Wayland security context support

[WhyNotHugo]

Is your feature request related to a problem? Please describe.

security-context is a wayland protocol that can be used by clients to create a new wayland socket. The same compositor instance will listen for connections on this sockets, but clients that connect to it cannot perform privileged operations.

Describe the solution you'd like

Firejail should use this protocol to further sandbox clients and prevent them from screenscrapping, creating transparent fullscreen overlays and permanent keyboard hijacking, other attacks. All these attack rely on "priviledged" protocols and are unavailable on sockets created via security-context.

Describe alternatives you've considered

So far there hasn't been a way to do this. This protocol was introduced in wayland-protocols 1.32 which was released yesterday.

sway already has a patch with a working server implementations. I expect other wlroots compositors to follow suit.

Additional context

Shameless plug: I wrote a tiny cli client that creates a new socket at given path: https://git.sr.ht/~whynothugo/way-secure

This could be called on the host to create a socket inside the sandbox's $XDG_RUNTIME_DIR.

[emersion]

FWIW, the Flatpak impl: flatpak/flatpak#4920