File:X11 xephyr abstract unix domain sockets net ns.png

Summary
Screenshot of an xterm running in a xephyr window (started using firejail from the command line in parent desktop), in which "netstat --unix (--listening)" is used, to illustrate that _with_ the use of a restricted network namespace, processes on the xephyr X11 server can no longer see the abstract UNIX domain sockets of the desktop. The parent desktop is GNOME 3.22.2 on X11. Uploaded for use in a forthcoming mini-guide on X11 sandboxing (an addendum to Sakaki's EFI Install Guide).