devloop.org.uk > > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > > > > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From celeste.weingartner at gmail.com Thu Dec 19 09:22:39 2019 From: celeste.weingartner at gmail.com (Celeste Weingartner) Date: Thu, 19 Dec 2019 02:22:39 -0700 Subject: [winswitch] Hi List, Quick Xpra question In-Reply-To: References: Message-ID: excuse me, the line should have been xpra start ssh://someuser at apphost.com --start-child='google-chrome' -- Im not sure how to A) track who's got what session and be able to reattach to an already running one.. or B) limit spawinng of xsessions to 1. and finally C) handle a session that dies, hangs, or crashes, by starting a new one. On Thu, Dec 19, 2019 at 2:19 AM Celeste Weingartner < celeste.weingartner at gmail.com> wrote: > im writing a frontend for Xpra that will use ssh to connect. I would like > to make a ultra persistant chrome session be remotely served.. Ive got > firejail working for chrome, and i can manually connect with xpra start > someuser at apphost.com --start-child='google-chrome' and that works.. and i > can reattach to it no problem but if i reisssue another start, it starts > another x session, which i do not want.. I want it limited to one per user. > max. > > > On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users < > shifter-users at lists.devloop.org.uk> wrote: > >> On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: >> > Hi Everyone, im not sure if the devel list would be the place for this >> or >> > not.. So i'll ask. >> > >> > Im trying to use Xpra to create an application server. For a specific >> > application. I do not want users to be able to spawn more than 1 xpra >> > server process. I want them to be limited to 1. Short of disabling >> server >> > commands, and using firejail which im already doing, how can I further >> > limit it to one server per user? Im willing to be there's some sort of >> > bash magic that can be done in the xpra startup, but im unsure where to >> > even begin there, im not a python coder... Bash I can do.. But can >> anyone >> > provide some pointers or tips? >> How are you going to start the sessions? Is it going to be on demand for >> each user? >> How are they connecting to the server? ssh? >> Are you going to give them a command line to run or an xpra URI they >> just click on? >> >> This is not the first time something like this has been requested, so >> maybe we can make it easier to setup. >> >> Cheers, >> Antoine >> >> > >> > Thanks in advance, >> > >> > Celeste >> > _______________________________________________ >> > shifter-users mailing list >> > shifter-users at lists.devloop.org.uk >> > https://lists.devloop.org.uk/mailman/listinfo/shifter-users >> > >> >> _______________________________________________ >> shifter-users mailing list >> shifter-users at lists.devloop.org.uk >> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >> > From antoine at nagafix.co.uk Fri Dec 20 13:59:16 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Fri, 20 Dec 2019 20:59:16 +0700 Subject: [winswitch] Hi List, Quick Xpra question In-Reply-To: References: Message-ID: On 19/12/2019 16:19, Celeste Weingartner via shifter-users wrote: > im writing a frontend for Xpra that will use ssh to connect. I would like > to make a ultra persistant chrome session be remotely served.. Running browsers through xpra seems to be a popular use case. Are you using xpra's builtin ssh server or are you allowing those users shell access on your server? (and restricting what commands they are allowed to run?) > Ive got > firejail working for chrome, and i can manually connect with xpra start > someuser at apphost.com --start-child='google-chrome' and that works.. and i > can reattach to it no problem but if i reisssue another start, it starts > another x session, which i do not want.. I want it limited to one per user. An easy way to achieve that would be to derive the X11 display for each user from their user id. That way a user would only ever be able to start a single session. FYI: most browsers, including chrome, are limited to a single instance per user account. To make things easier to manage, we could add a new subcommand: "xpra attach-or-start" Or maybe a new flag: "xpra attach --create=yes" Or even: "xpra start --reuse-session=yes" Ideas and suggestions welcome. When connecting over ssh, the xpra client will run "xpra _proxy", potentially with extra arguments, and this is what connects the xpra server to the ssh channel. The remote xpra command can be changed using the "--remote-xpra=" command line option. This would be a decent place to override the default behaviour and start a new server instance if one is not found, before trying to connect to it. Cheers, Antoine > max. > > > On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users < > shifter-users at lists.devloop.org.uk> wrote: > >> On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: >>> Hi Everyone, im not sure if the devel list would be the place for this or >>> not.. So i'll ask. >>> >>> Im trying to use Xpra to create an application server. For a specific >>> application. I do not want users to be able to spawn more than 1 xpra >>> server process. I want them to be limited to 1. Short of disabling server >>> commands, and using firejail which im already doing, how can I further >>> limit it to one server per user? Im willing to be there's some sort of >>> bash magic that can be done in the xpra startup, but im unsure where to >>> even begin there, im not a python coder... Bash I can do.. But can >> anyone >>> provide some pointers or tips? >> How are you going to start the sessions? Is it going to be on demand for >> each user? >> How are they connecting to the server? ssh? >> Are you going to give them a command line to run or an xpra URI they >> just click on? >> >> This is not the first time something like this has been requested, so >> maybe we can make it easier to setup. >> >> Cheers, >> Antoine >> >>> >>> Thanks in advance, >>> >>> Celeste >>> _______________________________________________ >>> shifter-users mailing list >>> shifter-users at lists.devloop.org.uk >>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>> >> >> _______________________________________________ >> shifter-users mailing list >> shifter-users