Connect to X11-server from docker without xhost but with xauth

Asked 4/2, 2019 at 21:43 Answered 14/8, 2024 at 20:26

docker docker-compose x11 x11-forwarding

DISCLAIMER: This question has been asked in different forms on Stackoverflow and other venues, but I could get none to work. So I hope someone can help me figure this out once and for all.

I need to enable x11-forwarding work on my Docker container without using xhost at all, because of the security issues. I want to expose the /tmp/.X11-unix socket and ~/.Xauthority to the Docker container, so that it can use them to connect to the X-server like a client.

I could boil down my problem to a simple Dockerfile. I have a docker-compose.yml to run that Dockerfile.

Dockerfile:

FROM ubuntu:16.04
RUN apt-get update && apt-get install -y x11-apps xauth

docker-compose.yml:

version: '2.3'
services:
  test:
    build: .
    command: /bin/bash
    environment:
      DISPLAY: $DISPLAY
    volumes:
      - /tmp/.X11-unix:/tmp/.X11-unix
      - ~/.Xauthority:/root/.Xauthority

The two files are located in the same folder. To run:

# To build the container
$ docker-compose up --build
# To run it
$ docker-compose run test

# In the container run:
$ xclock

# See the xauth list
$ xauth list

If you run xhost + in the host system, authentications will be waived from the X-server and the xclock program will run successfully. Otherwise, it will complain that Error: Can't open display: :0. I want to solve this issue without xhost, and merely by establishing a successful connection to the X-server through the exposed socket and X authentications. Any helps on that?

Operating System: Ubuntu 16.04

Docker Version: 18.09.1, build 4c52b90

docker-compose version: 1.23.2, build 1110ad01

Mayers answered 4/2, 2019 at 21:43 Comment(1)

Any leads on this? I'm struggling with a similar problem as well I could not find any way to solve it yet. I also have a constraint that I cannot use network_mode: "host" because I have multiple containers talking to each other... – Shrieval 13/11, 2021 at 2:16

Your setup was almost correct, you just need to change the network_mode to host. Otherwise, docker will create a separate network for the container, hence we are not able to connect to the host xServer instance.

Please tryout this docker-compose file:

version: '2.3'
services:
  test:
    build: .
    command: /bin/bash
    environment:
      DISPLAY: $DISPLAY
    volumes:
      - /tmp/.X11-unix:/tmp/.X11-unix
      - ~/.Xauthority:/root/.Xauthority
    network_mode: "host"

In case you stick to the simple command line instead of compose:

docker run --rm -it --network host -e DISPLAY=$DISPLAY -v /home/<hostUser>/.Xauthority:/home/<containerUser>/.Xauthority -v /tmp/.X11-unix:/tmp/.X11-unix <container>

Please checkout this tutorial for more information: https://www.cloudsavvyit.com/10520/how-to-run-gui-applications-in-a-docker-container/

Inly answered 9/10, 2021 at 9:57 Comment(1)

i assume the runtime user is root here? – Teeth 11/12, 2023 at 19:12

Had the same issue. After adding the user field, everything worked fine. Result:

version: '3'
services:
  dinorunner:
    build: .
    user: <USER_AS_CREATED_IN_THE_DOCKERFILE>
    environment:
      - DISPLAY=$DISPLAY
      - SSH_AUTH_SOCK=/tmp/ssh_auth_sock
      - XAUTHORITY=$XAUTHORITY
    volumes:
      - /tmp/.X11-unix:/tmp/.X11-unix
      - .:/<DESTINATION_DIR>
      - /dev/dri:/dev/dri
    working_dir: <WORKING_DIRECTORY>
    network_mode: "host"
    command: >
      bash -c "echo 'Hallo world'"

Elodea answered 14/8, 2024 at 20:26 Comment(0)

Recommended topics

Hot tags