bind yes
chroot yes
chroot-desktop yes
file-transfer yes
force-nonewprivs no
network yes
overlayfs yes
private-bin-no-local no
private-home yes
quiet-by-default no
remount-proc-sys yes
restricted-network no
# netfilter-default /etc/iptables.iptables.rules
seccomp yes
userns yes
whitelist yes
x11 yes
xephyr-screen 800x600
xephyr-window-title yes
xephyr-extra-params -grayscale