x11-docker to use latest desktops like gnome3 or others

[sophana]

Hi

I've just tested x11docker with lxde, with
./x11docker --desktop --size 1920x1080 --xorg --gpu --vt 4 x11docker/lxde --home

unfortunately, in this image, I found no way of sudoing and install packages.
A really cool application would be to switch between several desktop distros and test the latest ones with all gpu acceleration, and home dir shared. This is like https://github.com/ustuehler/lxc-desktop (which unfortunately doesn't work for me in xenial)

I wouldn't really care about security. This seems like a very cool application.

[mviereck]

Hi,

I found no way of sudoing and install packages.

You can use option --sudouser to get root privileges in container. With password x11docker you can use su and, if installed, sudo.

As all installed packages get lost this way, I prefer to customize the dockerfile. For example, you can create a dockerfile with some desired extra packages:

FROM x11docker/lxde
RUN apt-get update
RUN apt-get install -y firefox-esr synaptic sudo

Build with docker build -t mylxde - < mydockerfile and run x11docker --desktop mylxde.

use latest desktops like gnome3 or others

Currently I am trying out several desktop environments for x11docker. New images already on docker hub are x11docker/mate and x11docker/lxqt.
Just now I am working on x11docker/trinity and will publish it this evening.

Unfortunately, Gnome 3 and related desktops like Cinnamon, Budgie and Pantheon still refuse to work in docker images. I am not sure about the core reasons, maybe some systemd/logind dependencies that won't work in a container. I will give it some more tries, it would be cool to have Gnome 3 and Cinnamon in a container.

As a quite new desktop in development, you may like Liri: https://hub.docker.com/r/lirios/unstable/
It does not work with x11docker yet, but I will figure that out. The description on docker hub shows how to run it on host display.

and home dir shared.

You mean your "real" home dir? You can set --homedir=$HOME to share it.

[mviereck]

x11docker has new options --systemd and --runit to run init systems in container.

This makes it possible to run desktop environments that need some daemon services in background.
Examples:

For systemd: Cinnamon on fedora 27: x11docker/cinnamon

x11docker --systemd --desktop --gpu x11docker/cinnamon

For runit: latest Enlightenment 0.22 on Void Linux: x11docker/enlightenment

x11docker --runit --desktop --gpu x11docker/enlightenment

[mviereck]

x11docker supports two new desktop environments.

One is deepin from dde, the leading desktop environment in china:

x11docker --desktop --systemd --pulseaudio --gpu x11docker/deepin

The other one is liri-shell from LiriOS (merged from formerly Hawaii and Papyros desktops):

x11docker --desktop --gpu lirios/unstable

[mviereck]

Meanwhile I've created several images containing a desktop environment: https://hub.docker.com/u/x11docker/

Gnome 3 and its forks Budgie and Pantheon are still missing. There seems to be serious bugs in gnome-shell and libmutter causing segfaults regardless what I try to adjust.
I will give it another try with the next major Gnome 3 update.

[darkdragon-001]

@mviereck Did you try to run GNOME3 with working dbus/systemd as used here for snapd?

[mviereck]

Did you try to run GNOME3 with working dbus/systemd as used here for snapd?

Yes, I did. x11docker provides a similar setup with --init=systemd. I also tried with quite reduced container isolation. e.g. --cap-add=ALL --ipc=host --net=host. Maybe I've missed --security-opt seccomp:unconfined.

[darkdragon-001]

I found a GNOME docker repository and updated it: Dockerfile-Ubuntu-Gnome. It runs GNOME in a VNC server (which is probably harder than using a X server directly).

Starting some components in xstartup works:

gnome-panel &
gnome-settings-daemon &
metacity &
nautilus &
gnome-terminal &

Unfortunately, the full gnome-session or gnome-shell does not work out of the box.

[mviereck]

I found a GNOME docker repository and updated it: Dockerfile-Ubuntu-Gnome.

The commands in xstartup just set up parts of a Gnome 2 environment. I'd say that mate desktop is a better choice for this attempt.

Unfortunately, the full gnome-session or gnome-shell does not work out of the box.

Yes, I failed to run them, too. Sometimes I find a segfault of libmutter in dmesg.
I even get segfaults if I try to run gnome-shell from host in custom X server setups.
Try e.g. x11docker --desktop --exe gnome-shell and have a look at dmesg afterwards.

My last attempts to get gnome-shell running have been in April '19. Maybe I'll try next year again. Same issues occur with pantheon and budgie, forks of Gnome 3. Only Cinnamon, an early fork, works well. Compare #147

I'd like to get Gnome 3 running in a container, but I am skeptic. It seems to be too buggy.