at lists.devloop.org.uk >> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >> > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From antoine at nagafix.co.uk Fri Dec 20 14:15:38 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Fri, 20 Dec 2019 21:15:38 +0700 Subject: [winswitch] SSH wrapper, was: Hi List, Quick Xpra question In-Reply-To: References: Message-ID: <2dd58803-e9e1-c5d9-9613-3577a7295c5f@nagafix.co.uk> On 19/12/2019 16:22, Celeste Weingartner via shifter-users wrote: > excuse me, the line should have been xpra start ssh://someuser at apphost.com > --start-child='google-chrome' -- > Im not sure how to A) track who's got what session and be able to reattach > to an already running one.. If a single session already exists, running "xpra version" will return 0. > or B) limit spawinng of xsessions to 1. As per previous email, you could derive the X11 display from the userid. > and finally C) handle a session that dies, hangs, or crashes, by starting a > new one. If a session dies, you can just start a new one. This is no different from not having a session to begin with. Session hangs are very rare, but if a server exists and is not responding then you may have to kill it. If a server has crashed, starting a new one with the same display number will fail. You can recover that display by running the xpra server with "--use-display". Thinking some more about the new subcommands, I think that this would be much clearer and cover everything: "xpra upgrade-or-start --use-display=auto" This would "xpra upgrade" the server if one is found, otherwise start a new one and recover an existing display if it is found. Here's a ticket: https://xpra.org/trac/ticket/2523 Cheers, Antoine > > On Thu, Dec 19, 2019 at 2:19 AM Celeste Weingartner < > celeste.weingartner at gmail.com> wrote: > >> im writing a frontend for Xpra that will use ssh to connect. I would like >> to make a ultra persistant chrome session be remotely served.. Ive got >> firejail working for chrome, and i can manually connect with xpra start >> someuser at apphost.com --start-child='google-chrome' and that works.. and i >> can reattach to it no problem but if i reisssue another start, it starts >> another x session, which i do not want.. I want it limited to one per user. >> max. >> >> >> On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users < >> shifter-users at lists.devloop.org.uk> wrote: >> >>> On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: >>>> Hi Everyone, im not sure if the devel list would be the place for this >>> or >>>> not.. So i'll ask. >>>> >>>> Im trying to use Xpra to create an application server. For a specific >>>> application. I do not want users to be able to spawn more than 1 xpra >>>> server process. I want them to be limited to 1. Short of disabling >>> server >>>> commands, and using firejail which im already doing, how can I further >>>> limit it to one server per user? Im willing to be there's some sort of >>>> bash magic that can be done in the xpra startup, but im unsure where to >>>> even begin there, im not a python coder... Bash I can do.. But can >>> anyone >>>> provide some pointers or tips? >>> How are you going to start the sessions? Is it going to be on demand for >>> each user? >>> How are they connecting to the server? ssh? >>> Are you going to give them a command line to run or an xpra URI they >>> just click on? >>> >>> This is not the first time something like this has been requested, so >>> maybe we can make it easier to setup. >>> >>> Cheers, >>> Antoine >>> >>>> >>>> Thanks in advance, >>>> >>>> Celeste >>>> _______________________________________________ >>>> shifter-users mailing list >>>> shifter-users at lists.devloop.org.uk >>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>>> >>> >>> _______________________________________________ >>> shifter-users mailing list >>> shifter-users at lists.devloop.org.uk >>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>> >> > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From antoine at devloop.org.uk Sat Dec 21 16:16:44 2019 From: antoine at devloop.org.uk (Antoine Martin) Date: Sat, 21 Dec 2019 23:16:44 +0700 Subject: [winswitch] [ANNOUNCE] Xpra 3.0.4: a few fixes, one critical Message-ID: Hi, This update does not fix many issues, but it does fix one critical bug that affected only the MS Windows Python 3 builds when showing undecorated windows with OpenGL enabled. There is no urgency to update if you were not affected by these bugs. Release notes: * fix missing undecorated windows on MS Windows with Python 3 * fix av-sync issues * fix X11 property synchronization error due to race condition * fix XI2 bindings not loading * fix ssh upgrades wrongly claimed as supported without paramiko * fix 'wireless' network device detection on Linux * fix 'Sound Buffer' graph * fix errors caused by window title error handler * fix missing 'Packet Encoders' and 'Packet Compressors' python3 clients * relax RPM dependencies to allow different versions to be installed simultaneously * add missing files to MANIFEST * distinguish certificate verification errors from other SSL errors Cheers, Antoine From celeste.weingartner at gmail.com Sun Dec 22 18:10:52 2019 From: celeste.weingartner at gmail.com (Celeste Weingartner) Date: Sun, 22 Dec 2019 11:10:52 -0700 Subject: [winswitch] Hi List, Quick Xpra question In-Reply-To: References: Message-ID: I had considered tying it to user ID and that's a good idea. While changing the remote xpra command is certainly an option I could write into the frontend, I want this to be a bit more secure and not rely on the frontend to do the right thing, is there a easy way to specify a new command server side and system wide?or user group wide? Sorry for the double email Antoine On Fri, Dec 20, 2019, 6:59 AM Antoine Martin via shifter-users < shifter-users at lists.devloop.org.uk> wrote: > On 19/12/2019 16:19, Celeste Weingartner via shifter-users wrote: > > im writing a frontend for Xpra that will use ssh to connect. I would like > > to make a ultra persistant chrome session be remotely served.. > Running browsers through xpra seems to be a popular use case. > Are you using xpra's builtin ssh server or are you allowing those users > shell access on your server? (and restricting what commands they are > allowed to