I have no success in getting a GUI app to run within a container. Most give an error Can not open display :0 I thought it might be a lack of Xserver or simalar inside the container. I found via search mount /tmp/X11-unix and -e DISPLAY=$DISPLAY but this has not got me any closer. I tried to put together a a container for Weston. Here is what I got:
Dockerfile:
FROM registry.fedoraproject.org/fedora:rawhide
You probably need a VNC server in the container for graphics apps. I’ve seen some attempts at that but frankly, they looked hacky and unmaintainable. Quite a few tools are built with web server technology now - you run them in a container and access them via the browser on the host. pgAdmin4, RStudio Server and Jupyter notebook server are three common examples from the data science world.
The problem you are getting with “Can not open display :0” is probably related to the rights. Try solving it with xhost +"local:docker@". You also do not need wayland anywhere in the equation.
Please take into account that chromium will not run in a container on Fedora, since it needs to create it’s own user namespace and this will interfere with the way the kernel is compiled. You will however be able to run lots other apps, like Firefox or Spotify.
Though I do like the idea of running applications as containers, I am containing my browsers with selinux: G / selinux_browser_module · GitLab. This also solved the problem with chromium.
Your post also reminds me that I need to create a Skype container … ASAP … cause I need it for my job. For Skype you probably need to mount /dev/snd too.
You don’t need VNC in the countainer. Mounting /tmp/.X11-unix is all you need.
If you run VNC inside the container, this will create overhead. Think about how bad this would be if you run each application in a container. You also force the use of a VNC client for each application. If you mount the X11 session, the application will just pop on your screne. This works perfect with i3wm.
Yea, I actually used exactly that. You have to overwrite the rights that the flatpak has, since it gives skype FULL access to your home folder, so including ssh and gpg keys. I removed that. Now I just have a properly isolated skype, that can’t see other processes and can’t see anything in my home folder. However, I can do screen share since it has access to X, so it’s exactly what I needed.