search

containers / toolbox

Tool for interactive command line environments on Linux
https://containertoolbx.org/
Apache License 2.0
2.38k stars 208 forks source link

Xwayland broken in toolbox containers #1480

Closed samcday closed 2 months ago

samcday commented 2 months ago

I'm trying to run a pretty niche thing here: the headless screenshot tests for Phosh, which run wlroots in headless mode under Xwayland (via xvfb-run).

The error I get is:

(phoc:52401): phoc-wlroots-CRITICAL **: 21:36:47.917: [xwayland/sockets.c:99] /tmp/.X11-unix not owned by root or us

And the tests fail to run.

This seems to be the same issue folks are encountering over here: https://gitlab.freedesktop.org/wlroots/wlroots/-/issues/3805 ... In that particular case, someone is running Lutris with firejail + gamescope compositor.

So what I see in my container is this:

$ ls -al /tmp/.X11-unix/
total 0
drwxrwxrwt.  2 nobody nobody  180 Apr 16 21:36 .
drwxrwxrwt. 37 nobody nobody 1100 Apr 16 21:37 ..
srwxr-xr-x.  1 sam    sam       0 Apr 16 21:04 X0
srwxr-xr-x.  1 sam    sam       0 Apr 16 21:04 X1
srwxr-xr-x.  1 nobody nobody    0 Apr 16 21:04 X1024
srwxr-xr-x.  1 nobody nobody    0 Apr 16 21:04 X1025
srwxr-xr-x.  1 sam    sam       0 Apr 16 21:01 X2
srwxr-xr-x.  1 sam    sam       0 Apr 16 20:59 X3
srwxr-xr-x.  1 sam    sam       0 Apr 16 21:08 X4

The maintainer of wlroots seems quite convinced that this is invalid and that the directory must be owned by root, even though folks point out that this doesn't happen with stuff like unshare and other creative usages of user namespace (like toolbox!).

If you follow that thread a little you find some discussion in gamescope, and this comment from @telychko seems interesting: https://github.com/ValveSoftware/gamescope/issues/1133#issuecomment-2057923547

My guess, it is a wrong setup of a container which gamescope is running from. Commonly, X11 socket is not forwarded correctly.

E.g. if you are using bubblewrap for containerization, right configuration will be

bwrap --dev-bind / / \ --tmpfs /tmp/.X11-unix --ro-bind /tmp/.X11-unix/X0 /tmp/.X11-unix/X0 \ --cap-add CAP_SYS_NICE --cap-add CAP_SETPCAP --cap-add CAP_DAC_OVERRIDE --cap-add CAP_SYS_ADMIN \ -- gamescope

Take a closer look onto this parameters: --tmpfs /tmp/.X11-unix --ro-bind /tmp/.X11-unix/X0 /tmp/.X11-unix/X0

I am using an up to date Fedora Silverblue 39 with toolbox version 0.0.99.5.

samcday commented 2 months ago

I think I'm actually running into a different issue and the stuff I noted here was a false positive. Closing now ok byeeeee <3