[darkdragon-001]

Did you see this tutorial?
They use a VNC server (but without docker) on Ubuntu 18.04.

[mviereck]

Did you try the setup? I don't see any Gnome 3 specific configuration and doubt that it will work. I see the screenshots, but it might be just some luck that it did not crash.

[darkdragon-001]

I tested it on my laptop with Ubuntu desktop 19.04 with running Gnome 3 (without docker) and it worked as described in the tutorial. There were some conflicts with daemons/indicators (like Seafile, Nextcloud) started multiple times though...

Further, I installed Ubuntu server 19.04 in a VirtualBox VM and followed the tutorial which equally worked! I just simply followed the tutorial which also starts gdm on the VM display. I just was too lazy to reinstall again to test if it works without this step as well.

PS: I filed an upstream bug.

[mviereck]

Thank you for insisting and investigating!

I seems that some serious bugs in libmutter are fixed. In some tests I was able to run gnome-shell from host in e.g. Xephyr similar to the tigervnc setup. This failed about a year ago.

I found one X configuration in x11docker that still caused Gnome 3 segfaults. Gnome 3 crashes if X extension X-Resource is not enabled.

I've enabled X-Resource in the latest commit and now gnome-shell runs in container!

Example:

FROM debian:buster
RUN apt-get update 
RUN apt-get install -y --no-install-recommends gnome-shell
CMD gnome-shell --sm-disable

x11docker --desktop --gpu --init=systemd -- gnomeimage

PS: I filed an upstream bug.

It seems there is no general issue that prevents gnome-shell in container.
But the segfault if running X with disabled extension X-Resource is worth a bug report.
Example to reproduce:

# trigger segfault in libmutter
Xephyr :50 -ac -extension X-Resource
DISPLAY=:50 gnome-shell --sm-disable

[mviereck]

I have created a dockerfile that provides some additional appliations and extensions:

FROM debian:buster
RUN apt-get update

ENV LANG=en_US.UTF-8
RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
      locales && \
    echo "$LANG UTF-8" >> /etc/locale.gen && \
    locale-gen && \
    env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
      at-spi2-core \
      gnome-shell \
      ibus \
      locales && \
    env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
      cheese \
      fcitx-config-gtk \
      gedit \
      gnome-control-center \
      gnome-terminal \
      gnome-tweak-tool \
      gnome-usage \
      pavucontrol && \
    env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
      gnome-shell-extension*

CMD gnome-shell --sm-disable

However, I am not entirely happy.

• I get segfaults e.g. running gnome-control-center. Seriously? Segfaults in a config dialog?
• The keyboard layout does not match my host system. Gnome overwrites the settings done by x11docker. But I cannot change it because gnome-control-centersegfaults. Sigh.
• gnome-usage segfaults, too, if looking at RAM usage.

[darkdragon-001]

Thank you so much for your investigation! Your example is working out of the box for me!

It seems there is no general issue that prevents gnome-shell in container.
But the segfault if running X with disabled extension X-Resource is worth a bug report.

Maybe you can submit it upstream since you discovered it? This should be the corresponding project location.

• I get segfaults e.g. running gnome-control-center. Seriously? Segfaults in a config dialog?
• The keyboard layout does not match my host system. Gnome overwrites the settings done by x11docker. But I cannot change it because gnome-control-center segfaults. Sigh.
• gnome-usage segfaults, too, if looking at RAM usage.

I did some further tests (see below) and also noticed that control center does not work. I think we should create bugs upstream here as well.

---

I got Ubuntu with GNOME 3 in VNC within Docker running as well finally!!! I experienced similar problems too.
I use ubuntu-desktop instead of gnome-shell but some parts are not working like the sidebar or gdm3 (see Known issues section in my README.md).

[mviereck]

A Dockerfile for budgie desktop, a Gnome 3 fork:

FROM debian:buster
RUN apt-get update

ENV LANG=en_US.UTF-8
RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
      locales && \
    echo "$LANG UTF-8" >> /etc/locale.gen && \
    locale-gen

RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
      budgie-desktop
RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
      at-spi2-core \
      dconf-editor \
      gedit \
      gnome-terminal

CMD budgie-desktop

Seems to work, I got no segfaults so far. (The fork seems to have less issues than the original ...). Budgie needs --init=systemd, too.

[darkdragon-001]

Thanks for your work! It would be nice if you add builds on hub.docker.com as well 😇

[mviereck]

Thanks for your work! It would be nice if you add builds on hub.docker.com as well.

• I'll do that at least for budgie.
• I am hesitating with Gnome 3 because of the remaining issues. I don't want to provide an image with segfaulting applications. Before that it would need bugreports to Gnome developers and fixes at least for gnome-control-center.
• I'll give pantheon some trials, too.

