xpra icon
Bug tracker and wiki

Version 5 (modified by Antoine Martin, 4 years ago) (diff)

--

[[Image(...)]] Xpra + Docker

The information below has not been verified by xpra.org, use at your own risk.

Rationale

Xpra and docker can be used to isolate applications from unix user accounts.

Regular unix applications have full access to all the files in the user's home directory.

For example, it can be used to constrain a web browser (or a proprietary application like Skype) to the resource it really needs to run and no more. The applications segregated in this way have a very restricted view of the system they run on.

Resources

  • Docker
  • https://github.com/rogaha/docker-desktop is a working showcase for combining docker and Xpra for the desktop - using Xephyr to forward a whole desktop, which is a little odd since one of the major benefits of xpra is rootless applications (the version numbers they refer to are confusing too)
  • Subuser tries to wrap the solution to make it more easily accessible - but nothing about xpra there...

Setup

Xpra needs to connect to the xpra server running inside the docker container. Your options are:

  • using a TCP socket or running an SSH server in the container - neither are very practical
  • sharing the xpra socket directory between the host and the container. To do this you have multiple options:
    • bind mount the .xpra directory
    • use the socket-dir option at either end to point to the same location
    • you could also create symlinks to individual sockets, but this can get messy very quickly

In order to be able to use mmap acceleration, the server expects to find the mmap file in the exact same path that the client used to create it. So you must ensure that the path to the mmap file (by default found in $TMPDIR) is the same on the host and in the container. (again, bind mounting a directory solves this problem)