run?) > > > Ive got > > firejail working for chrome, and i can manually connect with xpra start > > someuser at apphost.com --start-child='google-chrome' and that works.. and > i > > can reattach to it no problem but if i reisssue another start, it starts > > another x session, which i do not want.. I want it limited to one per > user. > An easy way to achieve that would be to derive the X11 display for each > user from their user id. That way a user would only ever be able to > start a single session. > FYI: most browsers, including chrome, are limited to a single instance > per user account. > > To make things easier to manage, we could add a new subcommand: > "xpra attach-or-start" > Or maybe a new flag: > "xpra attach --create=yes" > Or even: > "xpra start --reuse-session=yes" > Ideas and suggestions welcome. > > When connecting over ssh, the xpra client will run "xpra _proxy", > potentially with extra arguments, and this is what connects the xpra > server to the ssh channel. > The remote xpra command can be changed using the "--remote-xpra=" > command line option. > This would be a decent place to override the default behaviour and start > a new server instance if one is not found, before trying to connect to it. > > Cheers, > Antoine > > > > > > max. > > > > > > On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users < > > shifter-users at lists.devloop.org.uk> wrote: > > > >> On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: > >>> Hi Everyone, im not sure if the devel list would be the place for this > or > >>> not.. So i'll ask. > >>> > >>> Im trying to use Xpra to create an application server. For a specific > >>> application. I do not want users to be able to spawn more than 1 xpra > >>> server process. I want them to be limited to 1. Short of disabling > server > >>> commands, and using firejail which im already doing, how can I further > >>> limit it to one server per user? Im willing to be there's some sort of > >>> bash magic that can be done in the xpra startup, but im unsure where to > >>> even begin there, im not a python coder... Bash I can do.. But can > >> anyone > >>> provide some pointers or tips? > >> How are you going to start the sessions? Is it going to be on demand for > >> each user? > >> How are they connecting to the server? ssh? > >> Are you going to give them a command line to run or an xpra URI they > >> just click on? > >> > >> This is not the first time something like this has been requested, so > >> maybe we can make it easier to setup. > >> > >> Cheers, > >> Antoine > >> > >>> > >>> Thanks in advance, > >>> > >>> Celeste > >>> _______________________________________________ > >>> shifter-users mailing list > >>> shifter-users at lists.devloop.org.uk > >>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >>> > >> > >> _______________________________________________ > >> shifter-users mailing list > >> shifter-users at lists.devloop.org.uk > >> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >> > > _______________________________________________ > > shifter-users mailing list > > shifter-users at lists.devloop.org.uk > > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > > > > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From antoine at nagafix.co.uk Mon Dec 23 19:58:48 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Tue, 24 Dec 2019 02:58:48 +0700 Subject: [winswitch] SSH wrapper, was: Hi List, Quick Xpra question In-Reply-To: References: Message-ID: <93defabf-6445-95ec-d338-1fe07cc274c2@nagafix.co.uk> On 23/12/2019 01:10, Celeste Weingartner via shifter-users wrote: > I had considered tying it to user ID and that's a good idea. While changing > the remote xpra command is certainly an option I could write into the > frontend, I want this to be a bit more secure and not rely on the frontend > to do the right thing, is there a easy way to specify a new command server > side and system wide?or user group wide? No. The remote command is requested by the SSH transport (ie: paramiko openssh or plink), it is always specified by the client - that's just how SSH works. xpra's builtin SSH server already intercepts the 'xpra _proxy' command to avoid spawning a new subprocess unnecessarily. But modifying this behaviour is likely way too complicated for what you are trying to achieve. (and this would only work with xpra running as ssh server) If you want to limit what your users can execute via ssh logins then you should look into OpenSSH command restrictions and you can then place your override script in a whitelisted location, ie: /usr/local/bin/xpra To see which remote commands your clients will attempt to run, see: xpra showconfig | grep remote-xpra Cheers, Antoine > > Sorry for the double email Antoine > > > On Fri, Dec 20, 2019, 6:59 AM Antoine Martin via shifter-users < > shifter-users at lists.devloop.org.uk> wrote: > >> On 19/12/2019 16:19, Celeste Weingartner via shifter-users wrote: >>> im writing a frontend for Xpra that will use ssh to connect. I would like >>> to make a ultra persistant chrome session be remotely served.. >> Running browsers through xpra seems to be a popular use case. >> Are you using xpra's builtin ssh server or are you allowing those users >> shell access on your server? (and restricting what commands they are >> allowed to run?) >> >>> Ive got >>> firejail working for chrome, and i can manually connect with xpra start >>> someuser at apphost.com --start-child='google-chrome' and that works.. and >> i >>> can reattach to it no problem but if i reisssue another start, it starts >>> another x session, which i do not want.. I want it limited to one per >> user. >> An easy way to achieve that would be to derive the X11 display for each >> user from their user id. That way a user would only ever be able to >> start a single session. >> FYI: most browsers, including chrome, are limited to a single instance >> per user account. >> >> To make things easier to manage, we could add a new subcommand: >> "xpra attach-or-start" >> Or maybe a new flag: >> "xpra attach --create=yes" >> Or even: >> "xpra start --reuse-session=yes" >> Ideas and suggestions welcome. >> >> When connecting over ssh, the xpra client will run "xpra _proxy", >> potentially with extra arguments, and this is what connects the xpra >> server to the ssh channel. >> The remote