feat: slightly improved X11 server security

[strk]

Only enable access from the local "root" user, and disable it afterwards. Also simplifies the docker call to avoid repeating value of a known env variable

@billgeo does this work for you on OSX ?

[strk]

On Wed, Jun 17, 2020 at 08:55:58PM -0700, Bill Nelson wrote:

@billgeo commented on this pull request.

No xhost +local:root doesn;t work on MacOS.

Does the current xhost + work ? We can still slightly improve security by runnig xhost - at the end...

I need to set it my xhost +<local_IP>. If I do that on the terminal before running make target it works though.

It's a bit messy, but there some way to throw a useful error message for Mac users to tell them to do xhost + $(ipconfig getifaddr en0) before the make target? Or do that in the Makefile?

Ideally we'd be stricter, yes. Another solution seems to be crafting an Xauthority file but I'm having other issues to make this work on my system

[billgeo]

Does the current xhost + work ?

Yes. That works.

We can still slightly improve security by runnig xhost - at the end...

Sounds like a good small improvement if there's no other side effects.