xcage is a simple script which makes running untrusted graphical programs in an X ‘sandbox’ easy. It uses Xnest to start a wholly self-contained X session running inside the current X session, and then executes a given command as a different user. To get an idea of what use of xcage looks like in practise, have a look at a screenshot of it running, with KDE as the window manager of the normal user and FVWM running inside the Xnest cage. This script requires 
sudo.
|
Advantages
|
Disadvantages
|
xcage is part of my bin repository; you can track xcage's evolution via git.
xcage [-c <cmd>] [-u <user>] [-- <arguments for Xnest>]Where:
<cmd> is the command to run when the caged X session is started (typically this will be a window manager); <user> is the user to run the command as; and <arguments for Xnest> are arguments to pass straight to Xnest.
For example, if you wish to start an fvwm instance as user ft running at 1280 by 1024:
xcage -c fvwm -u ft -- -geometry 1280x1024Defaults can be set using the
~/.xcagerc file which is a shell file included into xcage. The following variables can be set:
user | Equivalent to the -u <user> argument. |
cmd | Equivalent to the -c <cmd> argument. |
xnest_args | Equivalent to the <arguments for Xnest> argument |
~/.xcagerc file is as follows:
user="ft" cmd="fvwm" xnest_args="-geometry 1280x1024"
xcage was inspired by xsandbox. xcage aims to build upon xsandbox's strengths whilst also a) being more flexible in configuration and b) ensuring that the command run in the Xnest is run as if it was a genuine shell login.