/tmp/.X11-unix
directory. Sockets can be shared by mounting this directory with the -v
. You also need to set the DISPLAY environment variable, which gives applications a screen for displaying graphics. Since we will be outputting to our screen, it is enough to copy the host machine's DISPLAY value. Usually, this is :0.0
or simply :0
. An empty hostname (before the colon) implies a local connection using the most efficient transport, which in most cases means Unix-domain sockets - just what we need: $ docker run -e DISPLAY=unix$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix <image>
No protocol specified Error: cannot open display: unix: 0.0
$ xhost +local:
$ xhost +si:localuser:root
xauth list
, change the host name to another (you need to think up in advance) and export the resulting key to the Xauthority file, which we then mount into the container: $ DOCKER_CONTAINER_HOSTNAME=foobar $ xauth list $DISPLAY | sed -e "s/$HOSTNAME/$DOCKER_CONTAINER_HOSTNAME/" | xargs xauth -f /tmp/.docker.Xauthority add $ docker run -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix \ -v /tmp/.docker.Xauthority -e XAUTHORITY=/tmp/.docker.Xauthority -h $DOCKER_CONTAINER_HOSTNAME <image>
$ xauth nlist $DISPLAY | sed -e 's/^..../ffff/' | xauth -f /tmp/.docker.Xauthority nmerge - $ docker run -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix \ -v /tmp/.docker.Xauthority -e XAUTHORITY=/tmp/.docker.Xauthority <image>
-v
parameter, while the container should be running in privileged mode: $ docker run -v /dev/snd:/dev/snd --privileged <image>
--device
for connecting devices has been added to Docker 1.2. Unfortunately, at the moment (version 1.2), --device
as the value can take only one device at a time, which means you have to explicitly list them all. For example: $ docker run --device=/dev/snd/controlC0 --device=/dev/snd/pcmC0D0p --device=/dev/snd/seq --device=/dev/snd/timer <image>
--device
will be added in future releases (there is a corresponding request on github). $ docker run -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=unix$DISPLAY \ --device=/dev/snd/controlC0 --device=/dev/snd/pcmC0D0p \ --device=/dev/snd/seq --device=/dev/snd/timer <image>
$ docker run -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=unix$DISPLAY \ -v /dev/snd:/dev/snd --privileged <image>
FROM debian:wheezy ENV DEBIAN_FRONTEND noninteractive RUN apt-get update RUN apt-get install -yq wget # deadbeef RUN wget -P /tmp 'http://sourceforge.net/projects/deadbeef/files/debian/0.6.2/deadbeef-static_0.6.2-2_amd64.deb' \ && dpkg -i /tmp/deadbeef-static_0.6.2-2_amd64.deb || true \ && apt-get install -fyq --no-install-recommends \ && ln -s /opt/deadbeef/bin/deadbeef /usr/local/bin/deadbeef \ && rm /tmp/deadbeef-static_0.6.2-2_amd64.deb # ENTRYPOINT ["/opt/deadbeef/bin/deadbeef"]
$ docker build -t deadbeef .