However, this will take a bit of time, I have some other projects in RL yet.

I'll close here for now. If you make some progress on the Gnome issues or open further Gnome bug tickets, please let me know.

[darkdragon-001]

If you make some progress on the Gnome issues or open further Gnome bug tickets, please let me know.

List of upstream bug reports

• gnome-shell
• mutter
• gnome-control-center

[darkdragon-001]

The solution for the GNOME apps (gnome-control-center and gnome-usage) is to install and use gnome-session instead of gnome-shell.

@mviereck Could you please add your segfault to gnome-control-center bug? I could only reproduce the assertion failure.

[mviereck]

The solution for the GNOME apps (gnome-control-center and gnome-usage) is to install and use gnome-session instead of gnome-shell.

gnome-session fails to run in container. The messages do not really help. Running gnome-session --debug shows:

 Unable to init server: Could not connect: Connection refused

** (gnome-session-failed:818): WARNING **: 18:20:57.916: Cannot open display: 

But why? gnome-shell does not have issues to access the display. Running X without access restrictions (x11docker option --no-auth) does not help either.

Could you please add your segfault to gnome-control-center bug? I could only reproduce the assertion failure

I cannot reproduce the segfault, sorry. Probably I confused it with the segfault of gnome-usage.

---

I've fixed a possible issue: x11docker now runs systemctl --user start dbus. Otherwise systemctl --user status dbus shows an inactive state. But this did not help.

[darkdragon-001]

In my VNC version, I start the session via dbus-launch --exit-with-session gnome-session.

[darkdragon-001]

Some more information about my VNC setup: I start the docker container with /sbin/init, have a systemd service which starts TigerVNC, which has a xstartup file which launches dbus-launch --exit-with-session gnome-session.

While testing a bit with x11docker, I got some errors because of invalid container names (when passing a command containing a slash like /sbin/init as command). You should replace all invalid characters by a valid character like _.

[mviereck]

I am currently trying your VNC setup. A build with gnome-shell gnome-terminal only gave me a black screen, but at least gnome-session did not terminate itself. Currently rebuilding with the full Ubuntu desktop without changing anything.
I'll compare your VNC setup with my x11docker setup to find the key difference.

EDIT: The full Ubuntu desktop works! The VNC setup comes up as well as x11docker with:

x11docker --desktop --gpu --init=systemd -- darkdragon001/ubuntu-gnome-vnc gnome-session

While testing a bit with x11docker, I got some errors because of invalid container names (when passing a command containing a slash like /sbin/init as command). You should replace all invalid characters by a valid character like _.

Thanks! Is fixed now.

[darkdragon-001]

A build with gnome-shell gnome-terminal only gave me a black screen, but at least gnome-session did not terminate itself.

I forgot to change the comment. It's updated now in the repo: gnome-session instead of gnome-shell and remove the gdm3 config modification.

I'll compare your VNC setup with my x11docker setup to find the key difference.

I don't know what your --init=sytemd does, but my container starts up it's own dbus/systemd system. I guess your setup reuses the host one.

[mviereck]

I forgot to change the comment. It's updated now in the repo: gnome-session instead of gnome-shell and remove the gdm3 config modification.

Now it sort of works. I have published an experimental Gnome 3 Dockerfile and a Gnome 3 image on Docker hub.

Some issues remain. Most annoying:

• gnome-session terminates after a few minutes and leaves gnome-shell alone. A script in the image supervises this to avoid a sudden termination of x11docker.
• logout and shutdown do not work. The image provides a script and a launcher to trigger a shutdown by x11docker.

I don't know what your --init=sytemd does, but my container starts up it's own dbus/systemd system. I guess your setup reuses the host one.

x11docker does a similar setup with --init=systemd as your VNC setup running systemd in container.

[darkdragon-001]

Now it sort of works. I have published an experimental Gnome 3 Dockerfile and a Gnome 3 image on Docker hub.

Thanks for your work 👍

• gnome-session terminates after a few minutes and leaves gnome-shell alone. A script in the image supervises this to avoid a sudden termination of x11docker.

My Ubuntu desktop works in VNC for several days now.

• logout and shutdown do not work. The image provides a script and a launcher to trigger a shutdown by x11docker.

I have the same problem in my VNC setup.

[mviereck]

My Ubuntu desktop works in VNC for several days now.

You could check pstree or ps aux | grep gnome. I give a bet that you don't have gnome-session anymore but gnome-shell only.

[darkdragon-001]

You should update your README on Docker hub since gnome-usage works (if you would include it in your Dockerfile)

You could check pstree or ps aux | grep gnome. I give a bet that you don't have gnome-session anymore but gnome-shell only.

