32

When I used an X11 desktop, I could run graphical applications in docker containers by sharing the $DISPLAY variable and /tmp/X11-unix directory. For example:

docker run -ti -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix some:ubuntu xclock

Now, I'm on Fedora 25 running Wayland, so there is no X11 infrastructure to share with the container. How can I launch a graphical application in the container, and have it show up on my desktop? Is there some way to tie in XWayland?

Willi Ballenthin
  • 423
  • 1
  • 4
  • 6
  • Not sure how to answer your question the right way (I've never done it before) but on my system the unix domain socket used by Wayland is at `/run/user/1000/wayland-0` for my personal desktop. – Bratchley Dec 14 '16 at 16:26

2 Answers2

34

As you say you are running Fedora 25 with Wayland, I assume you are using Gnome-Wayland desktop.

Gnome-Wayland runs Xwayland to support X applications. You can share Xwayland access like you did before with Xorg.

Your example command misses XAUTHORITY, and you don't mention xhost. You need one of this ways to allow X applications in docker to access Xwayland (or any X). As all this is not related to Wayland, I refer to How can you run GUI applications in docker container? on how to run X applications in docker.

As for short, two solutions with xhost:

  1. Allow your local user access via xhost: xhost +SI:localuser:$(id -un) and create a similar user with docker run option: --user=$(id -u):$(id -g)
  2. Discouraged: Allow root access to X with xhost +SI:localuser:root

Related Pitfall: X normally uses shared memory (X extension MIT-SHM). Docker containers are isolated and cannot access shared memory. That can lead to rendering glitches and RAM access failures. You can avoid that with docker run option --ipc=host. That impacts container isolation as it disables IPC namespacing. Compare: https://github.com/jessfraz/dockerfiles/issues/359

To run Wayland applications in docker without X, you need a running wayland compositor like Gnome-Wayland or Weston. You have to share the Wayland socket. You find it in XDG_RUNTIME_DIR and its name is stored in WAYLAND_DISPLAY. As XDG_RUNTIME_DIR only allows access for its owner, you need the same user in container as on host. Example:

docker run -e XDG_RUNTIME_DIR=/tmp \
           -e WAYLAND_DISPLAY=$WAYLAND_DISPLAY \
           -v $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:/tmp/$WAYLAND_DISPLAY  \
           --user=$(id -u):$(id -g) \
           imagename waylandapplication

QT5 applications also need -e QT_QPA_PLATFORM=wayland and must be started with imagename dbus-launch waylandapplication

x11docker for X and Wayland applications in docker is an all in one solution. It also cares about preserving container isolation (that gets lost if simply sharing host X display as in your example).

mviereck
  • 2,377
  • 1
  • 18
  • 18
  • What if I'm unsure if the app I want to run is X or Wayland? Is there anything generic I can pass so it can automatically determine if XWayland is needed or not? – Oxwivi Mar 25 '18 at 12:50
  • @Oxwivi You can combine both ways; take the Wayland setup example and add `-e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix`. Also execute `xhost +SI:localuser:$(id -un)`. Pitfall without generic solution: QT5 on wayland mostly needs `dbus-launch` while GTK3 on Wayland often fails with `dbus-launch`. x11docker provides this combination with `x11docker --hostdisplay --hostwayland`. Most applications will support and prefer X if available. To prefer Wayland set `-e XDG_SESSION_TYPE=wayland`. – mviereck Mar 25 '18 at 14:46
  • @Oxwivi Alternativly, you could run and check for failure. First run docker with pure Wayland setup; if it fails, second attempt with QT5+dbus-launch+Wayland setup; if it fails, too, third attempt with X/Xwayland setup. If that fails, too, something else is wrong. – mviereck Mar 26 '18 at 11:14
  • May I ask you to edit the answer with examples? I'm confused on where to to use the `x11docker` command for example. – Oxwivi Mar 26 '18 at 17:28
  • @Oxwivi Could you please ask in the [issue tracker of x11docker](https://github.com/mviereck/x11docker/issues) so I can answer you there? Your question goes above the scope of this SE question and answer, and the comments are to small for good explanations. – mviereck Mar 26 '18 at 21:13
  • 1
    https://github.com/mviereck/x11docker/issues/31 – Oxwivi Mar 27 '18 at 11:31
  • What if I have a pure Wayland desktop and want to exclusively run X apps inside containers? –  Mar 27 '18 at 16:01
  • 1
    @ShN It is possible to run Weston as a client in another Wayland compositor. Inside this client Weston you can run Xwayland with X applications. With x11docker: `x11docker --weston-xwayland imagename application` – mviereck Mar 27 '18 at 16:12
  • 1
    @Shn Also you can run Xwayland directly as a Wayland client: `Xwayland :20 & sleep 3 && docker run -e DISPLAY=:20 -v /tmp/.X11-unix:/tmp/.X11-unix imagename application`. Xwayland will cover the whole display; you can move it around with . With x11docker: `x11docker --xwayland imagename application`. – mviereck Mar 27 '18 at 16:28
  • @mviereck thank you for your detailed reply, it's appreciated. My issue is I'm trying to have a main Wayland based gui/desktop while X apps are isolated in containers. Isn't there a way to run those X apps inside containers without the Xwayland overhead? –  Mar 27 '18 at 17:37
  • 1
    @ShN You need an X server in any case. To avoid X on host I provide [x11docker/xwayland](https://github.com/mviereck/dockerfile-x11docker-xwayland). If [`xpra` is ported to GTK3+python3](https://www.xpra.org/trac/ticket/1717) some day, it will provide further possibilities with seamless windows. Invisible setups are possible with `Xvfb` in container. For discussion in detail you may open an [issue ticket on github](https://github.com/mviereck/x11docker/issues). – mviereck Mar 27 '18 at 18:33
2

I'd recommend Sommelier by Google. It allows you to launch Wayland OR X11 apps and provides the sockets that those apps are looking for in order to get them into the current display server. https://chromium.googlesource.com/chromiumos/platform2/+/master/vm_tools/sommelier/

A simple how-to that should work on any system not just Crouton/Crostini on ChromeOS.

https://github.com/dnschneid/crouton/wiki/Sommelier-(A-more-native-alternative-to-xiwi)

dragon788
  • 812
  • 7
  • 14