On 19/12/2019 16:19, Celeste Weingartner via shifter-users wrote: > im writing a frontend for Xpra that will use ssh to connect. I would like > to make a ultra persistant chrome session be remotely served.. Running browsers through xpra seems to be a popular use case. Are you using xpra's builtin ssh server or are you allowing those users shell access on your server? (and restricting what commands they are allowed to run?)
> Ive got > firejail working for chrome, and i can manually connect with xpra start > someu...@apphost.com --start-child='google-chrome' and that works.. and i > can reattach to it no problem but if i reisssue another start, it starts > another x session, which i do not want.. I want it limited to one per user. An easy way to achieve that would be to derive the X11 display for each user from their user id. That way a user would only ever be able to start a single session. FYI: most browsers, including chrome, are limited to a single instance per user account. To make things easier to manage, we could add a new subcommand: "xpra attach-or-start" Or maybe a new flag: "xpra attach --create=yes" Or even: "xpra start --reuse-session=yes" Ideas and suggestions welcome. When connecting over ssh, the xpra client will run "xpra _proxy", potentially with extra arguments, and this is what connects the xpra server to the ssh channel. The remote xpra command can be changed using the "--remote-xpra=" command line option. This would be a decent place to override the default behaviour and start a new server instance if one is not found, before trying to connect to it. Cheers, Antoine > max. > > > On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users < > shifter-users@lists.devloop.org.uk> wrote: > >> On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: >>> Hi Everyone, im not sure if the devel list would be the place for this or >>> not.. So i'll ask. >>> >>> Im trying to use Xpra to create an application server. For a specific >>> application. I do not want users to be able to spawn more than 1 xpra >>> server process. I want them to be limited to 1. Short of disabling server >>> commands, and using firejail which im already doing, how can I further >>> limit it to one server per user? Im willing to be there's some sort of >>> bash magic that can be done in the xpra startup, but im unsure where to >>> even begin there, im not a python coder... Bash I can do.. But can >> anyone >>> provide some pointers or tips? >> How are you going to start the sessions? Is it going to be on demand for >> each user? >> How are they connecting to the server? ssh? >> Are you going to give them a command line to run or an xpra URI they >> just click on? >> >> This is not the first time something like this has been requested, so >> maybe we can make it easier to setup. >> >> Cheers, >> Antoine >> >>> >>> Thanks in advance, >>> >>> Celeste >>> _______________________________________________ >>> shifter-users mailing list >>> shifter-users@lists.devloop.org.uk >>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >>> >> >> _______________________________________________ >> shifter-users mailing list >> shifter-users@lists.devloop.org.uk >> https://lists.devloop.org.uk/mailman/listinfo/shifter-users >> > _______________________________________________ > shifter-users mailing list > shifter-users@lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > _______________________________________________ shifter-users mailing list shifter-users@lists.devloop.org.uk https://lists.devloop.org.uk/mailman/listinfo/shifter-users
