Launching a x11=xephyr Firejail instance to a full monitor instead of a window

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox

https://firejail.wordpress.com

GNU General Public License v2.0

5.75k stars 564 forks source link

Launching a x11=xephyr Firejail instance to a full monitor instead of a window #2008

Open Futureknows opened 6 years ago

Futureknows commented 6 years ago

Using the following Xephyr command we can launch a Xephyr instance to a full screen of a monitor (DP-4) rather than to a windowed xephyr instance.

Xephyr :1 -output DP-4

Is it possible to pass these parameters to a x11=Xephyr firejail so that the output will be a full monitor? I tried adding the :1 -output DP-4 to the # Xephyr command extra parameters section of firejail.config but it didn't pass the parameters.

# Xephyr command extra parameters. None by default; these are examples.
# xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev
# xephyr-extra-params -grayscale
xephyr-extra-params :1 -output DP-4

netblue30 commented 6 years ago

I put a fix in git to display the parameters passed to Xephyr at startup. It is passing xephyr-extra-params, however it complains about DP-4:

$ firejail --x11=xephyr xterm
*** Starting xephyr server: "Xephyr" "-ac" "-br" "-noreset" "-screen" "800x600" "-title" "firejail x11 sandbox" ":1" "-output" "DP-4" ":696" ***

Reading profile /etc/firejail/Xephyr.profile
Reading profile /etc/firejail/whitelist-common.inc
Parent pid 6048, child pid 6049
Child process initialized in 30.38 ms

Output DP-4 not available in host X server.

Parent is shutting down, bye...
Error: failed to start xephyr

Futureknows commented 6 years ago

Is it possible to pass Xephyr parameters (such as the resolution and screen) directly from the Firejail command line, overriding the firejail.config?

chiraag-nataraj commented 6 years ago

@Futureknows You can pass the resolution (--xephyr-screen), but I don't think anything else can be passed through the command line.

rusty-snake commented 5 years ago

Is it possible to pass Xephyr parameters (such as the resolution and screen) directly from the Firejail command line, overriding the firejail.config?

Should we implement this?

jonleivent commented 4 years ago

I added my + to the request to be able to pass Xephyr parameters directly from the Firejail command line or profile. Others are very useful: -title, -resizeable, -no-host-grab, etc. I would like to start multiple Xephyr'ed firejails each with a different title, and can't do that now easily (I need to wrap launch of the jail in a script, determine the window it creates, and run xdotool).

Futureknows commented 4 years ago

A better solution then Xephyr might be functioning x11 security extensions. I never have been able to get x11 security extensions working under Fedora, but some report that they work under Debian.

The problem is discussed at https://github.com/netblue30/firejail/issues/1197

Has anyone had success with xorg security extensions working with firejails?