6

DISCLAIMER: This question has been asked in different forms on Stackoverflow and other venues, but I could get none to work. So I hope someone can help me figure this out once and for all.

I need to enable x11-forwarding work on my Docker container without using xhost at all, because of the security issues. I want to expose the /tmp/.X11-unix socket and ~/.Xauthority to the Docker container, so that it can use them to connect to the X-server like a client.

I could boil down my problem to a simple Dockerfile. I have a docker-compose.yml to run that Dockerfile.

Dockerfile:

FROM ubuntu:16.04
RUN apt-get update && apt-get install -y x11-apps xauth

docker-compose.yml:

version: '2.3'
services:
  test:
    build: .
    command: /bin/bash
    environment:
      DISPLAY: $DISPLAY
    volumes:
      - /tmp/.X11-unix:/tmp/.X11-unix
      - ~/.Xauthority:/root/.Xauthority

The two files are located in the same folder. To run:

# To build the container
$ docker-compose up --build
# To run it
$ docker-compose run test

# In the container run:
$ xclock

# See the xauth list
$ xauth list

If you run xhost + in the host system, authentications will be waived from the X-server and the xclock program will run successfully. Otherwise, it will complain that Error: Can't open display: :0. I want to solve this issue without xhost, and merely by establishing a successful connection to the X-server through the exposed socket and X authentications. Any helps on that?

Operating System: Ubuntu 16.04

Docker Version: 18.09.1, build 4c52b90

docker-compose version: 1.23.2, build 1110ad01

sharif1133
  • 83
  • 1
  • 6
  • Any leads on this? I'm struggling with a similar problem as well I could not find any way to solve it yet. I also have a constraint that I cannot use network_mode: "host" because I have multiple containers talking to each other... – Saeid Bagheri Nov 13 '21 at 02:16

1 Answers1

4

Your setup was almost correct, you just need to change the network_mode to host. Otherwise, docker will create a separate network for the container, hence we are not able to connect to the host xServer instance.

Please tryout this docker-compose file:

version: '2.3'
services:
  test:
    build: .
    command: /bin/bash
    environment:
      DISPLAY: $DISPLAY
    volumes:
      - /tmp/.X11-unix:/tmp/.X11-unix
      - ~/.Xauthority:/root/.Xauthority
    network_mode: "host"

In case you stick to the simple command line instead of compose:

docker run --rm -it --network host -e DISPLAY=$DISPLAY -v /home/<hostUser>/.Xauthority:/home/<containerUser>/.Xauthority -v /tmp/.X11-unix:/tmp/.X11-unix <container>

Please checkout this tutorial for more information: https://www.cloudsavvyit.com/10520/how-to-run-gui-applications-in-a-docker-container/

whati001
  • 317
  • 2
  • 9