Puck has created a video demonstrating the work she's been doing with the in-development Wayland security-context protocol [1], which allows a Wayland compositor to distinguish between applications running in different sandboxes (e.g. in different VMs). The video is available at https://diode.zone/w/2n3kKNNjXFkSWUwyjT3hgt Or alternatively, magnet:?xt=urn:btih:f340dfd391be0cabbb0638eb8af6659214c5d821&dn=puck%27s%20video%20720p.mp4&tr=https%3A%2F%2Fdiode.zone%2Ftracker%2Fannounce&ws=https%3A%2F%2Fdiode.zone%2Fstatic%2Fstreaming-playlists%2Fhls%2F0b093345-a100-4051-b4c3-37292af48c81%2F176adb94-167a-4cb7-b954-a09b301c4d80-720-fragmented.mp4 As part of this work, she updated the draft wlroots and Sway implementations to support the latest proposed version of the protocol, exposed the security context information to Sway configuration hooks, and created a draft crosvm implementation of exposing security context information to the compositor. There's some more information in Puck's post to the Spectrum development mailing list. [2] Thanks to NLnet and NGI Zero for funding this project. [1]: https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/68 [2]: https://spectrum-os.org/lists/archives/spectrum-devel/5cf20f6f-9d89-4cf9-915...