search

mviereck / x11docker

Run GUI applications and desktops in docker and podman containers. Focus on security.
MIT License
5.62k stars 378 forks source link

Is there an option to create a container without immediately running it? #350

Closed j-piecuch closed 3 years ago

j-piecuch commented 3 years ago

First of all, thanks for this awesome piece of software! I'd like to attach the container to multiple networks, which AFAIK is only possible using the docker network connect command. I can't specify multiple networks on the command line. I want the networks to be attached before the container starts running. Normally, I would use docker create, attach the networks, and then docker start. Is it possible to achieve something like this with x11docker? If not, how challenging would it be to add such a feature? Thanks!

mviereck commented 3 years ago

I want the networks to be attached before the container starts running.

Is this a hard requirement? Is it possible in general to attach networks to an already running container?

Is it possible to achieve something like this with x11docker?

I wonder if a workaround could be possible. For example, x11docker has options --runasroot CMD and --runasuser CMD.
The provided command CMD is executed before the final container command is executed. Could that help? Maybe you could execute a command/a script that waits for some sort of signal or for a special network to be accessible.

If not, how challenging would it be to add such a feature?

It would break the current workflow, so I am not really excited of the idea. However, if my proposed workaround does not help, I'll have a closer look at this.

velcrine commented 3 years ago

I think, passing the runasroot to be ' bash -c "read" ' will just make the container to stay there as long as you press anything. @j-piecuch what exclusively u want other than this.

j-piecuch commented 3 years ago

@velcrine that's not a bad idea, but I was looking for something non-interactive, that could be run as part of a systemd service. I think --runasroot can be used to solve this, e.g. using a pipe or temporary file for communication. Anyway, I realized I don't actually need the container to be in 2 networks, so I haven't tried out any of these workarounds. @mviereck, feel free to close this issue, unless you feel like the question hasn't been properly answered (because no one actually tested any solutions).

mviereck commented 3 years ago

@velcrine @j-piecuch Thank you! I think we can close for now.