$ docker run --rm -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=unix$DISPLAY \ --device=/dev/snd/controlC0 --device=/dev/snd/pcmC0D0p --device=/dev/snd/seq --device=/dev/snd/timer \ deadbeef http://94.25.53.133/ultra-128.mp3
-X
when creating an ssh connection enables X11 redirection, which allows displaying a graphical application running on a remote machine on a local machine. In this case, a remote machine can be understood as a docker container./etc/ssh/sshd_config
and looking for the X11Forwarding
parameter (or its synonyms: ForwardX11
, AllowX11Forwarding
), which should be set to yes
: X11Forwarding yes
paprefs
you need to go into the PulseAudio settings and in the “Network Settings” tab put a tick in front of “Enable network access to local sound devices” (enable network access to local audio devices). You can also find the option “Don't require authentication” (do not require authorization). Enabling this option will allow unauthorized access to the server, which can simplify the configuration of docker containers. For authorized access, you must copy the ~/.pulse-cookie
file into the container. $ sudo service pulseaudio restart
or $ pulseaudio -k && pulseaudio --start
pax11publish
, the output of which should look something like this: Server: <...>unix:/run/user/1000/pulse/native tcp:<hostname>:4713 tcp6:<hostname>:4713 Cookie: <...>
$ PULSE_SERVER=tcp:172.17.42.1:4713
$ ip route | awk '/docker/ { print $NF }' 172.17.42.1
ssh -R
: $ ssh -X -R 64713:localhost:4713 <user>@<hostname>
FROM debian:wheezy ENV DEBIAN_FRONTEND noninteractive RUN apt-get update RUN apt-get install -yq wget # deadbeef RUN wget -P /tmp 'http://sourceforge.net/projects/deadbeef/files/debian/0.6.2/deadbeef-static_0.6.2-2_amd64.deb' \ && dpkg -i /tmp/deadbeef-static_0.6.2-2_amd64.deb || true \ && apt-get install -fyq --no-install-recommends \ && ln -s /opt/deadbeef/bin/deadbeef /usr/local/bin/deadbeef \ && rm /tmp/deadbeef-static_0.6.2-2_amd64.deb # pulseaudio RUN apt-get install -yq --no-install-recommends pulseaudio RUN apt-get install -yq \ pwgen \ openssh-server # ssh- RUN mkdir -p /var/run/sshd ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh EXPOSE 22 ENTRYPOINT ["/entrypoint.sh"]
#!/bin/bash # PULSE_SERVER PA_PORT=${PA_PORT:-4713} PA_HOST=${PA_HOST:-localhost} PA_SERVER="tcp:$PA_HOST:$PA_PORT" # DOCKER_USER=dockerx # DOCKER_PASSWORD=$(pwgen -c -n -1 12) DOCKER_ENCRYPTED_PASSWORD=$(perl -e 'print crypt('"$DOCKER_PASSWORD"', "aa")') # , # docker logs echo User: $DOCKER_USER echo Password: $DOCKER_PASSWORD # useradd --create-home --home-dir /home/$DOCKER_USER --password $DOCKER_ENCRYPTED_PASSWORD \ --shell /bin/bash --user-group $DOCKER_USER # PULSE_SERVER ~/.profile , # echo "PULSE_SERVER=$PA_SERVER; export PULSE_SERVER" >> /home/$DOCKER_USER/.profile # ssh- exec /usr/sbin/sshd -D
$ docker build -t deadbeef:ssh .
$ docker run -d -p 2222:22 -e PA_HOST="172.17.42.1" --name=dead_player deadbeef:ssh
docker logs
: $ docker logs dead_player User: dockerx Password: vai0ay7OuNga
docker inspect
: $ docker inspect --format '{{ .NetworkSettings.IPAddress }}' dead_player 172.17.0.69
$ ssh -X dockerx@172.17.0.69
$ ssh -X -p 2222 dockerx@172.17.42.1
dockerx@5e3add235060:~$ deadbeef
{ "description" : "Simple universal text editor." ,"maintainer" : "Timothy Hobbs <timothyhobbs (at) seznam dot cz>" // ,"executable" : "/usr/bin/vim" // , / // . : "Downloads" "$HOME/Downloads" ,"user-dirs" : [ 'Downloads', 'Documents' ] // : [] // X11 ,"x11" : true // : false // ,"sound-card" : true // : false // , / ,"access-working-directory" : true // : false // ,"allow-network-access" : true // : false }
$ subuser list available
$ subuser subuser add firefox-flash firefox-flash@default
$ subuser run firefox-flash
~/.subuser-repo
