mviereck
commented
3 years ago Your output shows a lot of issues.
x11docker WARNING: You are running GNOME desktop in outdated version GNOME Shell 3.36.7 This might cause issues with host applications if using additional X servers. It is recommended to use another desktop environment or GNOME >= 3.38. Only otherwise discouraged option --hostdisplay might work as expected.
x11docker note: Using X server option --hostdisplay
One misbehaviour of x11docker: Due to buggy Gnome version <3.38 it enabled --hostdisplay although you specified --desktop. This is fixed now, x11docker will enable --xorg instead.
You can try to specify e.g. --xephyr, but maybe your host applications started later will appear in Xephyr, too, or just crash.
Try to run with --xorg for now.
x11docker note: Option --init=systemd: Found cgroup v2 on your system. systemd in container might fail without an error message. As a workaround you can set a kernel boot option to enforce cgroup v1: systemd.unified_cgroup_hierarchy=0 Compare ticket #349
Please regard this message. Did you set kernel boot option systemd.unified_cgroup_hierarchy=0?
velcrine
Running on ubuntu20.04 I ran the general documented command, but it failed to show up.
./x11docker --desktop --init=systemd -- x11docker/gnomeCommand output
▶ ./x11docker --desktop --init=systemd -- x11docker/gnome x11docker WARNING: User pkv is member of group docker. That allows unprivileged processes on host to gain root privileges. x11docker WARNING: You are running GNOME desktop in outdated version GNOME Shell 3.36.7 This might cause issues with host applications if using additional X servers. It is recommended to use another desktop environment or GNOME >= 3.38. Only otherwise discouraged option --hostdisplay might work as expected. x11docker note: Using X server option --hostdisplay x11docker WARNING: Clipboard isolation may fail. x11docker note: To allow protection against X security leaks, please install 'xinit' and one or more of: xpra, Xephyr, nxagent, weston+Xwayland, kwin_wayland+Xwayland or Xnest, or run a second Xorg server with option --xorg. x11docker WARNING: Option --hostdisplay provides only low container isolation! It is recommended to use another X server option like --nxagent or --xpra. To improve security with --hostdisplay x11docker uses untrusted cookies. This can lead to strange behaviour of some applications. If you encounter application errors, enable option --clipboard that disables security restrictions for --hostdisplay as a side effect. x11docker note: Can not avoid to use host window manager along with option --hostdisplay. You may get strange interferences with your host desktop. Can be interesting though, having two overlapping desktops. x11docker note: Option --init=systemd: Found cgroup v2 on your system. systemd in container might fail without an error message. As a workaround you can set a kernel boot option to enforce cgroup v1: systemd.unified_cgroup_hierarchy=0 Compare ticket https://github.com/mviereck/x11docker/issues/349 x11docker WARNING: Option --init=systemd slightly degrades container isolation. It adds some user switching capabilities x11docker would drop otherwise. However, they are still within default docker capabilities. Not within default docker capabilities it adds capability SYS_BOOT. It shares access to host cgroups in /sys/fs/cgroup. Some processes in container will run as root. Guake not running, starting it (guake:1728): dbind-WARNING **: 09:19:38.484: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-6gaZy8DWR0: Connection refused dbus-daemon[1722]: [session uid=1000 pid=1722] Activating service name='org.gtk.vfs.Daemon' requested by ':1.1' (uid=1000 pid=1728 comm="/usr/bin/python3 /usr/bin/guake -e gnome-session " label="docker-default (enforce)") dbus-daemon[1722]: [session uid=1000 pid=1722] Successfully activated service 'org.gtk.vfs.Daemon' Gtk-Message: 09:19:38.557: Failed to load module "canberra-gtk-module" Guake Terminal 3.4.0 VTE 0.54.2 Gtk 3.24.5 ** (guake:1728): WARNING **: 09:19:38.727: Binding 'F12' failed! can't bind show-focus key (guake:1728): Vte-WARNING **: 09:19:38.771: (../../src/vtegtk.cc:1964):int vte_terminal_match_add_regex(VteTerminal*, VteRegex*, guint32): runtime check failed: (_vte_regex_get_compile_flags(regex) & PCRE2_MULTILINE) (guake:1728): Vte-WARNING **: 09:19:38.771: (../../src/vtegtk.cc:1964):int vte_terminal_match_add_regex(VteTerminal*, VteRegex*, guint32): runtime check failed: (_vte_regex_get_compile_flags(regex) & PCRE2_MULTILINE) (guake:1728): Vte-WARNING **: 09:19:38.771: (../../src/vtegtk.cc:1964):int vte_terminal_match_add_regex(VteTerminal*, VteRegex*, guint32): runtime check failed: (_vte_regex_get_compile_flags(regex) & PCRE2_MULTILINE) (guake:1728): Vte-WARNING **: 09:19:38.772: (../../src/vtegtk.cc:1964):int vte_terminal_match_add_regex(VteTerminal*, VteRegex*, guint32): runtime check failed: (_vte_regex_get_compile_flags(regex) & PCRE2_MULTILINE) (guake:1728): Vte-WARNING **: 09:19:38.772: (../../src/vtegtk.cc:1964):int vte_terminal_match_add_regex(VteTerminal*, VteRegex*, guint32): runtime check failed: (_vte_regex_get_compile_flags(regex) & PCRE2_MULTILINE) (guake:1728): Vte-WARNING **: 09:19:38.772: (../../src/vtegtk.cc:1964):int vte_terminal_match_add_regex(VteTerminal*, VteRegex*, guint32): runtime check failed: (_vte_regex_get_compile_flags(regex) & PCRE2_MULTILINE) Guake initialized