Wrong. Starting with CMD [ "dbus-launch", "--exit-with-session", "gnome-session" ] works for me. Even logout terminates the container!

This is my working Dockerfile:

FROM ubuntu:19.10

ENV container docker
ENV DEBIAN_FRONTEND noninteractive

# Install locale
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
RUN apt-get update && apt-get install -y --no-install-recommends \
    locales && \
    echo "$LANG UTF-8" >> /etc/locale.gen && \
    locale-gen && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Install systemd
RUN apt-get update && apt-get install -y \
    dbus dbus-x11 systemd && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Install GNOME 3
RUN apt-get update \
  && apt-get install -y --no-install-recommends gnome-session gnome-control-center gnome-terminal gnome-usage \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*

CMD [ "dbus-launch", "--exit-with-session", "gnome-session" ]

Running with

x11docker --desktop --gpu --init=systemd -- gnome

[mviereck]

You should update your README on Docker hub since gnome-usage works (if you would include it in your Dockerfile)

gnome-usage crashes if you click the "Storage" tab. That happens with the ubuntu image as well.

Wrong. Starting with CMD [ "dbus-launch", "--exit-with-session", "gnome-session" ] works for me.

Indeed. gnome-session seems to be stable in the ubuntu image, but not in the debian image. I wonder why.

Even logout terminates the container!

Indeed, great! I don't know why there is a difference between ubuntu and debian. I should change my image to ubuntu base. (EDIT: change done)

If you still have the logout issue in your VNC setup, you could check your dbus user service with systemctl --user status dbus. Previously it showed inactive in x11docker, Now x11docker executes systemctl --user start dbus before running the final command. Maybe that makes a difference.

BTW: With x11docker --init=systemd you don't need dbus-launch. x11docker runs the image command with dbus-run-session if started with --init=systemd. That does basically the same.

EDIT:
In gnome-control-center I have issues with three tabs: "Sharing", "Power" and "Details". It takes some time until something is shown. Until then the dialog does not response to anything, frozen until some timeout. Maybe some issue with the hostnamed systemd service. Do you have the same issue in your VNC setup?

EDIT2:
Your repository https://github.com/darkdragon-001/Dockerfile-Ubuntu-Gnome does not have a possibility to open issue tickets. Is that intended?
Writing here:

sudo docker run --name=ubuntu-gnome -it -d --rm \
  --tmpfs /run --tmpfs /run/lock --tmpfs /tmp \
  --cap-add SYS_ADMIN --security-opt apparmor:unconfined \
  -v /sys/fs/cgroup:/sys/fs/cgroup \
  -p 5901:5901 -p 6901:6901 \
  darkdragon001/ubuntu-gnome-vnc

• --cap-add SYS_ADMIN: You should not add this capability, it is much too powerful. It was needed for early systemd setups in container, but not anymore with recent versions of systemd.
• --cap-add SYS_BOOT: I suggest this to allow logout / shutdown of systemd.
• --security-opt apparmor:unconfined: Should not be needed.
• -it -d: -i, --interactive and -d, --detached are an either-or decision. Use only one of them.

[darkdragon-001]

If you still have the logout issue in your VNC setup, you could check your dbus user service with systemctl --user status dbus. Previously it showed inactive in x11docker, Now x11docker executes systemctl --user start dbus before running the final command. Maybe that makes a difference.

It is running in my setup. I guess I should take some time and make a concept which behavior I want. Should logout really close the session and stop the VNC server? Maybe it would be better to somehow forward this request to close the VNC session but keep the server running.

In gnome-control-center I have issues with three tabs: "Sharing", "Power" and "Details". It takes some time until something is shown. Until then the dialog does not response to anything, frozen until some timeout. Maybe some issue with the hostnamed systemd service. Do you have the same issue in your VNC setup?

Indeed I have the same problem in my VNC setup. Your idea about hostnamed seems plausible since at least Sharing and Details/About want to display the hostname.

BTW:
You should also add your Budgie Dockerfile to hub.docker.com 😉

---

Your repository https://github.com/darkdragon-001/Dockerfile-Ubuntu-Gnome does not have a possibility to open issue tickets. Is that intended?

Since it started as a fork, it used the settings from upstream. I updated the settings to support issues now.

• --cap-add SYS_ADMIN: You should not add this capability, it is much too powerful. It was needed for early systemd setups in container, but not anymore with recent versions of systemd.
• --cap-add SYS_BOOT: I suggest this to allow logout / shutdown of systemd.
• --security-opt apparmor:unconfined: Should not be needed.
• -it -d: -i, --interactive and -d, --detached are an either-or decision. Use only one of them.

Thanks for your information! I updated my README.