How can I run a graphical application in a container under Wayland?

x11 docker wayland

35,897

Solution 1

As you say you are running Fedora 25 with Wayland, I assume you are using Gnome-Wayland desktop.

Gnome-Wayland runs Xwayland to support X applications. You can share Xwayland access like you did before with Xorg.

Your example command misses XAUTHORITY, and you don't mention xhost. You need one of this ways to allow X applications in docker to access Xwayland (or any X). As all this is not related to Wayland, I refer to How can you run GUI applications in docker container? on how to run X applications in docker.

As for short, two solutions with xhost:

Allow your local user access via xhost: xhost +SI:localuser:$(id -un) and create a similar user with docker run option: --user=$(id -u):$(id -g)
Discouraged: Allow root access to X with xhost +SI:localuser:root

Related Pitfall: X normally uses shared memory (X extension MIT-SHM). Docker containers are isolated and cannot access shared memory. That can lead to rendering glitches and RAM access failures. You can avoid that with docker run option --ipc=host. That impacts container isolation as it disables IPC namespacing. Compare: https://github.com/jessfraz/dockerfiles/issues/359

To run Wayland applications in docker without X, you need a running wayland compositor like Gnome-Wayland or Weston. You have to share the Wayland socket. You find it in XDG_RUNTIME_DIR and its name is stored in WAYLAND_DISPLAY. As XDG_RUNTIME_DIR only allows access for its owner, you need the same user in container as on host. Example:

docker run -e XDG_RUNTIME_DIR=/tmp \
           -e WAYLAND_DISPLAY=$WAYLAND_DISPLAY \
           -v $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:/tmp/$WAYLAND_DISPLAY  \
           --user=$(id -u):$(id -g) \
           imagename waylandapplication

QT5 applications also need -e QT_QPA_PLATFORM=wayland and must be started with imagename dbus-launch waylandapplication

x11docker for X and Wayland applications in docker is an all in one solution. It also cares about preserving container isolation (that gets lost if simply sharing host X display as in your example).

Solution 2

I'd recommend Sommelier by Google. It allows you to launch Wayland OR X11 apps and provides the sockets that those apps are looking for in order to get them into the current display server. https://chromium.googlesource.com/chromiumos/platform2/+/master/vm_tools/sommelier/

A simple how-to that should work on any system not just Crouton/Crostini on ChromeOS.

https://github.com/dnschneid/crouton/wiki/Sommelier-(A-more-native-alternative-to-xiwi)

35,897

Willi Ballenthin

Updated on September 18, 2022

Comments

Willi Ballenthin almost 2 years
When I used an X11 desktop, I could run graphical applications in docker containers by sharing the $DISPLAY variable and /tmp/X11-unix directory. For example:
```
docker run -ti -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix some:ubuntu xclock
```
Now, I'm on Fedora 25 running Wayland, so there is no X11 infrastructure to share with the container. How can I launch a graphical application in the container, and have it show up on my desktop? Is there some way to tie in XWayland?
- Bratchley over 7 years
  
  Not sure how to answer your question the right way (I've never done it before) but on my system the unix domain socket used by Wayland is at /run/user/1000/wayland-0 for my personal desktop.
Oxwivi over 6 years

What if I'm unsure if the app I want to run is X or Wayland? Is there anything generic I can pass so it can automatically determine if XWayland is needed or not?
mviereck over 6 years

@Oxwivi Alternativly, you could run and check for failure. First run docker with pure Wayland setup; if it fails, second attempt with QT5+dbus-launch+Wayland setup; if it fails, too, third attempt with X/Xwayland setup. If that fails, too, something else is wrong.
Oxwivi over 6 years

May I ask you to edit the answer with examples? I'm confused on where to to use the x11docker command for example.
mviereck over 6 years

@Oxwivi Could you please ask in the issue tracker of x11docker so I can answer you there? Your question goes above the scope of this SE question and answer, and the comments are to small for good explanations.
Oxwivi over 6 years

github.com/mviereck/x11docker/issues/31
gw0 over 6 years

What if I have a pure Wayland desktop and want to exclusively run X apps inside containers?
mviereck over 6 years

@ShN It is possible to run Weston as a client in another Wayland compositor. Inside this client Weston you can run Xwayland with X applications. With x11docker: x11docker --weston-xwayland imagename application
mviereck over 6 years

@Shn Also you can run Xwayland directly as a Wayland client: Xwayland :20 & sleep 3 && docker run -e DISPLAY=:20 -v /tmp/.X11-unix:/tmp/.X11-unix imagename application. Xwayland will cover the whole display; you can move it around with <Super><LeftMouseButton>. With x11docker: x11docker --xwayland imagename application.
gw0 over 6 years

@mviereck thank you for your detailed reply, it's appreciated. My issue is I'm trying to have a main Wayland based gui/desktop while X apps are isolated in containers. Isn't there a way to run those X apps inside containers without the Xwayland overhead?
mviereck over 6 years

@ShN You need an X server in any case. To avoid X on host I provide x11docker/xwayland. If xpra is ported to GTK3+python3 some day, it will provide further possibilities with seamless windows. Invisible setups are possible with Xvfb in container. For discussion in detail you may open an issue ticket on github.