I've been researching this recently and I think the Qubes approach is still the best. Some people use xpra, which is fundamentally very similar to Qubes (a compositor running inside a dummy X server), but xpra has been designed to run over the network and hence is not as efficient as Qubes with transferring buffers. Consequentially, I find xpra to be too slow to be usable. xpra also has gained a lot of additional features lately which I worry has increased the attack surface.
Coincidentally, I was planning to spend some time today porting Qubes' GUI isolation to run outside of Qubes (for use between containers or other OS-level sandboxes). If I'm successful, expect to see a Show HN.
Coincidentally, I was planning to spend some time today porting Qubes' GUI isolation to run outside of Qubes (for use between containers or other OS-level sandboxes). If I'm successful, expect to see a Show HN.