Xorg isolation
Alan Coopersmith
alan.coopersmith at oracle.com
Mon Jan 23 22:12:35 UTC 2023
On 1/22/23 04:20, Christopher Marshall wrote:
> Third, when initiating Xorg, I'd initiate with a command such as: /Xorg
> -nolisten tcp -nolisten inet -nolisten inet6 -listen unix -nolisten local :0
> -seat seat0 vt7 -novtswitch/
> /
> /
> Which should turn off listening on all sockets other than those on the local
> machine - helping to further isolate the network element of it.
You don't need to list any of those -listen or -nolisten flags on modern Xorg.
-nolisten tcp has been the default since Xorg 1.17 and -listen unix has been
the default since the 1980's.
-nolisten inet & -nolisten inet6 simply duplicate what -nolisten tcp does
- you only need them if you want to listen on one form of TCP socket (IPv4
or IPv6) but not the other.
-nolisten local turns off local connections - on Linux this means Unix domain
sockets, overriding the -listen unix you listed there.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
More information about the xorg
mailing list