File:X11 xephyr abstract unix domain sockets.png

Summary
Screenshot of an xterm running in a xephyr window (started using firejail from the command line in parent desktop), in which "netstat --unix --listening" is used, to illustrate that without use of a restricted network namespace, processes on the xephyr X11 server can still see (and connect to) the abstract UNIX domain sockets of the desktop (since these are filesystem independent). The parent desktop is GNOME 3.22.2 on X11. Uploaded for use in a forthcoming mini-guide on X11 sandboxing (an addendum to Sakaki's EFI Install Guide).