diff options
author | netblue30 <netblue30@yahoo.com> | 2017-03-03 10:46:05 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-03-03 10:46:05 -0500 |
commit | dd5881a2860ddb9abb1e60b7de550f4cdac60524 (patch) | |
tree | be54f040ed6dc04628a21323a6d31856ffc9303c /README.md | |
parent | merge #1100 from zackw: xvfb support (diff) | |
download | firejail-dd5881a2860ddb9abb1e60b7de550f4cdac60524.tar.gz firejail-dd5881a2860ddb9abb1e60b7de550f4cdac60524.tar.zst firejail-dd5881a2860ddb9abb1e60b7de550f4cdac60524.zip |
xvfb X11 server support (--x11=xvfb)
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 37 |
1 files changed, 37 insertions, 0 deletions
@@ -145,6 +145,43 @@ Added AppImage type 2 support, and support for passing command line arguments to | |||
145 | 145 | ||
146 | $ firejail --git-uninstall | 146 | $ firejail --git-uninstall |
147 | 147 | ||
148 | --x11=xvfb | ||
149 | Start Xvfb X11 server and attach the sandbox to this server. | ||
150 | Xvfb, short for X virtual framebuffer, performs all graphical | ||
151 | operations in memory without showing any screen output. Xvfb is | ||
152 | mainly used for remote access and software testing on headless | ||
153 | servers. | ||
154 | |||
155 | On Debian platforms Xvfb is installed with the command sudo apt- | ||
156 | get install xvfb. This feature is not available when running as | ||
157 | root. | ||
158 | |||
159 | Example: remote VNC access | ||
160 | |||
161 | On the server we start a sandbox using Xvfb and openbox window | ||
162 | manager. The default size of Xvfb screen is 800x600 - it can be | ||
163 | changed in /etc/firejail/firejail.config (xvfb-screen). Some | ||
164 | sort of networking (--net) is required in order to isolate the | ||
165 | abstract sockets used by other X servers. | ||
166 | |||
167 | $ firejail --net=none --x11=xvfb openbox | ||
168 | |||
169 | *** Attaching to Xvfb display 792 *** | ||
170 | |||
171 | Reading profile /etc/firejail/openbox.profile | ||
172 | Reading profile /etc/firejail/disable-common.inc | ||
173 | Reading profile /etc/firejail/disable-common.local | ||
174 | Parent pid 5400, child pid 5401 | ||
175 | |||
176 | On the server we also start a VNC server and attach it to the | ||
177 | display handled by our Xvfb server (792). | ||
178 | |||
179 | $ x11vnc -display :792 | ||
180 | |||
181 | On the client machine we start a VNC viewer and use it to con‐ | ||
182 | nect to our server: | ||
183 | |||
184 | $ vncviewer | ||
148 | 185 | ||
149 | ````` | 186 | ````` |
150 | ## New Profiles | 187 | ## New Profiles |