xpra command can be changed using the "--remote-xpra=" >> command line option. >> This would be a decent place to override the default behaviour and start >> a new server instance if one is not found, before trying to connect to it. >> >> Cheers, >> Antoine >> >> >> >> >>> max. >>> >>> >>> On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users < >>> shifter-users at lists.devloop.org.uk> wrote: >>> >>>> On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: >>>>> Hi Everyone, im not sure if the devel list would be the place for this >> or >>>>> not.. So i'll ask. >>>>> >>>>> Im trying to use Xpra to create an application server. For a specific >>>>> application. I do not want users to be able to spawn more than 1 xpra >>>>> server process. I want them to be limited to 1. Short of disabling >> server >>>>> commands, and using firejail which im already doing, how can I further >>>>> limit it to one server per user? Im willing to be there's some sort of >>>>> bash magic that can be done in the xpra startup, but im unsure where to >>>>> even begin there, im not a python coder... Bash I can do.. But can >>>> anyone >>>>> provide some pointers or tips? >>>> How are you going to start the sessions? Is it going to be on demand for >>>> each user? >>>> How are they connecting to the server? ssh? >>>> Are you going to give them a command line to run or an xpra URI they >>>> just click on? >>>> >>>> This is not the first time something like this has been requested, so >>>> maybe we can make it easier to setup. >>>> >>>> Cheers, >>>> Antoine >>>> >>>>> >>>>> Thanks in advance, >>>>> >>>>> Celeste >>>>> _______________________________________________ >>>>> shifter-users mailing list >>>>> shifter-users at lists.devloop.org.uk >>>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>>>> >>>> >>>> _______________________________________________ >>>> shifter-users mailing list >>>> shifter-users at lists.devloop.org.uk >>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>>> >>> _______________________________________________ >>> shifter-users mailing list >>> shifter-users at lists.devloop.org.uk >>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>> >> >> _______________________________________________ >> shifter-users mailing list >> shifter-users at lists.devloop.org.uk >> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >> > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From celeste.weingartner at gmail.com Mon Dec 23 20:48:30 2019 From: celeste.weingartner at gmail.com (Celeste Weingartner) Date: Mon, 23 Dec 2019 13:48:30 -0700 Subject: [winswitch] SSH wrapper, was: Hi List, Quick Xpra question In-Reply-To: <93defabf-6445-95ec-d338-1fe07cc274c2@nagafix.co.uk> References: <93defabf-6445-95ec-d338-1fe07cc274c2@nagafix.co.uk> Message-ID: Antoine, Now that I think about it I could change the command shell for those users to a custom shell, and I think perhaps I could get the results I'm looking for that way can you tell me if paramiko requests and interactive session by default? Because I think without an interactive session the shell specified for specific users in the password file might not fire. On Mon, Dec 23, 2019, 12:58 PM Antoine Martin via shifter-users < shifter-users at lists.devloop.org.uk> wrote: > On 23/12/2019 01:10, Celeste Weingartner via shifter-users wrote: > > I had considered tying it to user ID and that's a good idea. While > changing > > the remote xpra command is certainly an option I could write into the > > frontend, I want this to be a bit more secure and not rely on the > frontend > > to do the right thing, is there a easy way to specify a new command > server > > side and system wide?or user group wide? > No. > The remote command is requested by the SSH transport (ie: paramiko > openssh or plink), it is always specified by the client - that's just > how SSH works. > > xpra's builtin SSH server already intercepts the 'xpra _proxy' command > to avoid spawning a new subprocess unnecessarily. But modifying this > behaviour is likely way too complicated for what you are trying to > achieve. (and this would only work with xpra running as ssh server) > > If you want to limit what your users can execute via ssh logins then you > should look into OpenSSH command restrictions and you can then place > your override script in a whitelisted location, ie: > /usr/local/bin/xpra > To see which remote commands your clients will attempt to run, see: > xpra showconfig | grep remote-xpra > > Cheers, > Antoine > > > > > Sorry for the double email Antoine > > > > > > On Fri, Dec 20, 2019, 6:59 AM Antoine Martin via shifter-users < > > shifter-users at lists.devloop.org.uk> wrote: > > > >> On 19/12/2019 16:19, Celeste Weingartner via shifter-users wrote: > >>> im writing a frontend for Xpra that will use ssh to connect. I would > like > >>> to make a ultra persistant chrome session be remotely served.. > >> Running browsers through xpra seems to be a popular use case. > >> Are you using xpra's builtin ssh server or are you allowing those users > >> shell access on your server? (and restricting what commands they are > >> allowed to run?) > >> > >>> Ive got > >>> firejail working for chrome, and i can manually connect with xpra start > >>> someuser at apphost.com --start-child='google-chrome' and that works.. > and > >> i > >>> can reattach to it no problem but if i reisssue another start, it > starts > >>> another x session, which i do not want.. I want it limited to one per > >> user. > >> An easy way to achieve that would be to derive the X11 display for each > >> user from their user id. That way a user would only ever be able to > >> start a single session. > >> FYI: most browsers, including chrome, are limited to a single instance > >> per user account. > >> > >> To make things easier to manage, we could add a new subcommand: > >> "xpra attach-or-start" > >> Or maybe a new flag: > >> "xpra attach --create=yes" > >> Or even: > >> "xpra start --reuse-session=yes" > >> Ideas and suggestions welcome. > >> > >> When connecting over ssh, the xpra client will run "xpra _proxy", > >> potentially with extra arguments, and this is what connects the xpra > >> server to the ssh channel. > >> The remote xpra command can be changed using the "--remote-xpra=" > >> command line option. > >> This would be a decent