OmniShell: Building a Virtual Desktop Environment in C++ with wxWidgets
A deep dive into the architecture, VFS security model, and module system
Project: https://github.com/lenik/omnishell
Why "Desktop as an Application"?
Sometimes we need a controlled, specialized workspace:
- Enterprise operator console: 10+ internal tools in one place
- Secure workstation: Only approved apps, all file access audited
- Kiosk devices: Boot directly into workspace, no OS exposure
OmniShell is a self-contained desktop environment as a single application.
Architecture Overview
+------------------------------------------+
| Shell UI (wxWidgets) |
| Desktop | Taskbar | Start Menu | Tray |
+------------------------------------------+
| Module System |
| Notepad | Control Panel | Services |
+------------------------------------------+
| Virtual File System |
| Local | Encrypted | Memory | Network |
+------------------------------------------+
| Host OS |
+------------------------------------------+
Module System
Every app is an independent module:
class Module {
virtual void OnInit() = 0;
virtual void OnShutdown() = 0;
virtual const char* GetName() const = 0;
};
Example: Notepad Module
class NotepadModule : public om::Module {
void OnInit() override {
mainFrame_ = new wxFrame(nullptr, wxID_ANY, "Notepad");
mainFrame_->Show(true);
}
};
OMNISHELL_MODULE_REGISTER(NotepadModule)
Virtual File System (VFS)
No direct filesystem access. All I/O through VFS:
class Volume {
virtual VolumeFile OpenFile(const std::string& path, FileAccess access) = 0;
};
Volume Types
- Local: Standard filesystem with ACLs
- Encrypted: AES-256 encrypted storage
- Memory: Ephemeral, lost on reboot
- Network: S3, WebDAV backends
ACLs & Auditing
class ACL {
bool CheckPermission(const std::string& user,
const std::string& path,
Permission perm);
};
Every operation logged:
[2026-03-27] user=admin module=Notepad action=WRITE result=SUCCESS
Tech Stack
| Component | Purpose |
|---|---|
| wxWidgets 3.0+ | Cross-platform UI |
| C++17 | Language |
| Meson | Build system |
| OpenSSL | Encryption |
Build
meson setup build
ninja -C build
./build/omnishell
Use Cases
- Enterprise Console: Unified monitoring for 15+ services
- Secure Workstation: Encrypted code storage, audit exports
- Kiosk Demo: Memory VFS, auto-launch, clean reboot
Comparison
| Feature | OmniShell | Electron |
|---|---|---|
| Resources | Low (native) | High (Chromium) |
| Security | VFS-enforced | Sandbox |
| Modularity | Built-in | Custom |
Roadmap
- [ ] File Manager
- [ ] Theme System
- [ ] Docker Integration
- [ ] Plugin Marketplace
Conclusion
Desktop as an application = unprecedented control.
GitHub: https://github.com/lenik/omnishell
Star if useful!
Top comments (0)