From 7d0800682ab3a74e3d463836cd2ca5cd697d542c Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Mon, 17 Aug 2020 16:40:52 +0200
Subject: various x11 xorg enhancements

1) copy xauth binary into the sandbox and set mode to 0711, so it runs
with cleared dumpable flag for unprivileged users

2) run xauth in an sbox sandbox

3) generate Xauthority file in runtime directory instead of /tmp;
this way xauth is able to connect to the X11 socket even if the
abstract socket doesn't exist, for example because a new network
namespace was instantiated
---
 src/include/rundefs.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/include/rundefs.h')

diff --git a/src/include/rundefs.h b/src/include/rundefs.h
index f8bcdec52..d56623907 100644
--- a/src/include/rundefs.h
+++ b/src/include/rundefs.h
@@ -99,8 +99,9 @@
 #define RUN_WHITELIST_SHARE_DIR		RUN_MNT_DIR "/orig-share"
 #define RUN_WHITELIST_MODULE_DIR	RUN_MNT_DIR "/orig-module"
 
-#define RUN_XAUTHORITY_FILE		RUN_MNT_DIR "/.Xauthority"
-#define RUN_XAUTHORITY_SEC_FILE		RUN_MNT_DIR "/sec.Xauthority"
+#define RUN_XAUTHORITY_FILE		RUN_MNT_DIR "/.Xauthority"		// private options
+#define RUN_XAUTH_FILE			RUN_MNT_DIR "/xauth"			// x11=xorg
+#define RUN_XAUTHORITY_SEC_DIR		RUN_MNT_DIR "/.sec.Xauthority"		// x11=xorg
 #define RUN_ASOUNDRC_FILE		RUN_MNT_DIR "/.asoundrc"
 #define RUN_HOSTNAME_FILE		RUN_MNT_DIR "/hostname"
 #define RUN_HOSTS_FILE			RUN_MNT_DIR "/hosts"
-- 
cgit v1.2.3-54-g00ecf