place to override the default behaviour and start > >> a new server instance if one is not found, before trying to connect to > it. > >> > >> Cheers, > >> Antoine > >> > >> > >> > >> > >>> max. > >>> > >>> > >>> On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users < > >>> shifter-users at lists.devloop.org.uk> wrote: > >>> > >>>> On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: > >>>>> Hi Everyone, im not sure if the devel list would be the place for > this > >> or > >>>>> not.. So i'll ask. > >>>>> > >>>>> Im trying to use Xpra to create an application server. For a specific > >>>>> application. I do not want users to be able to spawn more than 1 xpra > >>>>> server process. I want them to be limited to 1. Short of disabling > >> server > >>>>> commands, and using firejail which im already doing, how can I > further > >>>>> limit it to one server per user? Im willing to be there's some sort > of > >>>>> bash magic that can be done in the xpra startup, but im unsure where > to > >>>>> even begin there, im not a python coder... Bash I can do.. But can > >>>> anyone > >>>>> provide some pointers or tips? > >>>> How are you going to start the sessions? Is it going to be on demand > for > >>>> each user? > >>>> How are they connecting to the server? ssh? > >>>> Are you going to give them a command line to run or an xpra URI they > >>>> just click on? > >>>> > >>>> This is not the first time something like this has been requested, so > >>>> maybe we can make it easier to setup. > >>>> > >>>> Cheers, > >>>> Antoine > >>>> > >>>>> > >>>>> Thanks in advance, > >>>>> > >>>>> Celeste > >>>>> _______________________________________________ > >>>>> shifter-users mailing list > >>>>> shifter-users at lists.devloop.org.uk > >>>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >>>>> > >>>> > >>>> _______________________________________________ > >>>> shifter-users mailing list > >>>> shifter-users at lists.devloop.org.uk > >>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >>>> > >>> _______________________________________________ > >>> shifter-users mailing list > >>> shifter-users at lists.devloop.org.uk > >>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >>> > >> > >> _______________________________________________ > >> shifter-users mailing list > >> shifter-users at lists.devloop.org.uk > >> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >> > > _______________________________________________ > > shifter-users mailing list > > shifter-users at lists.devloop.org.uk > > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > > > > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From antoine at nagafix.co.uk Tue Dec 24 17:04:17 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Tue, 24 Dec 2019 18:04:17 +0100 Subject: [winswitch] SSH wrapper, was: Hi List, Quick Xpra question In-Reply-To: References: <93defabf-6445-95ec-d338-1fe07cc274c2@nagafix.co.uk> Message-ID: <7ca022bb-0dc3-1586-c049-3ef2feae7c3a@nagafix.co.uk> On 23/12/2019 21:48, Celeste Weingartner via shifter-users wrote: > Antoine, > > Now that I think about it I could change the command shell for those users > to a custom shell, and I think perhaps I could get the results I'm looking > for that way can you tell me if paramiko requests and interactive session > by default? Because I think without an interactive session the shell > specified for specific users in the password file might not fire. The SSH session is not interactive and does not request a pty, that's true of all the backends, not just paramiko. What I am suggesting instead is something like this: http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5#ForceCommand Cheers, Antoine > > On Mon, Dec 23, 2019, 12:58 PM Antoine Martin via shifter-users < > shifter-users at lists.devloop.org.uk> wrote: > >> On 23/12/2019 01:10, Celeste Weingartner via shifter-users wrote: >>> I had considered tying it to user ID and that's a good idea. While >> changing >>> the remote xpra command is certainly an option I could write into the >>> frontend, I want this to be a bit more secure and not rely on the >> frontend >>> to do the right thing, is there a easy way to specify a new command >> server >>> side and system wide?or user group wide? >> No. >> The remote command is requested by the SSH transport (ie: paramiko >> openssh or plink), it is always specified by the client - that's just >> how SSH works. >> >> xpra's builtin SSH server already intercepts the 'xpra _proxy' command >> to avoid spawning a new subprocess unnecessarily. But modifying this >> behaviour is likely way too complicated for what you are trying to >> achieve. (and this would only work with xpra running as ssh server) >> >> If you want to limit what your users can execute via ssh logins then you >> should look into OpenSSH command restrictions and you can then place >> your override script in a whitelisted location, ie: >> /usr/local/bin/xpra >> To see which remote commands your clients will attempt to run, see: >> xpra showconfig | grep remote-xpra >> >> Cheers, >> Antoine >> >>> >>> Sorry for the double email Antoine >>> >>> >>> On Fri, Dec 20, 2019, 6:59 AM Antoine Martin via shifter-users < >>> shifter-users at lists.devloop.org.uk> wrote: >>> >>>> On 19/12/2019 16:19, Celeste Weingartner via shifter-users wrote: >>>>> im writing a frontend for Xpra that will use ssh to connect. I would >> like >>>>> to make a ultra persistant chrome session be remotely served.. >>>> Running browsers through xpra seems to be a popular use case. >>>> Are you using xpra's builtin ssh server or are you allowing those users >>>> shell access on your server? (and restricting what commands they are >>>> allowed to run?) >>>> >>>>> Ive got >>>>> firejail working for chrome, and i can manually connect with xpra start >>>>> someuser at apphost.com --start-child='google-chrome' and that works.. >> and >>>> i >>>>> can reattach to it no problem but if i reisssue another start, it >> starts >>>>> another x session, which i do not want.. I want it limited to one per >>>> user. >>>> An easy way to achieve that would be to derive the X11 display for each >>>> user from their user id. That way a user would only ever be able to >>>> start a single session. >>>> FYI: most browsers, including chrome, are limited to a single instance >>>> per user