作者:LookUp77 | 来源:互联网 | 2023-05-18 16:49
IamcurrentlytryingtorunsomeGUIappsindockercontainers.Ihavebeentryingtheonesbyjess
I am currently trying to run some GUI apps in docker containers. I have been trying the ones by jessie frazelle at github. However I can build the images (or get from docker hub) and run them without any visible errors but, the windows don't display (i cant see the app).
我目前正在尝试在docker容器中运行一些GUI应用程序。我一直在github尝试jessie frazelle的那些。但是,我可以构建图像(或从docker hub获取)并运行它们没有任何可见的错误但是,窗口不显示(我无法看到应用程序)。
I am running Docker version 1.13.1 on Ubuntu 16.04
我在Ubuntu 16.04上运行Docker版本1.13.1
The image is created from:
图像来自:
FROM debian:stretch
MAINTAINER Jessie Frazelle
RUN apt-get update && apt-get install -y \
libreoffice \
--no-install-recommends \
&& rm -rf /var/lib/apt/lists/*
ENTRYPOINT [ "libreoffice" ]
the run command i am using is below:
我正在使用的运行命令如下:
docker run -d \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-v /etc/localtime:/etc/localtime \
-e DISPLAY=unix$DISPLAY
-v $HOME/Documents:/root/Documents \
-e GDK_SCALE \
-e GDK_DPI_SCALE \
--name libreoffice \
jess/libreoffice
After searching many sources, I can see that the above should work, andmost people are saying that the following lines are required in the run command,
在搜索了很多来源后,我可以看到上面的内容应该可行,并且大多数人都说在运行命令中需要以下几行,
-v /tmp/.X11-unix:/tmp/.X11-unix
-e DISPLAY=unix$DISPLAY
but still I cant get the window to display.
但我仍然无法让窗口显示出来。
- How can I get this to work?
我怎样才能让它发挥作用?
- What am I fundamentally missing?
我从根本上缺少什么?
Any help would be appreciated.
任何帮助,将不胜感激。
1 个解决方案
1
To be able to communicate with the X server, the user you run the app has to be allowed to communicate with the X server. So I think you have two options:
为了能够与X服务器通信,必须允许运行应用程序的用户与X服务器通信。所以我认为你有两个选择:
1) Allow the user you have in the container to connect to the X server. If your app is run with user root
inside the container, you can use:
1)允许容器中的用户连接到X服务器。如果您的应用程序在容器内使用root用户运行,则可以使用:
$ xhost +SI:localuser:root
(I don't know the security implications of this, but root should be able to connect either way...)
(我不知道这个的安全含义,但root应该能够以任何一种方式连接......)
2) Add an user in the container that matches your user session. If the user you are using in the host system has UID = 1000, you can create a dummy user inside the container:
2)在容器中添加与用户会话匹配的用户。如果您在主机系统中使用的用户具有UID = 1000,则可以在容器内创建虚拟用户:
$ useradd -u 1000 my_user
And then use that user to run your app inside the container. This don't requires any change in the accpeted hosts (as user 1000 is already capable of connection).
然后使用该用户在容器内运行您的应用程序。这不需要对受到攻击的主机进行任何更改(因为用户1000已经能够连接)。
Looking at the two options, the second seems better, because it does not require any change in the host system, and if you need to use this container in other systems that the main user could not match UID=1000, you can make the container receive the correct uid from an env var, and then setup the correct user (useradd + chown program files).
看看这两个选项,第二个似乎更好,因为它不需要在主机系统中进行任何更改,并且如果您需要在主用户无法匹配UID = 1000的其他系统中使用此容器,则可以创建容器从env var接收正确的uid,然后设置正确的用户(useradd + chown程序文件)。