Closed MarioRomanDono closed 2 years ago
totaam
commented
2 years ago This is a "feature" of Firefox and most other browsers: they are unable to run multiple instances on multiple displays simultaneously. They locate the existing instance and start a new tab or window there.
It should work if you avoid bind mounting /tmp/.X11-unix.
mviereck
commented
2 years ago Antoine is right; firefox tries with several different attempts to detect already running firefox instances. In your setup it detects the already running firefox through the X11 protocol. I would have assumed that the untrusted cookie avoids that, but seemingly not. The solution is to provide different X servers for each firefox instance and only share their sockets, not entire .X11-unix.
firefox can be used to detect if container isolation works for several cases. For example, it would detect an already running instance as well if the ipc or network namespaces are not isolated, or if you use the same config or cache files.
Edit:
You can use firefox option --new-instance to avoid this behaviour.
--new-instance Open new instance, not a new window in running instance.
MarioRomanDono
commented
2 years ago Hey, sorry I didn't reply sooner, I've been busy and I haven't got time to try the things you suggested. Using --new-instance as @mviereck proposed works flawlessly. Thank you both so much!
mviereck
commented
2 years ago Closing for now as the question itself is answered and resolved. If you have further questions on this, feel free to ask.
Hey guys, I'm following your guide https://github.com/mviereck/x11docker/wiki/X-authentication-with-cookies-and-xhost-("No-protocol-specified"-error) to provide X display to my containers, specifically the last section (creating an untrusted cookie for each container). It works well, but when I launch Firefox in two or more different containers, all the Firefox instances are from the first container, as you can see in the title bar:
It also happens if I use
xhost +(just for testing) instead of the cookie. I don't have any problems using other programs like Wireshark, in this case every instance is opened in their respective container. The command I'm using for running the containers isdocker container run -it --env XAUTHORITY=/cookie --mount type=bind,source=/tmp/.X11-unix,target=/tmp/.X11-unix --mount type=bind,source="${Cookiefile}",target=/cookie debian"If you need more info, plese let me know. Thank you!