On 14/02/2024 23:30, Vinícius dos Santos Oliveira via shifter-users wrote:
How to make xpra add -nolisten local to Xorg invocation?
You can just add it to your Xvfb command line in /etc/xpra, see: https://github.com/Xpra-org/xpra/blob/a3a51067e61d710d1f63b48e4bbffa66ff71ab83/fs/etc/xpra/conf.d/55_server_x11.conf.in#L32-L41
I'm running multiple xpra servers in the same network namespace and I don't want each xpra server to have access to each other's X11 sockets (auth exists, but there's still zero reason to have sockets in the abstract namespace).
Incidentally, xpra v6 supports abstract sockets: https://github.com/Xpra-org/xpra/issues/4098 Which you can turn off with --bind=noabstract The default is to use peercred to filter connections.
This link provides more info: https://tstarling.com/blog/2016/06/x11-security-isolation/
Cheers, Antoine _______________________________________________ shifter-users mailing list shifter-users@lists.devloop.org.uk https://lists.devloop.org.uk/mailman/listinfo/shifter-users
