This will solve a lot of problems but would like to get a security opinion.

Jorge - are you the right person to advise on this?

I worry that linuxhost could be an actual host.

Where does linuxhost come from? Did we just make it up?

There is no RFC calling for linuxhost to be a special domain, linuxhost could indeed very well be an actual host, it should not be treated as a secure origin.

It came from  Issue 825010 

What would be the process for calling for linuxhost to be a special domain? Are there are alternatives we should consider?

That issue doesn't cover why there is a requirement to make this a secure origin. What is the reason there? What are the differences in dev tools?

 Issue 825010  also points out the right way to solve this problem (register a subdomain of .local or .test), so the right thing to do here is to solve that first, rather than make a random domain chosen in a leads meeting have special hardcoded powers.

We weren't aware of the secure origin requirement in that bug, which is why this one exists :-) Since Crostini is currently focused on web development, the requirement is for testing of PWA installability and other web features that require a secure origin.

We're open to changing from linuxhost if that's what makes the most sense. jkardatzke is OOO this week though so let's chat next week when he's back.

Yes, a lot of new APIs are only exposed on HTTPS and localhost (for development purposes) - running a local web server and testing in chrome is quite useful, but it means that the APIs requiring HTTPS should be available.

 Issue 850535  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e9a6e22073dac37a5cb53762da090331fb711165

commit e9a6e22073dac37a5cb53762da090331fb711165
Author: Jeffrey Kardatzke <jkardatzke@google.com>
Date: Thu Jun 28 20:26:53 2018

Add *.linux.test as a secure origin for Chrome OS

This is to enable web development work where a webserver is running in
a Crostini VM/container and then connected to from Chrome.
penguin.linux.test will resolve to the default container's IP address
and <container>.<vm>.linux.test will resolve to any container/VM that
is running.

Bug= 849134 
Test=Verified with service worker example

Change-Id: I23d170e29747d0d1e660171f635b1ded9348ac32
Reviewed-on: https://chromium-review.googlesource.com/1118919
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Jeffrey Kardatzke <jkardatzke@google.com>
Cr-Commit-Position: refs/heads/master@{#571244}
[modify] https://crrev.com/e9a6e22073dac37a5cb53762da090331fb711165/chrome/common/secure_origin_whitelist.cc

This part is fixed...the CLs for making this the actual hostname still need to get merged in Chrome OS.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/4bbb4d9a8e0ac36a7a6f99afb8ad9d6204ac6afb

commit 4bbb4d9a8e0ac36a7a6f99afb8ad9d6204ac6afb
Author: Jeffrey Kardatzke <jkardatzke@google.com>
Date: Wed Jul 04 01:18:23 2018

crosdns/vm_tools: Use penguin.linux.test hostname for container

This changes the hostname for the default Crostini container to be
penguin.linux.test. It also changes the hostnames for any container to be
<container>.<vm>.linux.test.

BUG= chromium:849134 , chromium:825010 
TEST=Unit tests pass, verified /etc/host and Chrome connection

Change-Id: Ibee8acf994036775fed92c12cd4ffeb92f691790
Reviewed-on: https://chromium-review.googlesource.com/1112570
Commit-Ready: Jeffrey Kardatzke <jkardatzke@google.com>
Tested-by: Jeffrey Kardatzke <jkardatzke@google.com>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

[modify] https://crrev.com/4bbb4d9a8e0ac36a7a6f99afb8ad9d6204ac6afb/crosdns/hosts_modifier_unittest.cc
[modify] https://crrev.com/4bbb4d9a8e0ac36a7a6f99afb8ad9d6204ac6afb/vm_tools/cicerone/service.cc
[modify] https://crrev.com/4bbb4d9a8e0ac36a7a6f99afb8ad9d6204ac6afb/crosdns/hosts_modifier.cc
[modify] https://crrev.com/4bbb4d9a8e0ac36a7a6f99afb8ad9d6204ac6afb/vm_tools/concierge/service.cc