I know it’s obvious but I didn’t realize it until recently so I thought I’d share.
Gamescope spawns its own nested X server, therefore there is no need to keep the functionality enabled in your main compositor. This also means that X windows should be isolated if you spawn each gamescope instance in its own sandbox.
Yeah I’m sure it was, just never seen anyone talking about it. Until yesterday I was under the impression that the best way to use X securely was still via something like Xpra or Xephyr.
There are a couple of other options as well. You can check the Xwayland section of the niri Wayland compositor’s wiki (niri doesn’t have built-in Xwayland support). Although it’s pretty new, I’d suggest trying out xwayland-satellite.
Wow, this is very helpful, thanks!! Nested sway/gamescope have some glitches/bad behaviors, I’ll try these
Yes, this is because X clients/windows are not isolated from each other while Wayland clients are usually isolated by design. By running a X server-per-app, you can isolate them.