account. >>>> >>>> To make things easier to manage, we could add a new subcommand: >>>> "xpra attach-or-start" >>>> Or maybe a new flag: >>>> "xpra attach --create=yes" >>>> Or even: >>>> "xpra start --reuse-session=yes" >>>> Ideas and suggestions welcome. >>>> >>>> When connecting over ssh, the xpra client will run "xpra _proxy", >>>> potentially with extra arguments, and this is what connects the xpra >>>> server to the ssh channel. >>>> The remote xpra command can be changed using the "--remote-xpra=" >>>> command line option. >>>> This would be a decent place to override the default behaviour and start >>>> a new server instance if one is not found, before trying to connect to >> it. >>>> >>>> Cheers, >>>> Antoine >>>> >>>> >>>> >>>> >>>>> max. >>>>> >>>>> >>>>> On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users < >>>>> shifter-users at lists.devloop.org.uk> wrote: >>>>> >>>>>> On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: >>>>>>> Hi Everyone, im not sure if the devel list would be the place for >> this >>>> or >>>>>>> not.. So i'll ask. >>>>>>> >>>>>>> Im trying to use Xpra to create an application server. For a specific >>>>>>> application. I do not want users to be able to spawn more than 1 xpra >>>>>>> server process. I want them to be limited to 1. Short of disabling >>>> server >>>>>>> commands, and using firejail which im already doing, how can I >> further >>>>>>> limit it to one server per user? Im willing to be there's some sort >> of >>>>>>> bash magic that can be done in the xpra startup, but im unsure where >> to >>>>>>> even begin there, im not a python coder... Bash I can do.. But can >>>>>> anyone >>>>>>> provide some pointers or tips? >>>>>> How are you going to start the sessions? Is it going to be on demand >> for >>>>>> each user? >>>>>> How are they connecting to the server? ssh? >>>>>> Are you going to give them a command line to run or an xpra URI they >>>>>> just click on? >>>>>> >>>>>> This is not the first time something like this has been requested, so >>>>>> maybe we can make it easier to setup. >>>>>> >>>>>> Cheers, >>>>>> Antoine >>>>>> >>>>>>> >>>>>>> Thanks in advance, >>>>>>> >>>>>>> Celeste >>>>>>> _______________________________________________ >>>>>>> shifter-users mailing list >>>>>>> shifter-users at lists.devloop.org.uk >>>>>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> shifter-users mailing list >>>>>> shifter-users at lists.devloop.org.uk >>>>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>>>>> >>>>> _______________________________________________ >>>>> shifter-users mailing list >>>>> shifter-users at lists.devloop.org.uk >>>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>>>> >>>> >>>> _______________________________________________ >>>> shifter-users mailing list >>>> shifter-users at lists.devloop.org.uk >>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>>> >>> _______________________________________________ >>> shifter-users mailing list >>> shifter-users at lists.devloop.org.uk >>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>> >> >> _______________________________________________ >> shifter-users mailing list >> shifter-users at lists.devloop.org.uk >> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >> > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From celeste.weingartner at gmail.com Tue Dec 24 20:54:54 2019 From: celeste.weingartner at gmail.com (Celeste Weingartner) Date: Tue, 24 Dec 2019 13:54:54 -0700 Subject: [winswitch] SSH wrapper, was: Hi List, Quick Xpra question In-Reply-To: <7ca022bb-0dc3-1586-c049-3ef2feae7c3a@nagafix.co.uk> References: <93defabf-6445-95ec-d338-1fe07cc274c2@nagafix.co.uk> <7ca022bb-0dc3-1586-c049-3ef2feae7c3a@nagafix.co.uk> Message-ID: Yeah. I think that with a "xpra start-or-attach --display=$userid" should do about exactly what I want it to. Awesome, thank you. When might I be able to see some supporting code in the repo? I'm excited. On Tue, Dec 24, 2019, 10:04 AM Antoine Martin via shifter-users < shifter-users at lists.devloop.org.uk> wrote: > On 23/12/2019 21:48, Celeste Weingartner via shifter-users wrote: > > Antoine, > > > > Now that I think about it I could change the command shell for those > users > > to a custom shell, and I think perhaps I could get the results I'm > looking > > for that way can you tell me if paramiko requests and interactive session > > by default? Because I think without an interactive session the shell > > specified for specific users in the password file might not fire. > The SSH session is not interactive and does not request a pty, that's > true of all the backends, not just paramiko. > What I am suggesting instead is something like this: > http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5#ForceCommand > > Cheers, > Antoine > > > > > On Mon, Dec 23, 2019, 12:58 PM Antoine Martin via shifter-users < > > shifter-users at lists.devloop.org.uk> wrote: > > > >> On 23/12/2019 01:10, Celeste Weingartner via shifter-users wrote: > >>> I had considered tying it to user ID and that's a good idea. While > >> changing > >>> the remote xpra command is certainly an option I could write into the > >>> frontend, I want this to be a bit more secure and not rely on the > >> frontend > >>> to do the right thing, is there a easy way to specify a new command > >> server > >>> side and system wide?or user group wide? > >> No. > >> The remote command is requested by the SSH transport (ie: paramiko > >> openssh or plink), it is always specified by the client - that's just > >> how SSH works. > >> > >> xpra's builtin SSH server already intercepts the 'xpra _proxy' command > >> to avoid spawning a new subprocess unnecessarily. But modifying this > >> behaviour is likely way too complicated for what you are trying to > >> achieve. (and this would only work with xpra running as ssh server) > >> > >> If you want to limit what your users can execute via ssh logins then you > >> should look into OpenSSH command restrictions and you can then place > >> your override script in a whitelisted location, ie: > >> /usr/local/bin/xpra > >> To see which remote commands your clients will attempt to run, see: > >> xpra showconfig | grep remote-xpra > >> > >> Cheers, > >> Antoine > >> > >>> > >>> Sorry for the double email Antoine > >>> > >>> > >>> On Fri, Dec 20, 2019, 