I use https://github.com/slingamn/namespaced-openvpn to have a isolated namespace and VPN connection to work
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users
sudo xhost '+si:localuser:user'
sudo ip netns exec protected sudo -u user -i
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin
error: XDG_RUNTIME_DIR is invalid or not set in the environment.
Failed to create wl_display (No such file or directory)
I’ve tried to preserve the env without success:
sudo -E ip netns exec protected sudo -u user -i
It seems that I access to the wayland socket is a must for this to work
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created
https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
Sir, you’re awesome! Thank you a lot for taking your time and explaining what you have found I will try these steps when I have some free time to tinker, and the info and script you have provided has cleared a lot of questions that I had