search

infrastlabs / docker-headless

Remote Desktop with Docker: XRDP/NOVNC/PulseAudio. (Xfce, Mate, Cinnamon, Gnome, Plasma) MultiScreen Support!
https://gitee.com/infrastlabs/docker-headless
Apache License 2.0
55 stars 18 forks source link

Is this really necessary? `-v /sys/fs/cgroup:/sys/fs/cgroup:rw` #12

Closed adrianog closed 11 months ago

adrianog commented 11 months ago

Is this really necessary? What are the possible implications on the host?

See https://github.com/moby/moby/issues/42040 and long discussion linked from there: https://github.com/moby/moby/issues/42275

huapox commented 11 months ago

Thx for ref,

In this repo's images, it's only needed for gnome which must run with systemd with the default ENV START_SYSTEMD=true

# Plasma/Mint with START_SYSTEMD=false (run with supervisor)
docker run -it --rm --net=host --shm-size 1g \
  -e L=en_US -e VNC_OFFSET=99 -e START_SYSTEMD=false infrastlabs/docker-headless:cmate

# Gnome with systemd, cgroup_v2: --cgroupns=host (docker 20.10+)
docker run -it --rm --net=host --shm-size 1g -e VNC_OFFSET=99 \
  --tmpfs /run --tmpfs /run/lock --tmpfs /tmp -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
  --cap-add SYS_BOOT --cap-add SYS_ADMIN infrastlabs/docker-headless:gnome