6:59 AM Antoine Martin via shifter-users < > >>> shifter-users at lists.devloop.org.uk> wrote: > >>> > >>>> On 19/12/2019 16:19, Celeste Weingartner via shifter-users wrote: > >>>>> im writing a frontend for Xpra that will use ssh to connect. I would > >> like > >>>>> to make a ultra persistant chrome session be remotely served.. > >>>> Running browsers through xpra seems to be a popular use case. > >>>> Are you using xpra's builtin ssh server or are you allowing those > users > >>>> shell access on your server? (and restricting what commands they are > >>>> allowed to run?) > >>>> > >>>>> Ive got > >>>>> firejail working for chrome, and i can manually connect with xpra > start > >>>>> someuser at apphost.com --start-child='google-chrome' and that works.. > >> and > >>>> i > >>>>> can reattach to it no problem but if i reisssue another start, it > >> starts > >>>>> another x session, which i do not want.. I want it limited to one per > >>>> user. > >>>> An easy way to achieve that would be to derive the X11 display for > each > >>>> user from their user id. That way a user would only ever be able to > >>>> start a single session. > >>>> FYI: most browsers, including chrome, are limited to a single instance > >>>> per user account. > >>>> > >>>> To make things easier to manage, we could add a new subcommand: > >>>> "xpra attach-or-start" > >>>> Or maybe a new flag: > >>>> "xpra attach --create=yes" > >>>> Or even: > >>>> "xpra start --reuse-session=yes" > >>>> Ideas and suggestions welcome. > >>>> > >>>> When connecting over ssh, the xpra client will run "xpra _proxy", > >>>> potentially with extra arguments, and this is what connects the xpra > >>>> server to the ssh channel. > >>>> The remote xpra command can be changed using the "--remote-xpra=" > >>>> command line option. > >>>> This would be a decent place to override the default behaviour and > start > >>>> a new server instance if one is not found, before trying to connect to > >> it. > >>>> > >>>> Cheers, > >>>> Antoine > >>>> > >>>> > >>>> > >>>> > >>>>> max. > >>>>> > >>>>> > >>>>> On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users < > >>>>> shifter-users at lists.devloop.org.uk> wrote: > >>>>> > >>>>>> On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: > >>>>>>> Hi Everyone, im not sure if the devel list would be the place for > >> this > >>>> or > >>>>>>> not.. So i'll ask. > >>>>>>> > >>>>>>> Im trying to use Xpra to create an application server. For a > specific > >>>>>>> application. I do not want users to be able to spawn more than 1 > xpra > >>>>>>> server process. I want them to be limited to 1. Short of disabling > >>>> server > >>>>>>> commands, and using firejail which im already doing, how can I > >> further > >>>>>>> limit it to one server per user? Im willing to be there's some > sort > >> of > >>>>>>> bash magic that can be done in the xpra startup, but im unsure > where > >> to > >>>>>>> even begin there, im not a python coder... Bash I can do.. But can > >>>>>> anyone > >>>>>>> provide some pointers or tips? > >>>>>> How are you going to start the sessions? Is it going to be on demand > >> for > >>>>>> each user? > >>>>>> How are they connecting to the server? ssh? > >>>>>> Are you going to give them a command line to run or an xpra URI they > >>>>>> just click on? > >>>>>> > >>>>>> This is not the first time something like this has been requested, > so > >>>>>> maybe we can make it easier to setup. > >>>>>> > >>>>>> Cheers, > >>>>>> Antoine > >>>>>> > >>>>>>> > >>>>>>> Thanks in advance, > >>>>>>> > >>>>>>> Celeste > >>>>>>> _______________________________________________ > >>>>>>> shifter-users mailing list > >>>>>>> shifter-users at lists.devloop.org.uk > >>>>>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >>>>>>> > >>>>>> > >>>>>> _______________________________________________ > >>>>>> shifter-users mailing list > >>>>>> shifter-users at lists.devloop.org.uk > >>>>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >>>>>> > >>>>> _______________________________________________ > >>>>> shifter-users mailing list > >>>>> shifter-users at lists.devloop.org.uk > >>>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >>>>> > >>>> > >>>> _______________________________________________ > >>>> shifter-users mailing list > >>>> shifter-users at lists.devloop.org.uk > >>>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >>>> > >>> _______________________________________________ > >>> shifter-users mailing list > >>> shifter-users at lists.devloop.org.uk > >>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >>> > >> > >> _______________________________________________ > >> shifter-users mailing list > >> shifter-users at lists.devloop.org.uk > >> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >> > > _______________________________________________ > > shifter-users mailing list > > shifter-users at lists.devloop.org.uk > > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > > > > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From wuebbel at gmail.com Thu Dec 26 12:08:43 2019 From: wuebbel at gmail.com (wuebbel at gmail.com) Date: Thu, 26 Dec 2019 13:08:43 +0100 Subject: [winswitch] Chrome Fullscreen: ESC vs. F11 and Debugging Issue Message-ID: <002701d5bbe5$3864e960$a92ebc20$@gmail.com> HI, I installed xpra3.04 on an Ubuntu 18.04 headless workstation from the xpra.org repository. Installation went more or less smoothly (after spending an hour without any result on the versions supplied in the Ubuntu archives). Xpra was started as a service automatically, the html5 client was available with minimal configuration. I came upon two issues, none of them critical, which I would like to share: 1. I had an authorization issue on installation (my fault). I tried to debug it using debug=all in /etc/default/xpra. The good thing: I found my error. The bad thing: debug=all logs full passwords to the system log (prefixed by authenticate_check). While I understand that debug=all means debug=all, I was surprised by that behavior (and consequently had to change my password). 