Using x11docker with Docker Rootless Mode

[csutakbalazs]

Starting from Docker Engine v20.10 docker allows running the daemon as a non-root user.

I successfully installed it on a fresh Arch installation following this guide, and indeed, after setting the $DOCKER_HOST variable to unix://$XDG_RUNTIME_DIR/docker.sock, containers can be created and run as a regular user with the same command and syntax as previously with the root daemon.

However, seemingly x11docker is not working with it. I tried to run this: x11docker x11docker/fvwm xterm And it refused to start, complaining for not getting PID 1.

dockerrc: 40. check for PID 1: 0
time to say goodby (main)

Switching back to the root daemon, everything works fine (with x11docker prompting for password). Is it possible to use x11docker with docker daemon not running as root? If not, is it planned to be made available in the future?

(I am almost completely new to the topic, so please forgive me if it's just me trying it the wrong way) Thanks in advance.

[mviereck]

Thank you for the ticket, I wasn't aware that docker supports rootless mode now. I did some first tests and found that rootless docker fails with --userns=host. This is set by x11docker mainly to allow shared folders. As a quick fix you can use option --user=RETAIN to suppress x11docker's container user setup. Options --home and --share won't work.

I'll look closer at this to support rootless docker well.

Currently I cannot get back from rootless to rootful mode and docker is entirely broken on my system. Even a purge and reinstall didn't fixed the issues. sigh.

[csutakbalazs]

Thanks for the quick reply (and sorry for the broken system :) ).

The fix is perfect for me now; using x11docker --user=RETAIN -- --v volume_name:/data -- IMAGE as a workaround for persistent storage without --home and --share works without any problems.

I hope support for rootless will be eventually added, I think there are numerous use cases for that. As for the system: now I am running a rootful and a rootless daemon at the same time, using sudo systemctl start docker and systemctl --user start docker; they are working fine, and do not have any conflict or whatsoever. Setting the DOCKER_HOST variable to the appropriate socket is enough for 'switching' between them. I hope it helps.

[mviereck]

For now I won't investigate further but wait some time. I'll get a better internet connection within this year that makes building and downloading images for test runs easier than now.

Quite unfortunate that rootless docker does not just allow to use the images of rootful docker but wants its own storage. That would save a lot of resources.

[mviereck]

x11docker supports rootless docker now. The setup is barely tested yet. --home and --share are not supported and will be disabled along with a message. You don't need --user=RETAIN anymore.

As for the system: now I am running a rootful and a rootless daemon at the same time, using sudo systemctl start docker and systemctl --user start docker; they are working fine, and do not have any conflict or whatsoever. Setting the DOCKER_HOST variable to the appropriate socket is enough for 'switching' between them. I hope it helps.

Now this works here as well. :-) Not sure what went wrong the first time.

[mviereck]

Currently I'd rather recommend podman than docker to run rootless. podman runs rootless, supports --home and --share, does not need a daemon or an environment variable. (x11docker option --backend=podman #255)