What's difference between running docker container through x11docker and docker-compose?

[hongyi-zhao]

Hi,

I tried with the following command to running bestwu/wechat:

$ docker pull bestwu/wechat
$ docker-compose -f docker-wechat.yml up

The content of docker-wechat.yml is as follows:

$ cat docker-wechat.yml 
version: '2'
services:
  wechat:
    image: bestwu/wechat
    container_name: wechat
    devices:
      - /dev/snd
    volumes:
      - /tmp/.X11-unix:/tmp/.X11-unix
      - $HOME/WeChatFiles:/WeChatFiles
    environment:
      - DISPLAY=unix$DISPLAY
      - QT_IM_MODULE=fcitx
      - XMODIFIERS=@im=fcitx
      - GTK_IM_MODULE=fcitx
      # getent group audio | cut -d: -f3
      - AUDIO_GID=29 # 可选 默认63（fedora） 主机audio gid 解决声音设备访问权限问题
      - GID=1000 # 可选 默认1000 主机当前用户 gid 解决挂载目录访问权限问题
      - UID=1000 # 可选 默认1000 主机当前用户 uid 解决挂载目录访问权限问题

I want to know what's the difference between this two methods for running x11 app in docker container?

Regards, HY

[mviereck]

I want to know what's the difference between this two methods for running x11 app in docker container?

Your setup is similar to x11docker --user=root --hostdisplay --alsa. Sharing host display is insecure, and running GUI applications as root is discouraged. Compare https://github.com/mviereck/x11docker/wiki/Short-setups-to-provide-X-display-to-container

x11docker allows secured X servers and unprivileged container users. Compare https://github.com/mviereck/x11docker#security

[hongyi-zhao]

But when I start the x11docker-deepin-wechat image through docker-compose with the following config file:

$ cat docker-wechat.yml 
version: '2'
services:
  wechat:
    image: x11docker-deepin-wechat
    container_name: wechat
    devices:
      - /dev/snd
    volumes:
      - /tmp/.X11-unix:/tmp/.X11-unix
      - $HOME/WeChatFiles:/WeChatFiles
    environment:
      - DISPLAY=unix$DISPLAY
      - QT_IM_MODULE=fcitx
      - XMODIFIERS=@im=fcitx
      - GTK_IM_MODULE=fcitx
      # getent group audio | cut -d: -f3
      - AUDIO_GID=29 # 可选 默认63（fedora） 主机audio gid 解决声音设备访问权限问题
      - GID=1000 # 可选 默认1000 主机当前用户 gid 解决挂载目录访问权限问题
      - UID=1000 # 可选 默认1000 主机当前用户 uid 解决挂载目录访问权限问题

The error is as follows:

$ docker-compose -f docker-wechat.yml up
WARNING: Found orphan containers (qq) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Starting wechat ... done
Attaching to wechat
wechat    | backend_syslog.go:45: <info> syslog is not available: Unix syslog delivery error
wechat    | backend_syslog.go:45: <info> syslog is not available: Unix syslog delivery error
wechat    | backend_syslog.go:45: <info> syslog is not available: Unix syslog delivery error
wechat    | backend_syslog.go:45: <info> syslog is not available: Unix syslog delivery error
wechat    | backend_syslog.go:45: <info> syslog is not available: Unix syslog delivery error
wechat    | <warning> main.go:77: cannot connect to unix:1: dial tcp: lookup unix on 127.0.0.11:53: read udp 127.0.0.1:60688->127.0.0.11:53: i/o timeout
wechat exited with code 1

Regards, HY

[mviereck]

I don't use docker-compose and have no experience with it. I cannot tell what is going wrong.

Overall you will only be able to run single applications but not the entire deepin desktop. Especially deepin needs a running systemd in container. You must specify a single command like deepin-terminal.

[hongyi-zhao]

Reported this problem here. Even so, I still don’t know how to modify docker-wechat.yml to meet the requirements you mentioned above. Do you have any ideas?

[mviereck]

As I said, I don't use docker-compose and have no experience with it. The wiki explains what is basically needed and how to run with docker run. To translate this to docker-compose, please make yourself familiar with its syntax.

Running the entire desktop including systemd might be possible with docker-compose, but I discourage it. It's a rather complicated task, and it took me a lot of time to get deepin running in x11docker.

[hongyi-zhao]

Thanks for your hard work and explanations.