When I used an X11 desktop, I could run graphical applications in docker containers by sharing the $DISPLAY
variable and /tmp/X11-unix
directory. For example:
docker run -ti -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix some:ubuntu xclock
Now, I'm on Fedora 25 running Wayland, so there is no X11 infrastructure to share with the container. How can I launch a graphical application in the container, and have it show up on my desktop? Is there some way to tie in XWayland?
Best Answer
As you say you are running Fedora 25 with Wayland, I assume you are using Gnome-Wayland desktop.
Gnome-Wayland runs Xwayland to support X applications. You can share Xwayland access like you did before with Xorg.
Your example command misses
XAUTHORITY
, and you don't mentionxhost
. You need one of this ways to allow X applications in docker to access Xwayland (or any X). As all this is not related to Wayland, I refer to How can you run GUI applications in docker container? on how to run X applications in docker.As for short, two solutions with xhost:
xhost +SI:localuser:$(id -un)
and create a similar user with docker run option:--user=$(id -u):$(id -g)
xhost +SI:localuser:root
Related Pitfall: X normally uses shared memory (X extension
MIT-SHM
). Docker containers are isolated and cannot access shared memory. That can lead to rendering glitches and RAM access failures. You can avoid that with docker run option--ipc=host
. That impacts container isolation as it disables IPC namespacing. Compare: https://github.com/jessfraz/dockerfiles/issues/359To run Wayland applications in docker without X, you need a running wayland compositor like Gnome-Wayland or Weston. You have to share the Wayland socket. You find it in
XDG_RUNTIME_DIR
and its name is stored inWAYLAND_DISPLAY
. AsXDG_RUNTIME_DIR
only allows access for its owner, you need the same user in container as on host. Example:QT5 applications also need
-e QT_QPA_PLATFORM=wayland
and must be started withimagename dbus-launch waylandapplication
x11docker for X and Wayland applications in docker is an all in one solution. It also cares about preserving container isolation (that gets lost if simply sharing host X display as in your example).