File:X11 firejailed firefox.png

Summary
Screenshot showing Firefox 52.4.0 running inside an X11 sandbox (Xephyr + firejail, with Openbox window manager). The main ("parent") desktop is running GNOME 3.22.2. Underlying OS is Gentoo Linux (systemd) with Linux kernel 4.12.12. Within the Xephyr display, two Firefox windows are open; one of these shows a running YouTube video, to illustrate that playback works OK even within the sandbox. The other window shows a page from the Gentoo wiki. An xterm is also open inside the sandbox, showing the restricted & remapped PID list, home directory, network interfaces etc., and also demonstrating (via netstat -vanx) that the "parent" window X11 socket (including its abstract UNIX domain socket, which is filesystem independent) are not accessible. A gnome-terminal session open outside the sandbox shows the output of the same commands for comparison. Uploaded for use in a forthcoming mini-guide on X11 sandboxing (an addendum to Sakaki's EFI Install Guide).