How to run Chromium from a docker container

ubuntu x11 docker chrome
10,078

Solution 1

Your need reminds me subuser. It has been design to run end-user application in a docker container in order to protect privacy and increase safety.

Solution 2

I don't have a Mac to experiment with, but here's some general suggestions:

X11 is usually protected with a key file which can only be read by the user who owns the display, thus using the filesystem permissions to assert that only other programs which can read that file are able to connect. The clients read that file and then repeat its contents to the server through the socket. So, I think you were on the right track with 

-e XAUTHORITY=/.Xauthority \
-v ~/.Xauthority:/.Xauthority:ro \

Next, you show SSH X11 forwarding settings but no indication that you ssh into the docker container. SSH forwarding is normally used by:

ssh $HOST -X program-which-launches-gui

In order to do this you'd need to run an SSH server inside the docker container, which is a bit of effort...

Next, you show a DISPLAY=/path/to/socket which I've not used before. If this is a MacOS invention, then the dockerized Ubuntu might not understand that format.

Finally, you can see what chrome is actually attempting to do using the 'strace' command from inside the docker container.

strace chromium-browser 2>&1 | egrep "open|stat|connect|bind"

That might help you narrow down which specific operations fail right before it gives up.

Share:
10,078
zabumba
Author by

zabumba

Updated on September 18, 2022

Comments

  • zabumba
    zabumba over 1 year

    Environment

    • MacOS Sierra 10.12.6
    • Docker version 17.09.0-ce, build afdb6d4
    • Ubuntu 16.04
    • XQuartz 2.7.9

    I want to open Chromium browser from a docker container onto my Mac desktop.

    docker run -i -t ubuntu:16.04 /bin/bash
apt-get update
apt-get install alsa-base chromium-browser xauth
adduser myuser

    Commit

    docker commit 2862a7bfcc2f  acme/mycontainer:0.1

    Running chromium browser as myuser from container FAIL

    docker run --user myuser -i -t acme/mycontainer:0.1 /usr/bin/chromium-browser
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted

    I bet there is a bit more to it

    Any pointers?

    UDPATE - using --privileged

    Removes the error See thread on serverfault but the UI doesn't show up

    docker run \
       --privileged \
       --user mysuer \
       -i -t acme/mycontainer:0.1 /usr/bin/chromium-browser

    and this one

    docker run \
   --privileged \
   --net host \
   -v /tmp/.X11-unix:/tmp/.X11-unix \
   -e DISPLAY=$DISPLAY \
   -e XAUTHORITY=/.Xauthority \
   -v ~/.Xauthority:/.Xauthority:ro \
   --name chromium \
   --user mysuser \
   -i -t acme/mycontainer:0.1 /usr/bin/chromium-browser

    Chromium doesn't show up

    UPDATE 20171011

    docker run \
   --privileged \
   --net host \
   -v /tmp/.X11-unix \
   -e DISPLAY \
   --name chromium \
   --user myuser \
   -i -t acme/mycontainer:0.1 \
   bash

    Starting Chromium Gtk: cannot open display: [...] org.macosforge.xquartz:0 error

    $ chromium-browser --verbose
[37:37:1011/154632.348303:VERBOSE1:breakpad_linux.cc(1978)] Breakpad disabled
[1:1:1011/154632.378280:VERBOSE1:zygote_main_linux.cc(537)] ZygoteMain: initializing 0 fork delegates
[1:1:1011/154632.378653:INFO:cpu_info.cc(50)] Available number of cores: 4
[37:37:1011/154632.381303:WARNING:browser_main_loop.cc(275)] Gtk: cannot open display: \
      /private/tmp/com.apple.launchd.Y2wR3QWw57/org.macosforge.xquartz:0

    On my Mac edited sshd_config

    sudo vim /etc/ssh/sshd_config
X11Forwarding yes
X11DisplayOffset 10
XAuthLocation /opt/X11/bin/xauth

    On my Mac DISPLAY

    $ env | grep DISPLAY
DISPLAY=/private/tmp/com.apple.launchd.Y2wR3QWw57/org.macosforge.xquartz:0

    On disk

    ls -al /private/tmp/com.apple.launchd.gCYQToI4lb/*
srw-rw-rw-  1 joel  wheel     0B Oct 11 17:50 
/private/tmp/com.apple.launchd.gCYQToI4lb/org.macosforge.xquartz:0=
    • Admin
      Admin almost 5 years
      Did you get anywhere with this, @zabumba?
  • zabumba
    zabumba over 6 years
    remember to upvote the question. see if someone else may be able to help. I like your pointer to subuser. that's interesting
  • zabumba
    zabumba over 6 years
    I'll give you the bounty because of the good pointers, but I haven't resolved the issue. I will create another bounty to see if someone else can help. Eventually provide with a Dockerfile. thx
  • Dave
    Dave almost 6 years
    subuser might be the "Qubes OS lite" that I've been looking for! Thanks!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Empty Screen Launching Chromium-Browser Over X11 from Ubuntu 16 to OSX XQuartz
how to start an application as soon as x starts up in ubuntu?
How to remount the /proc filesystem in a docker as a r/w system?
nslookup reported "can't resolve '(null)': Name does not resolve" though it successfully resolved the DNS names
Error response from daemon: No such image: ubuntu (tag: latest) right after after pulling from docker hub
How to install ffmpeg for ubuntu using command line?
Docker cp: Error response from daemon: lstat no such file or directory
error response from daemon: no such container: dionaea
Docker: Error response from daemon: invalid volume specification: ubuntu
Python Tkinter in Docker .TclError: couldn't connect to display