Think Zoom, Teams, google meet etc
When sharing the screen, it can see everything the user sees. Would it be possible to isolate what it sees only to GUI applications ran by the same user? If I run these as an unprivileged user via xhost, they don’t really work well. Sandboxing via bubblewrap requires knowledge beyond my current skills and I’m not sure if it would work.
Has anyone
Thank you for the explanation
So wayland fixes most of these. Is it possible to run GUI programs as another user just like in X with xhost though ? I’m asking not only from a security point, but as a practical one since I need to run the same program under different namespaces/users
I can’t way I have tried. But Wayland uses a socket, so many you can set file permissions to let other users access it?
I don’t know what your exact use case is but if you just want programs to have different “profiles” you can probably do something like setting
$HOME
to point somewhere else or otherwise configure their data directory.