Start a DE as a container from login manager?

[alxlg]

I would like to know if it would be possible to start a DE (in particular one with a Wayland compositor) from the graphical login manager and use it as primary DE without starting the one provided by the host.

Login managers look for .desktop files in /usr/share/{x;wayland-}sessions where the command to start the DE is specified. Would it be possible to use a x11docker command to start for example Sway so the user can choose "Sway" entry from session menu in the login manager and just use it with no other DE/WM/Wayland compositor provided by the host?

[mviereck]

Yes, that is possible. I recently published a wiki entry on this topic: https://github.com/mviereck/x11docker/wiki/Display-manager-entry-for-x11docker

However, you still need Xorg or a Wayland compositor that will run on host. x11docker does not provide a setup where X or Wayland run in a container only without a "partner" on host that does the basic hardware access to monitor, GPU, keyboard, mouse etc.

For example, you can run Wayland compositor Sway provided in image x11docker/sway. But it will run nested in an X server or Wayland compositor from host. E.g. x11docker --gpu --xorg -- x11docker/sway will run Xorg on host and Sway in container. Sway will run nested in the Xorg session.

[alxlg]

@mviereck

Thank you for your reply, I think in future Linux desktop distro should somehow ship DEs in containers. The idea is described here: https://discussion.fedoraproject.org/t/is-it-possible-to-ship-a-de-with-containers/

Do you see any major downside of this approach? Also, did you think about using Podman instead of Docker to manage containers since it doesn't require to run as root nor a daemon running?

[mviereck]

Do you see any major downside of this approach?

It depends. The question is: What is the desire? Is there any advantage? x11docker already allows to run DEs like Xfce or LXDE in a container.

This works well with Xorg on host and an X DE in container. This way it is possible to have a small host system without mixing it with the bunch of DE dependencies. A useful example is x11docker/lxde-wine that contains all wine dependencies including multiarch packages that would otherwise flood my host system.

You can have an Xfce container and an LXDE container. You can share the same host home folder to have all personal files available. You can avoid to mix the DE specific applications. One DE provides pcmanfm, the other one thunar. You would not have two file managers side by side.

Wayland mixes the server/compositor and the DE. It is not possible to run a Wayland compositor in a container without giving it either quite privileged host access or running it nested in another X or Wayland compositor. E.g. you cannot split Sway into compositor and i3.

Also, did you think about using Podman instead of Docker to manage containers since it doesn't require to run as root nor a daemon running?

I'd like to test podman. Hopefully there will be a debian package soon: https://github.com/containers/libpod/issues/1742

[alxlg]

@mviereck

The point is being able as a normal user (without root permissions) to install a DE (download an image) and run it from the login manager (start the container from that image).

This would let us have a minimal (and maybe immutable) OS to run the software of choice of each user, including the DE.

The idea is mounting in each DE-container the folders with user's apps like Flatpak and AppImage ones so only those apps will be in common between the DE. This should fix annoying things like GNOME's Tracker from running in Plasma session for example, no?

The user's documents could be in a folder that is mounted in each container (not the whole /home/user folder to keep config separated, so one could run different version of the same DE without mixing the configurations).

In the end the login manager would present different sessions for each user, looking for sessions in a user's folder too and not only in system's /usr/share/xsessions and /usr/share/wayland-sessions.

I hope now it's more clear what I mean: if a user with no root permissions don't want to stay with default DE he should be able to install another one and have it has an entry in login manager's session menu. With containers it should be possible to do this without affecting the security of the system and the other users.

[mviereck]

The point is being able as a normal user (without root permissions) to install a DE (download an image) and run it from the login manager (start the container from that image).

I've just read your thread on fedora. You have a hard time to explain your point. :-)

Docker needs root permissions or membership in root-equivalent group docker. If podman really works well without this, it would be great.

A login manager could be forked to allow custom user sessions, maybe a simple one like https://github.com/evertiro/cdm. Meanwhile a workaround could be a softlink from a .desktop file in ~/usr/share/wayland-sessions to the user's home directory that can be edited by the user.

Let's say the root permissions issue would be solved with podman, and there is also a solution for a user-defined display manager entry.

Some possible issues that come to mind:

• This works well with X DEs in general, because Xorg can run on host to control the hardware, and the DE runs in the container.
  • Wayland DE's can only run nested. Privileged host hardware access would miss the point of containerization.
  • Some X DE's, notable Gnome, interact very much with the system and do not work well in containers (Gnome segfaults regardless what I try). Less invasive DE's like Xfce and LXDE run smoothly. KDE is possible.
  • Services like auto-mounting and popping up an inserted CD fail.
• x11docker expects applications to be installed in the image. It does not support persistent installations but drops the container afterwards. x11docker always creates a new container from the base image.
  • This might be somehow possible with flatpack storing apps in user's home. I never tested flatpack, and I admit, I don't like it and don't trust in it.
  • It is possible to run applications from host in the same X environment as the containerized desktop. However, some interactions host vs. container applications can be strange. Compare: https://github.com/mviereck/dockerfile-x11docker-xwayland#host-applications-on-containered-x-server

The user's documents could be in a folder that is mounted in each container (not the whole /home/user folder to keep config separated, so one could run different version of the same DE without mixing the configurations).

Some configuration might be desired in each DE. Bookmarks of browsers come to mind, or emails.

Edit: I think it is possible to find solutions for each issue. Maybe a shared host DBus already solves some issues. It could be allowed to add installation instructions to Dockerfiles to customize the images (instead of using a regular package manager). A flatpack folder on host could be shared across all DE containers. The host could automount in /media and /media ist shared with the DE. And so on. However, is it worth the effort? How often does one change his preferred DE?

[alxlg]

@mviereck

Thank you very much for all the informations, this is exactly what I was looking for!

However, is it worth the effort? How often does one change his preferred DE?

There are different use cases:

• We are used to think Linux on desktop as a single user experience despite we can technically have "multiple users". And that single user is generally supposed to be also the system administrator with root permissions. Instead I want to make all the users in control of the software they use. This is already possible for applications using Flatpak and AppImage, but not for the DE. An user X may want a certain DE and user Y another. Currently X and Y both have to ask to the system admin to install both the DE of their choice.
• With multiple DE installed each session would be independent from other installed DE. For example now we have services of one DE running in the others' sessions while not needed, with duplicated functionalities.
• I also want to try to split certain services like Baloo (KDE's file indexing service) into their own container and keep it run in all the sessions I use because I find them convenient to run in every session.
• Since KDE Neon already provides three different versions of Plasma as Docker images (user edition, development stable and development unstable) I'm used to run them in their own window. I would really like to logout from my native session and login into a Docker session with another version of Plasma.
• Probably this could be useful also to test graphical apps/addons in the same DE but shipped by another distro, though these days all the distro are very similar.

Meanwhile a workaround could be a softlink from a .desktop file in ~/usr/share/wayland-sessions to the user's home directory that can be edited by the user.

Yeah I thought the same for testing purpose while there is only one user. The final intent is having the login manager to display different session entries for each user :)

[mviereck]

Glad I could help. :-)

If you develop on this setup and have further questions or stumble over issues, feel free to ask further questions. I've already set up some desktop images, they might be useful for you: https://github.com/mviereck/x11docker#examples

Closing for now due to inactivity.

[alxlg]

@mviereck thank you very much!

[mviereck]

I want to tell that finally Gnome 3 runs in a container: x11docker/gnome.

It still has some issues. Many extensions do not work properly.