Warnings with --x11=xorg

[valoq]

using the X11 security extension leads to the following warning at startup:
/usr/bin/xauth: file /run/firejail/mnt/sec.Xauthority does not exist

Also when using it with firefox, most things seem to work fine but the terminal (from which it was started with firejail --x11=xorg firefox) spams with the following message whenever the mouse is moved:
Xlib: extension "XInputExtension" missing on display ":0".

There is also a changed mouse cursor when hovering over links.
I suspect there are some config files that are missing access exceptions.

The documentation says taht xterm will not work with this option but XTerm(327) seems to have no issues so far.

Is there a way to test keylogging functionality with this option? xinput is no available when using this option, which is probably a good thing but not helpful for testing.

[netblue30]

/usr/bin/xauth: file /run/firejail/mnt/sec.Xauthority does not exist

This is a bug, I was able to reproduce it:

$ firejail --x11=xorg xterm
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc

** Note: you can use --noprofile to disable default.profile **

Parent pid 32546, child pid 32547
/usr/bin/xauth:  file /run/firejail/mnt/sec.Xauthority does not exist
Child process initialized

Xlib: extension "XInputExtension" missing on display ":0"

Yes, they seem to disable a number of x11 extensions such as XInput, RANDR, RECORD and SHAPE. I don't have a full list, if you find one please let me know.

XTerm(327) seems to have no issues so far

On debian stable xterm(312) seems also to work, however when I select text with the mouse it crashes immediately.

keylogging

I grabbed a bunch of keyloggers from the web, compiled them and started them inside the sandbox. They don't seem to pick up anything from outside the sandbox. This is one example: https://github.com/magcius/keylog.

[valoq]

On debian stable xterm(312) seems also to work, however when I select text with the mouse it crashes immediately.

I have experienced crashes with all tested applications, whenever I tried to copy some text.
Is this preventable by firejail or an x11 bug?

Regarding certain x11 features: is it possible to (safely) enable or disable specific features for single applications? No being able to copie from one window to another (no to mention the crashes) does not make this feature very useful. If this were possible it would be an awesome alternative for xpra on the other hand.

[netblue30]

I have experienced crashes with all tested applications, whenever I tried to copy some text.
Is this preventable by firejail or an x11 bug?

No, some applications are just crashing when x11 security extension is enabled. These are application problems, basically they don't do any kind of error recovery.

No being able to copie from one window to another

Copying works for --x11=xpra, the clipboard seems to be configurable.

For xephyr you will have to run both applications on the same x11 server, I have an example for --x11=xephyr here: https://firejail.wordpress.com/documentation-2/x11-guide/#listing.

X11 security extension disables the clipboard and drag&drop,

[netblue30]

Fixed.