undefined | Better HN

0 pointsVTimofeenko4y ago0 comments

Firejail with spawning nested Xorg works fine for me, including text-only copypaste between "host" and "guest" and automatic file synchronization through bind-like mounts. For some firejails I also use Linux network namespaces to control traffic going through taps. My introduction to this approach was the alternative Gentoo handbook by Sakaki[1], but the principles would apply on any distro.

There's also a very interesting read on Qubes-like experience on NixOs with Wayland and XWayland[2,3].

[1]: https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki%27s_EFI_Inst...

[2]: https://roscidus.com/blog/blog/2021/03/07/qubes-lite-with-kv...

[3]: https://roscidus.com/blog/blog/2021/10/30/xwayland/

0 comments

3 comments · 1 top-level

tome4y ago· 2 in thread

What's nested Xorg? Do you mean you run each app in a separate VNC or RDP server?

VTimofeenkoOP4y ago

An example would be Xephyr[1]. Archwiki[2] has a decent summary.

In my case, I have the standard xorg session started by my login manager. Then I start Xephyr with a separate DISPLAY, that shows up as just a window in the parent environment. It does look kinda like RDP or VNC.

[1]: https://linux.die.net/man/1/xephyr [2]: https://wiki.archlinux.org/title/Xephyr

tome4y ago

That's very cool, thanks!

j / k navigate · click thread line to collapse