Graphical container examples forget to expose things.

  • Open
  • quality assurance status badge
Details
2 participants
  • Maxime Devos
  • Simon Tournier
Owner
unassigned
Submitted by
Maxime Devos
Severity
normal
M
M
Maxime Devos wrote on 27 Jan 2023 17:50
(address . bug-guix@gnu.org)
5160c9d6-4d88-7271-5291-ee760d208781@telenet.be
Many of the graphical container examples don't work.
For example, take
guix shell --container --network --no-cwd ungoogled-chromium \
--preserve='^DISPLAY$' -- chromium
from (guix)Invoking guix shell. It fails with:
Authorization required, but no authorization protocol specified
[1:1:0127/163058.718097:ERROR:ozone_platform_x11.cc(238)] Missing X
server or $DISPLAY
[1:1:0127/163058.718126:ERROR:env.cc(255)] The platform failed to
initialize. Exiting.
To make it work, "XAUTHORITY" needs to be preserved and exposed:
guix shell --container --network --no-cwd ungoogled-chromium
--preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --expose=/tmp/.X11-unix
--expose="$XAUTHORITY" -- chromium
For another example, take "eolie" from "(guix)Invoking guix environment":
guix environment --preserve='^DISPLAY$' --container --network \
--expose=/etc/machine-id \
--expose=/etc/ssl/certs/ \
--share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/ \
--ad-hoc eolie nss-certs dbus -- eolie
it fails with
Authorization required, but no authorization protocol specified
Unable to init server: Could not connect: Connection refused
Authorization required, but no authorization protocol specified
Unable to init server: Could not connect: Connection refused
Authorization required, but no authorization protocol specified
Unable to init server: Could not connect: Connection refused
Preserving XAUTHORITY and exposing $XAUTHORITY makes it actually start,
though the created window is invisible. Exposing /sys makes the window
actually visible, albeit with
(WebKitWebProcess:2): Gtk-WARNING **: 16:40:32.008: cannot open display: :1
Unable to init server: Could not connect: Connection refused
warnings.
An additional issue, is that the examples -- even after adjustment --
stop working with network-less containers, e.g.
guix environment --preserve='^DISPLAY|XAUTHORITY$' --container
--expose=/etc/machine-id --expose=/etc/ssl/certs/
--expose="$XAUTHORITY"
--share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/
--expose=/sys --expose=/sys/bus --ad-hoc eolie nss-certs dbus -- eolie
fails with
Unable to init server: Could not connect: Connection refused
Unable to init server: Could not connect: Connection refused
Unable to init server: Could not connect: Connection refused
(org.gnome.Eolie:1): Gtk-WARNING **: 16:41:53.524: cannot open display: :1.
(I discovered this with the FHS container example in
-- it was a no-network application I tried out, so I left out the
--network.)
To fix this, I had to add --expose=/tmp/.X11-unix. It should be
documented how to make network-less containers for graphical
applications -- nowhere in the manual or FHS blog post is /tmp/.X11-unix
mentioned.
Greetings,
Maxime.
Attachment: OpenPGP_0x49E3EE22191725EE.asc
Attachment: OpenPGP_signature
S
S
Simon Tournier wrote on 27 Jan 2023 18:34
87lelnop9x.fsf@gmail.com
Hi,

On ven., 27 janv. 2023 at 17:50, Maxime Devos <maximedevos@telenet.be> wrote:
Toggle quote (2 lines)
> Many of the graphical container examples don't work.

I think it is related to #47097 [1].



Cheers,
simon
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 61101@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 61101
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch