Private Session

Allow users to log into an ephemeral session

The goal is to allow users to create a second session, which is independent of the first session where most modifications will be discarded automatically. This feature may also be useful for development purposes.

This task is quite complex and it is not expected that a polished product will be ready at the end of the internship.

Step 1

Create a new session type which can theoretically run in parallel with another session without corrupting anything in $HOME.

In the simplest case this should do:

  • Push most applications into a new namespace
  • Modify this namespace so that $HOME points to an overlayfs with modified
    • storage living on a tmpfs. This makes $HOME immutable while still letting all programs works as expected.

Note that this is not very useful, as the user is unable to store files in their home directory

Step 2

Modify gnome-shell (both lock screen and GDM part) to be able to start a second private session for the user. This will mean:

  • Extending the .desktop file for the session to show that it can run in parallel
  • Allow the user to open or switch to the normal/private session when selecting "Switch User"

Goal here is to get the basic infrastructure in place and allow the user to switch between the normal and private sessions.

Step 3

Enable the user to modify their own files while still not being able to touch system files. There are different possibilities here, and some investigation should happen.

It might be possible to use Flatpak portals in applications to enable them to directly open files on the real $HOME rather than the ephemeral version.

When this is impossible, we could create a FUSE file system rather than using a simple overlay. In a first step, it could have a blacklist/whitelist of directories that may be accessed normally. In a second step, we could prompt for user confirmation when accessing a writeable file.

Step 4

Improve the gnome-shell integration by making it aware it is running in a private session. In this session, it should e.g. default to starting to "open a new private window" when launching a browser.

Step 5

Improve the gnome-shell integration, making it simpler to start and switch between normal/private session. This will require discussions with the design team.

Requirements: C, GLib, platform knowledge (logind, GDM, namespaces).

Communication: gicmo and benzea at #gnome-hackers channel

Internships/2018/Projects/PrivateSession (last edited 2018-05-04 17:18:38 by ChristianKellner)