Firejail now supports X11 sandboxing

Reminder that this breaks basic features like copy&#x2F;paste, drag-and-drop, and a lot of applications that spawn helper applications and expect them to be on the same display.<p>There is a reason that the general Linux desktop camp is <i>not</i> adopting solutions like this and instead preferring Wayland, and that&#x27;s that these systems can never be production ready and support the featureset that traditional X11 can support.<p>Also, I tested my keylogger [0] on this setup, and it still got through. Oops. They&#x27;re proxying through XRecord and XTest it seems.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;magcius&#x2F;keylog" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;magcius&#x2F;keylog</a>

This is sorely needed as part of mainstream desktops due to the extended power of APIs available to web pages like file access for instance.

Could similar results be achieved with (x)wayland by spawning a separate X server for each application? IIUC xwayland spawns an X server on demand, but just one (so X applications can spy on each-other while wayland apps cannot, and X cannot spy on wayland apps).