I configure all my development containers to mount my host's Wayland socket. It mostly Just Works, and obviates the need to do any shell shuffling if I need to run something with a graphical component.
It's also occasionally convenient if I need to run a GUI app written in (say) Java that requires a zillion megabytes of JVM dependencies - just spin up an ephemeral container that makes everything disappear on CTRL-D.
> The source of the GUI application is untrusted, or its safety is uncertain.
Afaik Docker doesn't promise security
This is a case where the original X11 client server model would make perfect sense.
The linuxserver.io packaged a couple popular GUI apps in container, e.g. Calibre.
The container packages a VNC server, and you can access the container using a webVNC.
This seems like a great solution for non-GPU-intensive GUI apps.
Is this solution different from just executing this:
docker run -it --rm -e DISPLAY --net=host -v $XAUTHORITY:/root/.Xauthority -v /tmp/.X11-unix:/tmp/.X11-unix debian:12-slim
apt update
apt install firefox-esr
firefox
I've run an X app from Docker, a Linux container on a macOS host. I was able to move the incantations to a Makefile: https://github.com/ryanfb/docker_scantailor
Curious that there's no comparison to https://github.com/mviereck/x11docker , which I would describe as the incumbent in this space.
I wonder what are the limitations of this.
- can it run games?
- can it use desktop environments or window managers like KDE or Hyprland?
- how much does it affect performance?
edit: fixed lines
Using x11 :) the concept is nice, and could help isolate much more elegant than qubes for example.
But the protocol sucks I’ve heard
This only works on Linux systems. No Mac, fwiw.
I don't want to be negative but Flatpak is a container runtime specifically designed for GUI apps and Docker isn't.