2. I use Chrome for Windows to access the html5 version of xpra. When clicking the Fullscreen-Button on the xpra desktop, Chrome goes fullscreen and displays "Press Escape to exit Fullscreen" (german locale). Escape is probably the worst choice for X11 fullscreen when you are an addicted vi user. Works, but as soon as I want to leave edit mode in vi, xpra leaves fullscreen mode. *However* - when using the Fullscreen Button in Chrome's Settings Menu (near "Zoom"), it goes Fullscreen and displays "Press F11 to exit Fullscreen", and F11 is a great choice. This fullscreen mode works perfect, Escape is just a normal key. I have no idea whatsoever why Chrome would support two different exit keys for Fullscreen, depending on where the fullscreen was started from. Is there any way of replicating the Chrome Menu-Behavior for the xpra-fullscreen-button? Best wishes, Frank From antoine at nagafix.co.uk Fri Dec 27 15:47:33 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Fri, 27 Dec 2019 16:47:33 +0100 Subject: [winswitch] SSH wrapper, was: Hi List, Quick Xpra question In-Reply-To: References: <93defabf-6445-95ec-d338-1fe07cc274c2@nagafix.co.uk> <7ca022bb-0dc3-1586-c049-3ef2feae7c3a@nagafix.co.uk> Message-ID: <8f8a06ce-2b1c-9464-04f5-9ec33e754056@nagafix.co.uk> On 24/12/2019 21:54, Celeste Weingartner via shifter-users wrote: > Yeah. I think that with a "xpra start-or-attach --display=$userid" should > do about exactly what I want it to. Awesome, thank you. When might I be > able to see some supporting code in the repo? I'm excited. I had started working on this already, but then other actual bugs got me distracted. The best thing you can do is to add yourself to the CC list for this ticket and test the changes once they are available: https://xpra.org/trac/ticket/2523 Antoine From antoine at nagafix.co.uk Fri Dec 27 18:26:15 2019 From: antoine at nagafix.co.uk (Antoine Martin) Date: Fri, 27 Dec 2019 19:26:15 +0100 Subject: [winswitch] Chrome Fullscreen: ESC vs. F11 and Debugging Issue In-Reply-To: <002701d5bbe5$3864e960$a92ebc20$@gmail.com> References: <002701d5bbe5$3864e960$a92ebc20$@gmail.com> Message-ID: <12936ddd-410c-ac00-ff5a-9dc4020df2ad@nagafix.co.uk> On 26/12/2019 13:08, wuebbel--- via shifter-users wrote: > HI, > > > > I installed xpra3.04 on an Ubuntu 18.04 headless workstation from the > xpra.org repository. Installation went more or less smoothly (after spending > an hour without any result on the versions supplied in the Ubuntu archives). That's the number one problem people encounter. And when they do work, they're dangerous to use: full of serious bugs and security issues. > Xpra was started as a service automatically, the html5 client was available > with minimal configuration. > > I came upon two issues, none of them critical, which I would like to share: > > 1. I had an authorization issue on installation (my fault). I tried to > debug it using debug=all in /etc/default/xpra. The good thing: I found my > error. The bad thing: debug=all logs full passwords to the system log > (prefixed by authenticate_check). While I understand that debug=all means > debug=all, I was surprised by that behavior (and consequently had to change > my password). The "authenticate_check" method is generic and it is used by all sorts of authentication modules: some use tokens or hashes - having those in the log output can be very useful, others use the actual passwords.. This change should prevent the actual password from being logged: https://xpra.org/trac/changeset/24809 And an env var can still be used to restore the full logging. Note: the length of the password will still be visible. > 2. I use Chrome for Windows to access the html5 version of xpra. > When clicking the Fullscreen-Button on the xpra desktop, Chrome goes > fullscreen and displays "Press Escape to exit Fullscreen" (german locale). > Escape is probably the worst choice for X11 fullscreen when you are an > addicted vi user. Works, but as soon as I want to leave edit mode in vi, > xpra leaves fullscreen mode. > > *However* - when using the Fullscreen Button in Chrome's Settings Menu (near > "Zoom"), it goes Fullscreen and displays "Press F11 to exit Fullscreen", and > F11 is a great choice. This fullscreen mode works perfect, Escape is just a > normal key. > > I have no idea whatsoever why Chrome would support two different exit keys > for Fullscreen, depending on where the fullscreen was started from. Is there > any way of replicating the Chrome Menu-Behavior for the > xpra-fullscreen-button? I am afraid not. At least now it will be easier to switch to fullscreen using the keyboard, as the F11 key will also be passed through to the browser: http://xpra.org/trac/changeset/24810 (you can fairly easily apply this change to your installation without waiting for the next release) Cheers, Antoine > > > > Best wishes, Frank > > > > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > From celeste.weingartner at gmail.com Fri Dec 27 22:44:18 2019 From: celeste.weingartner at gmail.com (Celeste Weingartner) Date: Fri, 27 Dec 2019 15:44:18 -0700 Subject: [winswitch] SSH wrapper, was: Hi List, Quick Xpra question In-Reply-To: <8f8a06ce-2b1c-9464-04f5-9ec33e754056@nagafix.co.uk> References: <93defabf-6445-95ec-d338-1fe07cc274c2@nagafix.co.uk> <7ca022bb-0dc3-1586-c049-3ef2feae7c3a@nagafix.co.uk> <8f8a06ce-2b1c-9464-04f5-9ec33e754056@nagafix.co.uk> Message-ID: It looks good, but I don't see how this will prevent the accidental starting of other sessions unless I can somehow specify the display I want it to use. I guess if I can lock each user to only being able to use one display number, that would prevent new sessions being started, and that's where I'm at right now. Thank you for all your help. It is greatly appreciated. On Fri, Dec 27, 2019, 8:48 AM Antoine Martin via shifter-users < shifter-users at lists.devloop.org.uk> wrote: > On 24/12/2019 21:54, Celeste Weingartner via shifter-users wrote: > > Yeah. I think that with a "xpra start-or-attach --display=$userid" should > > do about exactly what I want it to. Awesome, thank you. When might I be > > able to see some supporting code in the repo? I'm excited. > I had started working on this already, but then other actual bugs got me > distracted. The best thing you can do is to add yourself to the CC list > for this ticket and test the changes once they are available: > https://xpra.org/trac/ticket/2523 > > Antoine > _______________________________________________ > shifter-users mailing list > shifter-users at lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users >