From owner-freebsd-x11@freebsd.org  Mon Aug 29 21:14:43 2016
Return-Path: <owner-freebsd-x11@freebsd.org>
Delivered-To: freebsd-x11@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6333DBC778D
 for <freebsd-x11@mailman.ysv.freebsd.org>;
 Mon, 29 Aug 2016 21:14:43 +0000 (UTC)
 (envelope-from patrick_lists@phess.net)
Received: from smtprelay06.ispgateway.de (smtprelay06.ispgateway.de
 [80.67.31.103])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2A1D7F6C
 for <freebsd-x11@freebsd.org>; Mon, 29 Aug 2016 21:14:42 +0000 (UTC)
 (envelope-from patrick_lists@phess.net)
Received: from [91.67.156.200] (helo=mailserver.phess.net)
 by smtprelay06.ispgateway.de with esmtpsa
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84)
 (envelope-from <patrick_lists@phess.net>) id 1beTnD-00059R-Aj
 for freebsd-x11@freebsd.org; Mon, 29 Aug 2016 23:08:31 +0200
Received: from desk8.phess.net (desk8.phess.net [192.168.0.8])
 by mailserver.phess.net (Postfix) with ESMTP id F1B934E8B2
 for <freebsd-x11@freebsd.org>; Mon, 29 Aug 2016 23:08:29 +0200 (CEST)
Subject: Re: making X secure?
To: freebsd-x11@freebsd.org
References: <57C2D94D.7040906@yahoo.com>
 <e9faebc3-8e41-f3ce-83b2-2efd58e41e54@rlwinm.de>
 <1d9ef92a1920ad1e9aee92d2d56a5349@kapsi.fi>
From: Patrick Hess <patrick_lists@phess.net>
Message-ID: <b6e25ef0-e905-edbb-daec-5db0b7799c4c@phess.net>
Date: Mon, 29 Aug 2016 23:08:29 +0200
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <1d9ef92a1920ad1e9aee92d2d56a5349@kapsi.fi>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Df-Sender: bWFpbGVyQHBoZXNzLm5ldA==
X-BeenThere: freebsd-x11@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: X11 on FreeBSD -- maintaining and support <freebsd-x11.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-x11>,
 <mailto:freebsd-x11-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-x11/>
List-Post: <mailto:freebsd-x11@freebsd.org>
List-Help: <mailto:freebsd-x11-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-x11>,
 <mailto:freebsd-x11-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2016 21:14:43 -0000

On 29.08.2016 14:10, Arto Pekkanen wrote:
> Need good documentation on how to make X11-application run inside a jail with a local X11 server. Afaik there's no comprehensive guide for this setup.

There's really not much to it. Just use X11 forwarding over SSH to run
your application inside the jail and have it displayed by the host's
X server (e.g., ssh -XY user@jail /usr/local/bin/someapp).

The only jail-related issue that I can think of this late at night
is that there's no "localhost" inside a jail. Hence, you'll have to
set "X11UseLocalhost" to "no" in the jail's /etc/ssh/sshd_config.
That should do the trick.

If you still can't get it to work, let me now and I'll write down
some more in-depth instructions tomorrow.

Patrick

-- 
If you'd like to send me a private message, make sure to remove
the "_lists" part from my address.