Wayland enables us to do proper sandboxing of programs on the desktop. However, there are several issues that the compositor could help improve.

1. If Xwayland could use `-nolisten tcp -nolisten local` arguments, this would avoid undermining any sandboxing efforts with the abstract socket exposed. I don't think there is a way to use custom arguments for Xwayland right now.

2. Can we have the ability to run multiple rootless Xwayland instances, or be provided N sockets instead of one? The main security issue of X/Xwayland is every client can see and manipulate the other clients. This is solved if you can run each client in their own Xwayland instance, but only kwin has the ability to create a rootless Xwayland instance, and there is only one of them.

For reference, here is a wayland proxy that for each instance will create it's own xwayland instance that appears rootless https://github.com/talex5/wayland-proxy-virtwl and the author's writeup on how complicated that was to do https://roscidus.com/blog/blog/2021/10/30/xwayland/#running-xwayland

3. Could kwin provide a similar proxying ability? I.e. allow creation of additional wayland sockets with specific tweaks (e.g. add prefix to caption, set custom desktopFileName, enable/disable capabilities like clipboard). Here's another proxy attempting to do such things: https://gitlab.freedesktop.org/jonleivent/waydapt

And aside from sandboxing, what if you want to run plasma desktop without any Xorg at all?

4. Can startplasma-wayland have an option to run without Xwayland? It's hard-coded into plasma-kwin_wayland.service right now (ExecStart=/usr/bin/kwin_wayland_wrapper --xwayland). It seems to work if the arg is removed from that service file. But I still see calls to xorg binaries with stuff like this printed to stdout: "/usr/bin/xrdb: Can't open display ''", "/usr/bin/xsetroot: unable to open display ''", and "Error: could not determine $DISPLAY". Also curiously ~/.local/share/kscreen/outputs files uses "xrandr-" as a prefix in all the output names.