Closed D4Delta closed 5 years ago
I don't have security concerns about --hostwayland
. The Wayland protocol is designed to isolate application windows from each other.
This in opposite to the X11 protocol that allows access to other X applications running on the same X server (--hostdisplay
).
This goes for the protocol design. It is always possible that there is a security leak somewhere in the software implementation, i.e. in the Wayland libraries. This is something x11docker cannot control and would affect each setup I can imagine.
tl;dr: I have no concerns about --hostwayland
except the fact that software is never 100% secure.
Context: I'm currently using KDE Plasma, but I'm considering switching to Sway to reduce the overhead caused by multiple containers running with --xpra.
--nxagent
would cause less overhead than --xpra
for X applications.--hostwayland
for Wayland applications. Compare:
x11docker --gpu x11docker/plasma startplasmacompositor
However, I am not sure if KDE-Wayland is ready for regular use.
Thank you for the quick and insightful answer!
I understands that
--hostdisplay
is not good for security, but what are the security concern of--hostwayland
?Context: I'm currently using KDE Plasma, but I'm considering switching to Sway to reduce the overhead caused by multiple containers running with
--xpra
.