Think Zoom, Teams, google meet etc

When sharing the screen, it can see everything the user sees. Would it be possible to isolate what it sees only to GUI applications ran by the same user? If I run these as an unprivileged user via xhost, they don’t really work well. Sandboxing via bubblewrap requires knowledge beyond my current skills and I’m not sure if it would work.

Has anyone

  • @shadowintheday2OP
    link
    English
    110 months ago

    Thank you for the explanation

    So wayland fixes most of these. Is it possible to run GUI programs as another user just like in X with xhost though ? I’m asking not only from a security point, but as a practical one since I need to run the same program under different namespaces/users

    • @[email protected]
      link
      fedilink
      110 months ago

      I can’t way I have tried. But Wayland uses a socket, so many you can set file permissions to let other users access it?

      I don’t know what your exact use case is but if you just want programs to have different “profiles” you can probably do something like setting $HOME to point somewhere else or otherwise configure their data directory.