43 lines
2.5 KiB
Markdown
43 lines
2.5 KiB
Markdown
# sidebus
|
|
|
|
(it.. runs as a "sidecar" to a VM.. but manages D-*Bus*.. get it?)
|
|
|
|
<video controls muted src="https://git.clan.lol/valpackett/sidebus/releases/download/__assets__/vm-filechooser-portal-2.webm">
|
|
<p><a href="https://git.clan.lol/valpackett/sidebus/releases/download/__assets__/vm-filechooser-portal-2.webm">Watch demo →</a></p>
|
|
</video>
|
|
|
|
A cross-domain smart D-Bus proxying system that makes (some) [XDG Desktop Portals] work across virtual machines.
|
|
|
|
[XDG Desktop Portals]: https://flatpak.github.io/xdg-desktop-portal/docs/index.html
|
|
|
|
## Design Overview
|
|
|
|
- `sidebus-broker` host process:
|
|
- to be launched alongside the VMM
|
|
- hosts D-Bus servers in-process, based on [busd](https://github.com/dbus2/busd):
|
|
- a "private" bus for VM-instance-specific daemons such as permission-store and document-portal
|
|
- a "VM" bus, the one actually exposed to the guest over vsock
|
|
- orchestrates the lifecycle of the aforementioned daemons + virtiofsd
|
|
- (we are sharing the directory *provided by* the document-portal FUSE filesystem!)
|
|
- provides portal front-end interfaces like `org.freedesktop.portal.FileChooser` on the VM bus
|
|
- by proxying to the host session's xdg-desktop-portal!..
|
|
- (not talking directly to impls: don't want to reimplement per-DE portal selection; also 1:1 mapping is nicer to code)
|
|
- but with extra hooks like exposing files to the guest using our private (per-VM) document-portal!
|
|
- `sidebus-agent` guest process:
|
|
- listens on a guest unix socket, proxies D-Bus messages to a vsock
|
|
- spawned on-demand by systemd via socket activation
|
|
- uses systemd credentials for config args like vsock port
|
|
- (very convenient to pass via the VMM, e.g. qemu: `-smbios type=11,value=io.systemd.credential:sidebus.port=1337`)
|
|
- guest NixOS configuration exposed via the flake
|
|
|
|
## Development Notes
|
|
|
|
- the Nix flake provides paths to the daemons we run via environment variables..
|
|
conveniently, both in the release build *and* in the dev shell (so rust-analyzer doesn't complain)!
|
|
- the `--debug-access` flag of `sidebus-broker` allows for testing on the host, without needing to connect over vsock, e.g.:
|
|
- `clear; rm /tmp/b/* ; mkdir -p /tmp/{b,r} ; RUST_LOG=debug cargo run --bin sidebus-broker -- --debug-access /tmp/b --vsock-port 1234 --runtime-dir /tmp/r`
|
|
- `GTK_A11Y=none DBUS_SESSION_BUS_ADDRESS=unix:path=/tmp/b/vm.sock ashpd-demo`
|
|
|
|
## Acknowledgments
|
|
|
|
[Spectrum](https://spectrum-os.org/)'s work on a similar system has been very helpful during the development process.
|