directory will come down. It should initialize the git repository: $ mkdir ~/.subuser-repo $ cd ~/.subuser-repo $ git init
$ mkdir deadbeef
image-name/ docker-image/ SubuserImagefile docker-build-context... permissions.json
FROM-SUBUSER-IMAGE
, which accepts the identifier of an existing subuser image as an argument. A list of available base images can be found here: SubuserBaseImages . FROM debian:wheezy ENV DEBIAN_FRONTEND noninteractive RUN apt-get update RUN apt-get install -yq wget # deadbeef RUN wget -P /tmp 'http://sourceforge.net/projects/deadbeef/files/debian/0.6.2/deadbeef-static_0.6.2-2_amd64.deb' \ && dpkg -i /tmp/deadbeef-static_0.6.2-2_amd64.deb || true \ && apt-get install -fyq --no-install-recommends \ && ln -s /opt/deadbeef/bin/deadbeef /usr/local/bin/deadbeef \ && rm /tmp/deadbeef-static_0.6.2-2_amd64.deb
{ "description": "Ultimate Music Player For GNU/Linux", "maintainer": "Humble Me", "executable": "/opt/deadbeef/bin/deadbeef", "sound-card": true, "x11": true, "user-dirs": [ "Music" ], "allow-network-access": true, "as-root": true }
as-root
allows you to run applications in a container as root. By default, the subuser starts the container with the --user
parameter, giving it the current user ID. But deadbeef at the same time refuses to run (it cannot create a socket file in a home directory that does not exist). ~/.subuser-repo $ git add . && git commit -m 'initial commit'
$ subuser subuser add deadbeef deadbeef@file:////home/silentvick/.subuser-repo
$ subuser run deadbeef
x2goclient
program is x2goclient
. More information about server and client installation can be found on the official project website . FROM debian:wheezy ENV DEBIAN_FRONTEND noninteractive RUN apt-get update RUN apt-get install -yq wget # deadbeef RUN wget -P /tmp 'http://sourceforge.net/projects/deadbeef/files/debian/0.6.2/deadbeef-static_0.6.2-2_amd64.deb' \ && dpkg -i /tmp/deadbeef-static_0.6.2-2_amd64.deb || true \ && apt-get install -fyq --no-install-recommends \ && ln -s /opt/deadbeef/bin/deadbeef /usr/local/bin/deadbeef \ && rm /tmp/deadbeef-static_0.6.2-2_amd64.deb # pulseaudio RUN apt-get install -yq --no-install-recommends pulseaudio # ssh- pwgen RUN apt-get install -yq \ pwgen \ openssh-server # , ssh- RUN mkdir -p /var/run/sshd # x2go- RUN echo 'deb http://packages.x2go.org/debian wheezy main' >> /etc/apt/sources.list \ && echo 'deb-src http://packages.x2go.org/debian wheezy main' >> /etc/apt/sources.list \ && apt-key adv --recv-keys --keyserver keys.gnupg.net E1F958385BFE2B6E \ && apt-get update && apt-get install -yq x2go-keyring \ && apt-get update && apt-get install -yq \ x2goserver \ x2goserver-xsession # openbox RUN apt-get install -yq openbox # DeaDBeeF OpenBox. # # , # , , menu.xml ADD RUN sed -i '/<.*id="root-menu".*>/a <item label="DeaDBeeF"><action name="Execute"><execute>deadbeef</execute></action></item>' \ /etc/xdg/openbox/menu.xml ADD entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh EXPOSE 22 ENTRYPOINT ["/entrypoint.sh"]
#!/bin/bash # DOCKER_USER=dockerx X2GO_GROUP=x2gouser # DOCKER_PASSWORD=$(pwgen -c -n -1 12) DOCKER_ENCRYPTED_PASSWORD=$(perl -e 'print crypt('"$DOCKER_PASSWORD"', "aa")') # , # docker logs echo User: $DOCKER_USER echo Password: $DOCKER_PASSWORD # useradd --create-home --home-dir /home/$DOCKER_USER --password $DOCKER_ENCRYPTED_PASSWORD \ --shell /bin/bash --groups $X2GO_GROUP --user-group $DOCKER_USER # ssh- exec /usr/sbin/sshd -D
$ docker build -t deadbeef:x2go .
$ docker run -d -p 2222:22 --name=dead_player deadbeef:x2go
docker logs
, as shown in example 2. To start an openbox session, in the “Session type” settings, select “Custom desktop” and enter “openbox-session” in the “Command” field.Source: https://habr.com/ru/post/240509/
All Articles