Support Proper X Session Nesting

[iacore]

Describe the feature

It should be possible to run a xserver inside another xserver, securely separated by IPC.

The child session's mouse, keybord, other input device state inherit from its parent.

• Forward X Windows graphics, input, whatever else that an application X11 need to work.
• When any window of the guest session is not focused, they don't receive any input events.
• Separate clipboard.
• Other security domain separation.

It's kind of like having multiple workspaces overlaid on top of one another, where each workspace cannot see the other, but the computer display/screen/monitor shows them all.

It should be implemented because

I worked on X11 emulated device driver for QubesOS in the past.

The promise: Guest VMs within QubesOS/Xen should receive mouse/keyboard input when their windows are

Reality: The xinput/libinput event syncing is a joke. Key up / key down events desync. There is just no way that it could be done cleanly without help from the parent XServer.

What are the alternatives?

Not really.

Additional context

https://github.com/search?q=author%3Aiacore+org%3Aqubesos&type=pullrequests

Extra fields

• I have checked the existing issues
• I have read the Contributing Guidelines
• I'd like to work on this issue

[cepelinas9000]

That is job for Xnamespace (not sure, but in current state only: When any window of the guest session is not focused, they don't receive any input events. - not yet implemented) , there are wip documentation: #458

[metux]

Xnest ?

[iacore]

Qubes OS need a separate libinput device list for each Guest VM. I don't know about Xnest.