I have a question. Wayland-0 display is privileged, it’s treated as fully trusted by wayland, it has direct access to some graphics buffers even. Why is Fedora allowing anything connected to internet to run on wayland-0?? It’s a crime against humanity.
Interesting. What are the alternatives?
Why Fedora must allow network-connected apps on Wayland-0?
- Legacy and Practicality:
- Most GUI apps (browsers, chat clients, etc.) need network access. Denying them access to the compositor would mean they couldn’t render at all.
- Afaik, there’s no “Wayland jail” per app yet in upstream GNOME/Mutter
- Flatpak & Portals:
- Fedora is betting heavily on Flatpak to provide per-app sandboxing and security controls (files, devices, display access).
- A Flatpak app might still talk to Wayland-0, but it’s contained via seccomp, bubblewrap, and user namespaces
- No “Wayland-X”
- There’s currently no per-app Wayland display socket model in Wayland (unlike, say,
x11:1,x11:2). - Experimental projects like Sommelier (Chromium OS), wlroots sandboxing, or Flatpak sandboxed Wayland bridges try to implement per-app display isolation, but nothing is mainstream yet.
Nested wayland? Just launch a nested wayland display for every GUI app that uses internet (or all?)?
No gui apps need network for accessing the display. It might use UNIX sockets, but that is strictly within the local machine. The Xorg server might be connected over an IP socket if it has been set up to do so. By default they are not set up for that and havent been for a decade or more.
If apps needs network access, that is for purpose other than to access the display
1 Like
Almost every app can be opened on a system having no network access.
A browser or similar apps that use the network to access a remote server and display the pages can still be opened without access to the internet, though they may not be able to display anything except from the local machine.
Accessing the internet to retrieve content is totally different than opening up the gui interface.