On Wed, 21 Sep 2016 21:51:10 +0000 Yawning Angel <yawning@xxxxxxxxxxxxxxx> wrote: > There shouldn't be anything stopping people from using a nested X > solution with sandboxed-tor-browser, since it honors DISPLAY and > writes out a new ~/.Xauthority in the sandbox tmpfs, as long as the > secondary X server puts the AF_LOCAL socket in the traditional > location under /tmp. Yep, Xephyr "just works", assuming you make sure to add a `MIT-MAGIC-COOKIE-1` credential for it to the Xauthority file. For convenience I added an option to the config file to override the DISPLAY env var that sandboxed processes see. It works ok, but isn't for me, because copy and paste between the parent and nested X session is a huge pain. I briefly considered adding an option to auto-start the nested X server, but certain aspects of the Firefox UI break without an window manager. Regards, -- Yawning Angel
Attachment:
pgpOZc1zcWbAO.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev