I use https://github.com/slingamn/namespaced-openvpn to have a isolated namespace and VPN connection
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users
sudo xhost '+si:localuser:user'
sudo ip netns exec protected sudo -u user -i
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin
error: XDG_RUNTIME_DIR is invalid or not set in the environment.
Failed to create wl_display (No such file or directory)
I’ve tried to preserve the env without success:
sudo -E ip netns exec protected sudo -u user -i
It seems that I access to the wayland socket is a must for this to work
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created
https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
Another thing to solve: XWayland apps as a different user
Giving access to the wayland socket makes other users able to use wayland; however programs that rely on XWayland to work don’t seem to get it:
Start Failed Failed to initialize graphics environment java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable. at java.desktop/sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
Wine
0120:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFA, 0ECAFF08 0128:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded. 0128:err:winediag:nodrv_CreateWindow L"The explorer process failed to start." 0128:err:systray:initialize_systray Could not create tray window 0114:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded. 0114:err:winediag:nodrv_CreateWindow L"Make sure that your X server is running and that $DISPLAY is set correctly." 0114:fixme:kernelbase:AppPolicyGetProcessTerminationMethod FFFFFFFA, 0DE4FB40
env | grep -i display WAYLAND_DISPLAY=wayland-0 DISPLAY=:0