ezterry/X11Proxy
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Compare commits

base: ezterry:60ac69621ea1ccce38aa6df67fdbc2ce63f1b601
Branches Tags
ezterry:main
ezterry:v0.2 ezterry:v0.1
...
compare: ezterry:main
Branches Tags
ezterry:main
ezterry:v0.2 ezterry:v0.1

3 Commits
60ac69621e ... main

Author SHA1 Message Date
Terrence Ezrol
398b877cf9 bump version 0.2 2025-08-03 11:32:44 -04:00
Terrence Ezrol
5da6f9fb0a Some wayland issues 
At least with experimental cinnamon w/ xwayland there is a minor bug:

DISPLAY may be set to :1, despite xwayland listening on :0
in this case connections to :1 will indicate not ready/retry

in this case to mimic most X11 libraries try :0 if we get this on :1, or :1 if we are on :0
otherwise we will retry the current DISPLAY requested

to be sure this is a valid approch we also check `xset q` this must return as working with the original display to try the other one
 2025-08-03 11:28:37 -04:00
Terrence Ezrol
57c24e479f add note about x11 security 2025-08-03 09:19:43 -04:00
3 changed files with 62 additions and 1 deletions
Expand all files Collapse all files

3
README.md
View File

@@ -54,8 +54,11 @@ This script should mount the proxy socket and set the `DISPLAY` variable appropr
## Security
- The proxy socket is protected by file permissions (0700), ensuring only your user can access it.
- For remote X sessions, valid `xauth` credentials are required. X11Proxy injects these credentials into the connection automatically, so your Docker container does not need to have your `xauth` file.
- Note: X11Proxy does not provide isolation between GUI applications. Once connected, containerized apps can interact with other X11 clients on the same display (e.g. capturing input, reading window contents). This is a known limitation of X11 itself and may be addressed in future versions with optional sandboxing or per-client filtering.
## License
BSD 2-Clause License. See [https://opensource.org/license/bsd-2-clause](https://opensource.org/license/bsd-2-clause) for details.

25
main.go
View File

@@ -10,7 +10,7 @@ import (
"x11proxy/x11probe"
)
const version = "0.1"
const version = "0.2"
var (
overrideDisplay = flag.String("display", "", "Override DISPLAY")
@@ -52,7 +52,30 @@ func main() {
log.Fatalf("Connection probe error: %v", err)
}
if status == x11probe.X11TemporarilyUnavailable {
//retry 1x, but change display if :0/:1 assuming wayland dead socket
if display == ":1" && x11probe.CheckDisplay(display) {
log.Printf("is wayland scoket wrong? try :0")
display = ":0"
connType, target = resolveDisplay(display)
fmt.Printf("Proxying to %s (%s)\n", target, connTypeString(connType))
} else {
if display == ":0" && x11probe.CheckDisplay(display) {
log.Printf("is wayland scoket wrong? try :1")
display = ":1"
connType, target = resolveDisplay(display)
fmt.Printf("Proxying to %s (%s)\n", target, connTypeString(connType))
}
}
status, err = x11probe.ProbeX11Socket(connType, target, timeout)
if err != nil {
log.Fatalf("Connection probe error: %v", err)
}
}
switch status {
case x11probe.X11TemporarilyUnavailable:
log.Fatalf("Target connection is temporarily unavalible, is X11 running?")
case x11probe.X11Live:
log.Println("X11 socket is live and accepting connections")
case x11probe.X11AuthRequired:

35
x11probe/probe.go
View File

@@ -1,11 +1,15 @@
package x11probe
import (
"errors"
"fmt"
"io"
"log"
"net"
"os"
"os/exec"
"strings"
"syscall"
"time"
)
@@ -23,6 +27,7 @@ const (
X11Dead X11Status = iota
X11Live
X11AuthRequired
X11TemporarilyUnavailable
)
func ProbeX11Socket(connType ConnType, target string, timeout time.Duration) (X11Status, error) {
@@ -35,12 +40,18 @@ func ProbeX11Socket(connType ConnType, target string, timeout time.Duration) (X1
case Unix:
conn, err = net.DialTimeout("unix", target, timeout)
if err != nil {
if isResourceTemporarilyUnavailable(err) { // Check for specific error
return X11TemporarilyUnavailable, nil
}
return X11Dead, fmt.Errorf("unix dial failed: %w", err)
}
case TCP:
addr := parseTCPAddress(target)
conn, err = net.DialTimeout("tcp", addr, timeout)
if err != nil {
if isResourceTemporarilyUnavailable(err) { // Check for specific error
return X11TemporarilyUnavailable, nil
}
return X11Dead, fmt.Errorf("TCP dial failed: %w", err)
}
}
@@ -60,6 +71,18 @@ func ProbeX11Socket(connType ConnType, target string, timeout time.Duration) (X1
return status, nil
}
func isResourceTemporarilyUnavailable(err error) bool {
// Match exact error string first
if strings.Contains(err.Error(), "resource temporarily unavailable") {
return true
}
// Fallback to syscall-level check
if errors.Is(err, syscall.EAGAIN) {
return true
}
return false
}
func parseTCPAddress(target string) string {
parts := strings.SplitN(target, ":", 2)
@@ -123,3 +146,15 @@ func readResponse(conn net.Conn, timeout time.Duration) (X11Status, error) {
}
}
func CheckDisplay(display string) bool {
cmd := exec.Command("xset", "q")
cmd.Env = append(os.Environ(), fmt.Sprintf("DISPLAY=%s", display))
if err := cmd.Run(); err != nil {
fmt.Fprintf(os.Stderr, "xset q failed for DISPLAY=%s: %v\n", display, err)
return false
}
return true
}