-
Notifications
You must be signed in to change notification settings - Fork 379
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
General discussion, feedback, questions #7
Comments
greetings, I ended up on you project page and while I haven't tested it yet, it certainly helps a lot in the global comprehension, seems like you're solving a lot of issues I had trying to accomplish that little thing of me. My endeavour started with the following: my son's computer, built from leftover parts over the years, sucks at running Minecraft, which he likes to play a lot, maybe too much, but hey he can learn python so I won't complain. My main desktop is more beefy, so I wondered if that would be possible to run it remotely in an unprivileged container. Being on Debian stretch, LXD isn't available, I haven't tried docker yet, maybe I should, so I decided to try it with LXC. So far I can't accomplish what I want, I can run Minecraft in an unprivileged container, using The thing also is that it's not fully unprivileged in the sense that, if I got it correctly, from https://stgraber.org/2014/02/09/lxc-1-0-gui-in-containers/
this part
is what led me to your project, I told myself let's run a second X server and attach the container to it, if it's designed to be only used for that very purpose should be safer, not sure about that part though, Well, as you explain very well in the Readme, the /etc/X11/Xwrapper.config thing was my main issue and I couldn't find why..., on that topic I read that, I hope it's relevant: https://wiki.archlinux.org/index.php/Systemd/User#Xorg_and_systemd is interesting, seems like it could solve the issue of having to go to a tty to launch the 2nd X server and maybe here http://forum.kodi.tv/showthread.php?tid=231955 the part where he symlink the kodi.service to the display-manager.service, kodi.service being the launch of a wm session (openbox in that case) with xinit to a given display: Great, now while looking at the remote part of the goal, I started to install x2goserver on the container, and while I could connect from the host to the container it seemed that all GLX applications failed to launch because on purpose x2go uses an old implementation of X server, So after a while I read about virtualGL which associated with turboVNC should do exactly what I want. Question now, what brings docker to the table that LXC/LXD don't have for that very purpose ? In any case thanks for all this, this looks promising, I'm gonna try a little more on the lxc side of things but will definitely try your solution that seems definitely a more hands on approach |
Hello!
The best point for docker is that it is easy to set up :). As i started x11docker two years ago I had a look at LXC and got knurls in my head as I tried to understand it. A drawback of docker, it seems that the developers does not work as hard on security fixes as they should (afaik from what i hear). On the other hand, docker claims to catch more cases to isolate from host than LXC. (I admit, I did not research a lot on this, I just used docker and it works ...). A similar interesting project is runc.
If you set up Xwrapper.config, you don't need to switch to another tty. Setup of systemd in arch wiki and in kodi forum unfortunately depends on this, too, and don't provide a solution only based on systemd.
VirtualGL is great, but not for isolation, as it needs access to display :0. (There may be an exception: VirtualGL/virtualgl#10) In an early stage of x11docker I had x11vnc included as X server option, but I dismissed it due to a chewy display. As you need hardware acceleration, I don't know if x11docker fits your needs. I did not test it with Nvidia cards nor with closed source drivers. There is a project nvidia-docker, but I did not check it out as it sees to be to complex to be easily included. |
on the topic of your question:
I managed to do it that way, if this seems ok I'll answer that on your stackexchange to make points :)
you gave me an idea with the dummy X, so here's it's xorg conf, honestly I don't know if it's correct :)
I then used 2 systemd services, maybe that would make more sense them to be user services, I didn't tested if that makes a difference.
then start it with
|
That looks quite interesting, this evening I will dive deeper into it! |
I made some stupid mistakes. I also simplified the mydummy.conf to the bare minimum I think
what do you mean by
it seems to me that the X I just launch that way has monitor, keyboard and mouse, but I can be wrong, the log looks like it's the case.
this is the log created by X
Is there a way to "test" simply this 2nd X ? the issue I currently have is that once I created that 2nd X server I cant access the tty1 to 6....My systemd settings are messing up somehow with getty.service. |
As it is running on vt10, you can switch to it with CTRl+ALT+F10. As the video driver is a dummy, most probably you won't see anthing.
