Questions about --hostwayland security

[D4Delta]

I understands that --hostdisplay is not good for security, but what are the security concern of --hostwayland ?

Context: I'm currently using KDE Plasma, but I'm considering switching to Sway to reduce the overhead caused by multiple containers running with --xpra.

[mviereck]

I don't have security concerns about --hostwayland. The Wayland protocol is designed to isolate application windows from each other. This in opposite to the X11 protocol that allows access to other X applications running on the same X server (--hostdisplay).

This goes for the protocol design. It is always possible that there is a security leak somewhere in the software implementation, i.e. in the Wayland libraries. This is something x11docker cannot control and would affect each setup I can imagine.

tl;dr: I have no concerns about --hostwayland except the fact that software is never 100% secure.

Context: I'm currently using KDE Plasma, but I'm considering switching to Sway to reduce the overhead caused by multiple containers running with --xpra.

• Using --nxagent would cause less overhead than --xpra for X applications.
• KDE/Plasma provides a Wayland compositor that you could use with --hostwayland for Wayland applications. Compare:

  x11docker --gpu x11docker/plasma startplasmacompositor

  However, I am not sure if KDE-Wayland is ready for regular use.

[D4Delta]

Thank you for the quick and insightful answer!