mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-10-01 01:25:40 -04:00
gsoc: add new ideas collected from qubes-devel ML
This commit is contained in:
Marek Marczykowski-Górecki
parent
13f66bce38
commit
5427e4c4b2
@ -143,6 +143,84 @@ would override all the user changes there). More details:
|
||||
|
||||
**Mentor**: [Marek Marczykowski-Górecki](/team/)
|
||||
|
||||
### Easy inter-VM networking configuration
|
||||
|
||||
**Project**: Easy inter-VM networking configuration
|
||||
|
||||
**Brief explanation**: Utility to easily configure selected VMs to be reachable (by network) from other VMs or outside network. Currently such configuration require adding iptables rules in multiple VMs manually. For exposing VM to outside network, it may be good to adopt qrexec-based TCP forwarding ([#2148](https://github.com/QubesOS/qubes-issues/issues/2148)).
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- support firewall rules for inter-VM traffic in qubes-firewall - both VM side (qubes-firewall service) and dom0 configuration side (relevant Admin API calls)
|
||||
- mechanism for configuring firewall in target VM, especially INPUT iptables chain - currently it is hardcoded to drop new incoming connections
|
||||
- convenient tool (or modification to existing tool) for controlling above mechanisms
|
||||
- integration the above with existing GUI tools (especially VM settings)
|
||||
|
||||
Relevant links:
|
||||
- [Qubes networking and firewall documentation](/doc/firewall/)
|
||||
- [qubes-firewall service code](https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubesagent/firewall.py)
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- iptables
|
||||
- basics of nft
|
||||
- python3
|
||||
|
||||
**Mentor**: [Marek Marczykowski-Górecki](/team/)
|
||||
|
||||
### Mechanism for maintaining in-VM configuration
|
||||
|
||||
**Project**: Mechanism for maintaining in-VM configuration
|
||||
|
||||
**Brief explanation**: Large number of VMs is hard to maintain. Templates helps with keeping them updated, but many applications have configuration in user home directory, which is not synchronized.
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Design a mechanism how to _safely_ synchronize application configuration living in user home directory (`~/.config`, some other "dotfiles"). Mechanism should be resistant against malicious VM forcing its configuration on other VMs. Some approach could be a strict control which VM can send what changes (whitelist approach, not blacklist).
|
||||
- Implementation of the above mechanism.
|
||||
- Documentation how to configure it securely.
|
||||
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- shell and/or python scripting
|
||||
- Qubes OS qrexec services
|
||||
|
||||
**Mentor**: [Marek Marczykowski-Górecki](/team/), [Wojtek Porczyk](/team/).
|
||||
|
||||
### Wayland support in GUI agent and/or GUI daemon
|
||||
|
||||
**Project**: Wayland support in GUI agent and/or GUI daemon
|
||||
|
||||
**Brief explanation**: Currently both GUI agent (VM side of the GUI virtualization) and GUI daemon (dom0 side of GUI virtualization) support X11 protocol only. It may be useful to add support for Wayland there. Note that those are in fact two independent projects:
|
||||
|
||||
1. GUI agent - make it work as Wayland compositor, instead of extracting window's composition buffers using custom X11 driver
|
||||
2. GUI daemon - act as Wayland application, showing windows retrieved from VMs, keeping zero-copy display path (window content is directly mapped from application running in VM, not copied)
|
||||
|
||||
**Expected results**:
|
||||
|
||||
Choose either of GUI agent, GUI daemon. Both are of similar complexity and each separately looks like a good task for GSoC time period.
|
||||
|
||||
- design relevant GUI agent/daemon changes, the GUI protocol should not be affected
|
||||
- consider window decoration handling - VM should have no way of spoofing those, so it must be enforced by GUI daemon (either client-side - by GUI daemon itself, or server-side, based on hints given by GUI daemon)
|
||||
- implement relevant GUI agent/daemon changes
|
||||
- implement tests for new GUI handling, similar to existing tests for X11 based GUI
|
||||
|
||||
Relevant links:
|
||||
- [Low level GUI documentation](/doc/gui/)
|
||||
- [qubes-gui-agent-linux](https://github.com/qubesos/qubes-gui-agent-linux)
|
||||
- [qubes-gui-daemon](https://github.com/qubesos/qubes-gui-daemon)
|
||||
- [Use Wayland instead of X11 to increase performance](https://github.com/qubesos/qubes-issues/issues/3366)
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- Wayland architecture
|
||||
- basics of X11 (for understanding existing code)
|
||||
- C language
|
||||
- using shared memory (synchronization methods etc)
|
||||
|
||||
**Mentor**: [Marek Marczykowski-Górecki](/team/).
|
||||
|
||||
### Qubes Live USB
|
||||
|
||||
**Project**: Revive Qubes Live USB, integrate it with installer
|
||||
@ -298,6 +376,10 @@ details in [#2618](https://github.com/QubesOS/qubes-issues/issues/2618).
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- nftables
|
||||
- iptables
|
||||
- IPv6
|
||||
|
||||
**Mentor**: [Patrick Schleizer](/team/)
|
||||
|
||||
### Audio support for Qubes Windows Tools
|
||||
|
||||
Loading…
Reference in New Issue
Block a user