-1

i am attempting to run a windows GUI app in a container on Linux. The intent is to protect an ancient windows app that is no longer supported. So i get a Red Hat developer subscription, install RHEL 8.6 with container tools, run the universal base image 'UBI-INIT', and within the container, i install GNOME desktop with Xrdp, and i successfully render the GUI desktop in a RHEL container.

Now that the container is working well, I commit to an image, but when i run that image, the GUI fails to render. the xrdp session times out as if services are not running and/or ports are not accessible.

Within the container that i ran from the committed image:

  • i verify that all of the services necessary to support XRDP and GNOME are up and running.
  • journalctl does not seem to show any errors. There are complaints around rtkit but i see similar errors in the working container.
  • i see no evidence that an xrdp connection was attempted in the xrdp or xrdp-sesman logs. But i am fairly certain that ports are not the issue because i can ssh to the container.

the commands i used to install and configure the working container are:

podman run -d -v /mnt/share:/share -p 53389:3389 -p 50022:22 --rm --privileged --name ubi-ini registry.access.redhat.com/ubi8/ubi-init;
podman exec -it ubi-ini bash

and within the container i run the following:

timedatectl set-timezone America/New_York
# GNOME desktop GUI
dnf install -y selinux-policy-targeted
dnf groupinstall -y --skip-broken "Server with GUI"
# xrdp
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf install -y xrdp
echo 'if [ "$DISPLAY" !=' "'\"\"' ]; then xhost +; fi;" >> /etc/profile
sed -i '/^port=3389.*/a port=tcp://:3389' /etc/xrdp/xrdp.ini
useradd -g root -p $(echo "jde" | openssl passwd -1 -stdin) jde
usermod -aG wheel jde
systemctl enable xrdp xrdp-sesman gdm
systemctl unmask systemd-logind.service
systemctl restart sshd xrdp xrdp-sesman dbus gdm systemd-logind.service

I commit the image like this:

podman commit ubi-ini ubi-gui

I run the image with this command:

podman run -d -v /mnt/share:/share -p 63389:3389 -p 60022:22 --rm --privileged --name ubi-gui ubi-gui

xrdp communicates with the desktop manager through systemd UBI-INIT is the only linux base container that supports systemd.

i suspect there is something about the processes in the derived container but when i compare the working and non-working container with ps aux, i don't see significant anomolies.

Any ideas?

Blaarfengard
  • 17
  • 1
  • 3

2 Answers2

0

I have absolutely no idea about 'XRDP' but I see you use a different host port in your second container instance, is that intentional?

idle_roamer
  • 21
  • 2
  • yeah that was intentional. it's so that i can test both containers at the same time and compare the two. one (working) container listens on ports 5022 and 53389 and the other (not so good) on ports 6022 and 63389 for ssh and rdp respectively. i compare the processes with 'ps aux', services with systemctl, and configuration files but i see no significant differences. on the bad container, the ssh port works but the rdp fails. – Blaarfengard Sep 09 '22 at 12:40
-1

Got this to work by disabling firewall and selinux everywhere, meaning the container host abd the base container UBI-INIT as well. Now the image based on the modified container (with Gnome desktop and XRDP and disabled security) results in a container that serves the GUI desktop.

It's working fine except that gdm (gnome desktop manager) does not start even though it is enabled and all the other enabled services are ok. Still working that one out, but the basic question is answered: it was not the software stack but rather it was security configuration. i suspect selinux in the container somehow interfered with inter-process communication, because i am able to ssh on (mapped) port 22 externally.

Blaarfengard
  • 17
  • 1
  • 3