Window Managers

Window managers in X are regular client applications that control the surroundings and placement of other windows on the screen. Window ``decorations'' such as title bars, borders, and resize handles are drawn by the window manager. Window managers have a great deal of control over other application windows, reparenting, moving, hiding, and resizing them as necessary. Because of this, it would be beneficial to run window managers in a separate domain from regular clients. Refer to Figure 3.

Figure 3: Example window manager domain policy.

Line 1 allows the domain to access X protocol extensions designed specifically for window managers. Line 4 grants access to window manager related properties while line 5 grants permission to read and write properties on any application window; together these two lines grant access to window manager related properties (and only those properties) on all application windows. An example of such a property would be WM_NAME.

Lines 8-13 grant extensive control over application windows, including the ability to move, hide, and reparent them, change the stacking order, and send notification messages of these activities to clients. Lines 16-21 grant permission to change the input focus to any window, move the mouse cursor, and create ``grabs'' on the server, which are used to redirect or temporarily interrupt input events.

The power required by window managers warrants a thorough review of any candidate before admitting it to the domain. However, the limited number of such programs in common desktop use should make this a tractable task.