I’ve been messing around with xpra and bubblewrap and xpra seems to be a better choice than xephyr. It allows for near seamless X11 sandboxing.
Although xpra has really large attack surface. It has webcam forwarding, mic forwarding, mDNS, its own web server, printing support, it can be accessed over SSH, TCP, UDP and a whole bunch of other things.
Luckily, many of these things can be disabled through flags. e.g. the
--mdns=no flag can be used to disable mDNS. There doesn’t seem to be a flag to explicitly disallow any connections over the network so I used an AppArmor profile to explicitly deny network access.
Dunno how firejail deals with these.