> The security problem is being able to talk to the same X server as trusted applications
Use Ctrl+Alt+F<number> to switch into another VT and run a different X server. Run zoom in container there.
I found this a lot more convenient than messing with nested X servers and other types of X11 client isolation. Each time you leave an X server and switch to another VT, the clients perceive it like the monitor being turned on/off.
Thank you for this, easy solution that didn't cross my mind. I wanted to restrict Zoom from reading files (solved by a sandbox) while also sharing my screen from my normal environment (VM is out of the picture) but also preventing it from looking at the X clipboard and all that stuff.
Use Ctrl+Alt+F<number> to switch into another VT and run a different X server. Run zoom in container there.
I found this a lot more convenient than messing with nested X servers and other types of X11 client isolation. Each time you leave an X server and switch to another VT, the clients perceive it like the monitor being turned on/off.