Graphical container examples forget to expose things.

Maxime Devos wrote on 27 Jan 2023 17:50

Recipients:(address . bug-guix@gnu.org)

Message-ID:5160c9d6-4d88-7271-5291-ee760d208781@telenet.be

Many of the graphical container examples don't work.

For example, take

      guix shell --container --network --no-cwd ungoogled-chromium \
        --preserve='^DISPLAY$' -- chromium

from (guix)Invoking guix shell.  It fails with:

Authorization required, but no authorization protocol specified
[1:1:0127/163058.718097:ERROR:ozone_platform_x11.cc(238)] Missing X 
server or $DISPLAY
[1:1:0127/163058.718126:ERROR:env.cc(255)] The platform failed to 
initialize.  Exiting.

To make it work, "XAUTHORITY" needs to be preserved and exposed:

guix shell --container --network --no-cwd ungoogled-chromium 
--preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --expose=/tmp/.X11-unix 
--expose="$XAUTHORITY" -- chromium

For another example, take "eolie" from "(guix)Invoking guix environment":

      guix environment --preserve='^DISPLAY$' --container --network \
        --expose=/etc/machine-id \
        --expose=/etc/ssl/certs/ \
        --share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/ \
        --ad-hoc eolie nss-certs dbus --  eolie

it fails with

Authorization required, but no authorization protocol specified
Unable to init server: Could not connect: Connection refused
Authorization required, but no authorization protocol specified
Unable to init server: Could not connect: Connection refused
Authorization required, but no authorization protocol specified
Unable to init server: Could not connect: Connection refused

Preserving XAUTHORITY and exposing $XAUTHORITY makes it actually start, 
though the created window is invisible.  Exposing /sys makes the window 
actually visible, albeit with

(WebKitWebProcess:2): Gtk-WARNING **: 16:40:32.008: cannot open display: :1
Unable to init server: Could not connect: Connection refused

warnings.


An additional issue, is that the examples -- even after adjustment -- 
stop working with network-less containers, e.g.

guix environment --preserve='^DISPLAY|XAUTHORITY$' --container 
--expose=/etc/machine-id        --expose=/etc/ssl/certs/ 
--expose="$XAUTHORITY" 
--share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/ 
--expose=/sys --expose=/sys/bus  --ad-hoc eolie nss-certs dbus --  eolie


fails with

Unable to init server: Could not connect: Connection refused
Unable to init server: Could not connect: Connection refused
Unable to init server: Could not connect: Connection refused

(org.gnome.Eolie:1): Gtk-WARNING **: 16:41:53.524: cannot open display: :1.

(I discovered this with the FHS container example in 
https://guix.gnu.org/en/blog/2023/the-filesystem-hierarchy-standard-comes-to-guix-containers/
-- it was a no-network application I tried out, so I left out the 
--network.)

To fix this, I had to add --expose=/tmp/.X11-unix.  It should be 
documented how to make network-less containers for graphical 
applications -- nowhere in the manual or FHS blog post is /tmp/.X11-unix 
mentioned.

Greetings,
Maxime.

Attachment: OpenPGP_0x49E3EE22191725EE.asc

Attachment: OpenPGP_signature

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date