xcage
is a simple script which makes running untrusted graphical programs in an X ‘sandbox’ easy. It uses Xnest
to start a wholly self-contained X session running inside the current X session, and then executes a given command as a different user. To get an idea of what use of xcage
looks like in practise, have a look at a screenshot of it running, with KDE as the window manager of the normal user and FVWM running inside the Xnest cage. This script requires sudo
.
Advantages
|
Disadvantages
|
xcage
is part of my bin
repository; you can track xcage
's evolution via git.
xcage [-c <cmd>] [-u <user>] [-- <arguments for Xnest>]Where:
<cmd>
is the command to run when the caged X session is started (typically this will be a window manager); <user>
is the user to run the command as; and <arguments for Xnest>
are arguments to pass straight to Xnest
.
For example, if you wish to start an fvwm
instance as user ft
running at 1280 by 1024:
xcage -c fvwm -u ft -- -geometry 1280x1024Defaults can be set using the
~/.xcagerc
file which is a shell file included into xcage
. The following variables can be set:
user | Equivalent to the -u <user> argument. |
cmd | Equivalent to the -c <cmd> argument. |
xnest_args | Equivalent to the <arguments for Xnest> argument |
~/.xcagerc
file is as follows:
user="ft" cmd="fvwm" xnest_args="-geometry 1280x1024"
xcage
was inspired by xsandbox. xcage
aims to build upon xsandbox
's strengths whilst also a) being more flexible in configuration and b) ensuring that the command run in the Xnest is run as if it was a genuine shell login.