* Read access to most of the filesystem
** Excludes themes/GTK configuration, fonts, shared data and libraries
|-
| Level 4 ||
* Network access including local sockets
** Excludes X11 socket
* System V IPC
** Unless fgxlrx or VirtualGL is in use
* Uses chroot jail
* Uses Unprivileged User Namespaces (if available)