add note about x11 security
This commit is contained in:
@@ -54,8 +54,11 @@ This script should mount the proxy socket and set the `DISPLAY` variable appropr
|
||||
## Security
|
||||
|
||||
- The proxy socket is protected by file permissions (0700), ensuring only your user can access it.
|
||||
|
||||
- For remote X sessions, valid `xauth` credentials are required. X11Proxy injects these credentials into the connection automatically, so your Docker container does not need to have your `xauth` file.
|
||||
|
||||
- Note: X11Proxy does not provide isolation between GUI applications. Once connected, containerized apps can interact with other X11 clients on the same display (e.g. capturing input, reading window contents). This is a known limitation of X11 itself and may be addressed in future versions with optional sandboxing or per-client filtering.
|
||||
|
||||
## License
|
||||
|
||||
BSD 2-Clause License. See [https://opensource.org/license/bsd-2-clause](https://opensource.org/license/bsd-2-clause) for details.
|
||||
|
||||
Reference in New Issue
Block a user