For testing purpuoses it is better to run second X without
It gets interesting as soon as you can switch between displays using CTRL+ALT+F(1...12) and having usable displays ;-). As I said, Xdummy on its own already works fine without additional setup of systemd or Xwrapper.conf, but it does not provide a visible display on its own as "real" X does. Your log file indicates that X on :1000 indeed gets access to your input devices, that looks very promising! |
I confirm I can't start xpra server if I got that -auth switch in the 2nd X server. In any case without the auth I can bring xterm on :0 after I start the server ! I also put the systemd service/socket in my As I mentioned above, the issue I'm facing now is the following:
So probably if accessing those inputs is important then move the service to the /etc/systemd/system level. But in that case, the |
There is no special xpra way, it's just easier to test a new X setup without authentication. x11docker uses cookies, and starting xpra with
Congratulation! I see you have
Maybe tty8...tty12 need a getty call before running X on them? Also, you could try to use one of vt1...vt6 instead of vt10, maybe it will make a difference and avoid srewing up all tty's. I assume an Xorg systemd service has to be on system level as X needs access to devices owned by root. Not sure if this can be configured in a way that an unprivileged user can run X afterwards. systemd is still a mystery for me, I have to learn more about it. I don't know anything about systemd configuration and everything related to it. arch wiki seems to be a good introduction. Can you recommend some links to read about systemd? |
-seat0 was useless, -keeptty is necessary to get logind take control of everything: I think the below setup is working well, at least I didn't see any side effects so far, can switch tty, etc.. I liked https://www.digitalocean.com/community/tutorials/systemd-essentials-working-with-services-units-and-the-journal that gives you a good overview as a end user of the possible commands and describes well targets etc, appart from that honestly the man is perhaps the best source of info, but it's written like if you already knew everything so kind of difficult to understand for just-a-end-user-like-me !
as you can see logind took care of session / inputs:
and the server has discovered everything by itself, kind of magic
|
Is there the possibility to run a full linum Mint with x11 Docker? soory i don't have a big experience with display ando so on, know something on Docker, and would like to try a full distibution inside docker (if it's possible) |
Hello anitmorona, Hello euri10, |
Sorry, if this is the wrong place to ask. I'm using docker on my host machine with my user being in the "docker"-group. So I can initiate
and a missing Unfortunately I did not find anything related. Hope you can shed some light. Update: I'm now using -P switch, but now I get some permission problems. |
@kmuehlbauer |
You can run X in docker without The way to figure out what is needed is to |
@dashesy Thank you! I tried this, but I ran into some vt switch errors, even with setting X option
|
Do not use current tty, use some unallocated one (tty9? in Debian) if you use current tty, it will kill host's X. I use Xpra and shadow ICEWM then I can control things with Xpra from another machine. |
Maybe not the right track to ask, but what happened to dockerfile-x11docker-google-earth repository? It is still referenced from https://devhub.io/zh/repos/mviereck-dockerfile-x11docker-google-earth |
@bergtwvd I've deleted the google-earth repo a few month ago. Some reasons:
I've uploaded the dockerfile to pastebin, if you are interested: Dockerfile for google earth My solution: |
Thanks. I used your dockerfile, along with other input from the internet to create a GE image. Here the Dockerfile. The start.sh at the end basically starts GE, and could also be replaced by
|
@bergtwvd It seems you are adding the patch without applying it. Check and adjust this part:
Looking closer at my dockerfile, it seems to be a quite old version, not the latest one I had on github. But it seems to include the most important fixes I can remember. To make your image smaller, you can renounce at least wget, and you can delete google....deb and ge7...tar.xz afterwards. |
The ADD command extracts the tar file in the given location. I think it is more efficient than copy, extract and remove. Anyway, either approach works :-). |
Is there any way to restart stopped containers with x11docker, instead of images? (I tried committing containers as images and running them, but it failed) |
Here is a place where you can leave any feedback or ask questions if you fear to open our own issue.
As I spend a lot of time with x11docker development, I'm happy to see and read more than some download statistics ...
Feel free to comment. :)
Edit: This thread is very long already. Please just open a new issue, I am pleased of every feedback!
The text was updated successfully, but these errors were encountered: