search

mviereck / x11docker

Run GUI applications and desktops in docker and podman containers. Focus on security.
MIT License
5.62k stars 378 forks source link

Leftover mount folder if using --home and --share options in combination. #303

Closed hongyi-zhao closed 2 years ago

hongyi-zhao commented 3 years ago

I try to start the docker image created here with the command shown below:

$ x11docker --home --share ~/x11docker-share --sudouser -c --desktop --init=systemd -- --cap-add=ALL --security-opt seccomp=unconfined -- x11docker/deepin-wechat startdde

After the container was created, I find the following phenomenon: there are two folders named as x11docker-share, one is created by me located at ~/x11docker-share, the other one is automatically created by x11docker located at ~/x11docker/x11docker-deepin-wechat/x11docker-share. See following for the detail info: 

werner@X10DAi:~$ ls x11docker-share/ -la
total 8
drwxrwxr-x  2 werner werner 4096 Nov 13 22:43 .
drwxr-xr-x 52 werner werner 4096 Nov 13 22:33 ..
-rw-r--r--  1 werner werner    0 Nov 13 22:43 123
werner@X10DAi:~$ ls x11docker/x11docker-deepin-wechat/x11docker-share/ -la
total 8
drwxr-xr-x  2 root   root   4096 Nov 13 22:40 .
drwxrwxr-x 14 werner werner 4096 Nov 13 22:43 ..

When I create a file, from the deepin-terminal within the container, in the above mentioned folder, i.e., ~/x11docker-share, the file won't appear in the ~/x11docker/x11docker-deepin-wechat/x11docker-share. Hence, I still can't figure out why x11docker will automatically create this folder.

Any hints will be highly appreciated.

Regards, HY

mviereck commented 3 years ago

Thank you for pointing this out! I can reproduce this with a small difference. In my case the folder is owned by root, but with the group of the user. In your case the folder shows root:root.

$ ls -la ~/x11docker/wechat/x11docker-share
insgesamt 8
drwxr-sr-x  2 root     lauscher 4096 Nov 13 19:57 .
drwxr-sr-x 14 lauscher lauscher 4096 Nov 13 20:02 ..

Looking at the same folder in container, the folder is owned by the user, not by root.

It seems docker somehow generates this folder on host. With option --home x11docker mounts ~/x11docker/wechat as ~/ in container. With option --share ~/x11docker-share x11docker mounts this as ~/x11docker-share in container. So there are two mounts that both target ~/ in container.

I don't know why docker creates ~/x11docker/wechat/x11docker-share in this case. The folder persists even after terminating the container. I did not observe this behaviour before. Maybe something has changed in docker itself.

I've opened a ticket here: https://github.com/moby/moby/issues/41670

mviereck commented 3 years ago

The Docker team seems to be not interested in fixing the bug. No one of the team responded in https://github.com/moby/moby/issues/41670.

mviereck commented 2 years ago

Now x11docker uses --mount instead of --volume, but the issue persists.

hongyi-zhao commented 2 years ago

But I don't see either of these two options in the latest git master version of x11docker :

werner@X10DAi-00:~$ x11docker --help |egrep -- '--(mount|volume)'
werner@X10DAi-00:~$ x11docker --version
7.0.1
mviereck commented 2 years ago

Those are docker run options that x11docker uses internally for --home and --share when starting docker.

mviereck commented 2 years ago

Likely this will never be fixed. Just closing.