You can use Xephyr or Xnest to sandbox an untrusted or insecure application with... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		zozbot234 88 days ago \| parent \| context \| favorite \| on: 200 MB RAM FreeBSD desktop You can use Xephyr or Xnest to sandbox an untrusted or insecure application within its own X11 instance. This gives you the exact same kind of security property that Wayland happens to enforce out of the box for its clients, except that it need not apply to basic desktop components such as the window manager or the desktop panel. You don't even need Xlibre or anything, this stuff has been around for ages. It's not rocket surgery!

sergeykish 87 days ago [–]

Xephyr or Xnest sandbox break screensharing, global shortkeys.

You've just confirmed obvious. No way to improve security without breaking changes. And you demand mostly nontechnical users to blacklist applications. That's a recipe for disaster.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact