As explained here, https://github.com/netblue30/firejail/issues/770 adding '-nolisten local' allows for easily isolating x11 or sandboxing an app from it. i cant see any advantage to having both the unix domain socket and the abstract socket.
this should be upstream. but, that change would take longer, if it even makes it through their bureaucracies. example, a text based irc client shouldnt take screen shots in the background. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/3476eef1-f203-4ee4-9ef6-3045d60adf6f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
