This is great if you only need remote access to the chroot system. However, if you need access to the whole computer remotely, you might not want to specify the ChrootDirectory parameter. If you ssh into your remote system without specifying a chroot directory and then do a chroot into a sandbox (e.g. psandbox -- see thread) via the previously established ssh shell, then you won't be able forward the X11 display to your remote computer from within this chroot (except maybe if you have X11UseLocalHost=yes which is slower)
To be able to share the X11 display after the chroot you have to bind the folder which contains the X11 sockets [1]:
Code: Select all
mkdir -p $chroot_path/tmp/.X11-unix
mount --bind /tmp/.X11-unix $chroot_path/tmp/.X11-unix
Code: Select all
cp root/.Xauthority $chroot_path/root/.Xauthority
Another way to do it might be to create your own .Xauthority file and use the xhost command to decide which hosts are allowed to connect.
Notes / links / references
----------------
1 - SSH/sandbox/chroot folder
2 - "In addition to the .Xauthority file mentioned in the other answer, your chroot would also need to have the X socket in it. ssh -X doesn't forward X over an abstract socket, only over a UNIX socket with path. If your chroot doesn't have /tmp/.X11-unix bind-mounted into it, programs in your chroot can't connect to the X server." -- https://unix.stackexchange.com/a/317533