Wait a minute... what is this sorcery? How'd you do this? I thought xorg couldn't be ran in a jail - which I presume having chromium requires?
I don't run my X server in a jail, only Chromium and its dependencies (which includes the Xorg libraries, of course, but not the server).
The
/tmp directory inside the jail is a
nullfs(5) mount of the host's
/tmp directory, so the X applications inside the jail can access the X server via the usual socket mechanism, provided that you copy your
~/.Xauthority file over. Admittedly, there is still a certain risk because the jailed applications have access to your X server. Getting around that would be more difficult, at least with the standard X server. Wayland would provide better security, but my favorite window manager does not support Wayland yet. Well, at least the jailed Chromium cannot access any other parts of my system, it can't even access the network directly because the jail runs on a localhost alias IP (127.x.y.z on lo0). It has to go through the proxy running on that machine, so I have full control of what sites the jail can access.
Alternatively you could use ssh's X11 forwarding feature to let the jailed Chromium access the host's X server, but that comes with a performance penalty. I guess it would be too slow to watch HD video, though I haven't tried.
