|Main Archive Page > Month Archives > fedora-selinux archives|
I assumed sandboxed application run within there own embedded X server
instance (Xephyr) to protect Xorg against attacks originating from the
sandbox. My assumption seams to be wrong as the recent security issue
My question is: Why do sandboxed X application run within Xephyr?
Is the attack surface smaller if an application runs within Xephyr even
if Xephyr must be allowed to talk to Xorg?
-- selinux mailing list firstname.lastname@example.org https://admin.fedoraproject.org/mailman/listinfo/selinux