X11 Guide

This is a stub for now and should give an overview.

Why should I use this?
On normal usage of firejail netstat a | grep X11 shows abstract sockets @/tmp/.X11-unix/X0 that hackers can use to attach keylogger and screenshot programs to.
Using a firejailed x11 server or Wayland prevents this.
Limitations
general:
xephyr: Applications inside the firejailed x11-server are unresizeable and have smaller size than the configurable x11 window.
xpra: dependencies?
xvfb: legacy?

Usage firejail --x11=[xpra|xephyr|xvfb] --net=NETWORKADAPTER PROGRAM

first default is xpra, second xephyr default configuration (in firejail.config)
NETWORKADAPTER finding: ls /sys/class/net

Read the man pages for further configuration.

install?
xpra?
xephyr?
-> resizing goes here
testing?
attaching to existing x11 server

(later in section usage optional clipboard)

Home
firejail for users
firejail for contributors
Firejail Universe
Comparison of firejail and systemd's hardening options

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

X11 Guide

Clone this wiki locally