Comment by harporoeder
3 hours ago
I have had pretty good success with steam inside docker. Things like playing counter strike have been pretty seamless. It's cool to see others doing the same. I'm waiting for wayland isolation stuff to actually be integrated into everything (security contexts etc). Even with all this isolation passing in an X socket totally breaks any security guarantees against anything actually malicious. For other apps I can do the dummy X server trick (nxagent etc), however for gaming that is really not an option with the performance requirements.
I use sway and I think it supports security-context-v1, though I haven't tried it. That said, my current setup is just to run cage + xwayland inside the container which gives decent enough sandboxing AFAIK. (I used to use Xephyr but the cage approach gives me dynamically resizable windows). At the very least the host clipboard is not shared with the sandboxed process, which is the primary thing I'm concerned about.