Motivation: Qubes OS uses Xen which i’m not a fan of and it’s a bit too hardware finnicky and inflexible (mainly by design) for usability in my use case.
I’ve had some success turning Debian into a VM centric experience with KVM but nothing like the seamless way Quebes does it. Things like LXC, Flatpak, Snaps, Docker and others make seamless isolation “easy” but the idea is to have the security of a full VM while still displaying the app as if it’s native like Qubes.
The plan: What i’m working on now is displaying those VM apps as if they’re native.
Does anyone know of a package or technique I should look into? I’m lost on the best way.
The best i’ve come up with:
- User: Launches app.
- Host: Launch the relevant VM if it’s not launched already and collaborate with the Guest over a communicate channel.
- Guest: Open an X session for the app being requested.
- Guest: Run the app within that X session and full screen it.
- Host: Use a spice compatible viewer to log into that X session.
- Guest: spice-agent running on the guest will match that X session’s resolution to the spice window’s size which the full screened app will match giving it a “native” windowed appearance.
- Guest: Detect closure of either the app or the viewer and kill the X session. Optionally shut down the VM if there’s no more apps running.
Any bits of information greatly appreciated.