`X11docker` will defeat the image copy and paste from shutter/ksnip onto GitHub. [--clipboard]

[hongyi-zhao]

On Ubuntu 20.04.3 LTS, I'm using the git master version of x11docker to run Deepin wine docker image with the command described here:

# x11docker version:
$ git log -1
commit 6f2bd38b71f5ba6e928c6381b529e6ff7bbcec0b (HEAD -> master, origin/master, origin/HEAD)
Author: mviereck <bachbaum24@gmx.de>
Date:   Sat Apr 2 11:23:14 2022 +0200

    --clipboard: do not echo script

$ x11docker --runasroot 'sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers
        |#$ sudo grep -Ev '\''^[ ]*(#|$)'\'' /etc/sudoers  
        |Defaultsenv_reset
        |Defaultsmail_badpass
        |Defaultssecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
        |rootlesskitALL=(ALL:ALL) ALL
        |%admin ALL=(ALL) ALL
        |%sudoALL=(ALL:ALL) ALL
        |$USER ALL=(ALL) NOPASSWD:ALL
EOF' --xephyr --network=bridge --pulseaudio --xoverip --home --share=$HOME --sudouser -c --desktop --init=systemd -- --device /dev/mem:/dev/mem --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- hongyizhao/deepin-wine:apricot

See the screenshot below:

At the same time, I use shutter and ksnip as my screenshot tools. Today, I find a strange thing: After I start the docker image with x11docker as mentioned above, the screenshot captured by shutter and ksnip will not be able to copy and paste directly from inside them onto GitHub. If I close x11docker, this problem disappears.

Any hints for fixing this problem?

Regards, HZ

[mviereck]

There is an issue with the -c, --clipboard option. The clipboard script cannot handle picture clips. Please try without -c, or use --nxagent instead of --xephyr because nxagent has its own clipboard management.

[hongyi-zhao]

Please try without -c, or use --nxagent instead of --xephyr because nxagent has its own clipboard management.

Thank you for your comment. I tried the following two methods, both of which worked:

--xephyr (without -c)

and

--nxagent (without -c)

However, this disables the ability to copy and paste text content between the host and the docker container, which is a feature I also want.

I also tried to compile and use the git master xpra according to the guidance here:

$ sudo apt-get install libx11-dev libxtst-dev libxcomposite-dev libxdamage-dev libxres-dev libxkbfile-dev python-all-dev
$ sudo apt-get install libgtk-3-dev python3-dev python3-cairo-dev python-gi-dev cython3
$ sudo apt-get install xauth x11-xkb-utils 
$ sudo apt-get install xvfb python3-cairo python3-gi-cairo python3-opengl python3-lz4 python3-rencode python3-pil
$ sudo apt-get install devscripts build-essential lintian debhelper pandoc

$ git clone https://github.com/Xpra-org/xpra.git xpra.git
$ cd xpra.git
$ ln -sf ./packaging/debian/xpra ./debian
$ debuild -us -uc -b -d
$ sudo gdebi xpra_4.4-1_amd64.deb
$ xpra --version
xpra v4.4-r31122 (g2f1c3abe7)

Then I use the following option of x11docker:

-c --xpra

But the Deepin desktop doesn't appear at all, and I only see the following log on stdout:

x11docker WARNING: User werner is member of group docker.
  That allows unprivileged processes on host to gain root privileges.

x11docker WARNING: You are running GNOME desktop in outdated version
  GNOME Shell 3.36.9
  This might cause issues with host applications if using additional X servers.
  It is recommended to use another desktop environment or GNOME >= 3.38.
  Only --xorg or discouraged option --hostdisplay might work as expected.

x11docker note: Option --xpra: If you encounter issues with xpra,
  you can try --nxagent instead.
  Rather use xpra from www.xpra.org than from distribution repositories.

x11docker WARNING: Option --network: Container has access to
  local network and internet.

x11docker WARNING: Found custom CUSTOM_RUN_OPTIONS.
  x11docker will add them to 'docker run' command without
  a serious check for validity or security. Found options:
   '--device' '/dev/mem:/dev/mem' '--cap-add=IPC_LOCK' '--cap-add=NET_RAW' '--cap-add=NET_BIND_SERVICE'

x11docker WARNING: Option --pulseaudio allows container applications
  to catch your audio output and microphone input.

x11docker WARNING: Option --init=systemd slightly degrades container isolation.
  It adds some user switching capabilities x11docker would drop otherwise.
  However, they are still within default docker capabilities.
  Not within default docker capabilities it adds capability SYS_BOOT.
  Some processes in container will run as root.

x11docker WARNING: Option --init=systemd: Sharing /sys/fs/cgroup from host.

x11docker WARNING: Option --sudouser severely reduces container security.
  Container gains additional capabilities to allow sudo and su.
  If an application breaks out of container, it can harm your system
  in many ways without you noticing. Default password: x11docker

x11docker note: Option --sudouser: Enabling option --newprivileges=yes.
  You can avoid this with --newprivileges=no

x11docker WARNING: Option --newprivileges=yes: x11docker does not set
  docker run option --security-opt=no-new-privileges.
  That degrades container security.
  However, this is still within a default docker setup.

error: list of process IDs must follow -p

Usage:
 ps [options]

 Try 'ps --help <simple|list|output|threads|misc|all>'
  or 'ps --help <s|l|o|t|m|a>'
 for additional help text.

For more details see ps(1).
x11docker note: Option --xpra: xpra terminated unexpectedly.
  Last lines of xpra server log: 
2022-04-03 16:12:38,874 client   1 @01.014 Xpra X11 desktop server version 4.4-r31122 64-bit
2022-04-03 16:12:38,874 client   1 @01.015  running on Linux Ubuntu 20.04 focal
2022-04-03 16:12:38,875 client   1 @01.015  remote desktop size is 1824x984 with 1 screen:
2022-04-03 16:12:38,875 client   1 @01.015   :113.0 (483x260 mm - DPI: 96x96)
2022-04-03 16:12:38,898 client   1 @01.024 Attached to xpra server at socket:///home/werner/.cache/x11docker/73547826459-deepin-wine-apricot/share/X10DAi-00-113
2022-04-03 16:12:38,898 client   1 @01.024  (press Control-C to detach)
2022-04-03 16:12:38,899 client   1 @01.038 running, 1 window
2022-04-03 16:12:39,222 temporarily switching to 1824x972 as a Xinerama workaround
2022-04-03 16:12:39,229 server virtual display now set to 1824x984 (best match for 1848x1016)
2022-04-03 16:12:39,290 DPI set to 96 x 96
---------------------------------
  Last lines of xpra client log: 
2022-04-03 16:12:38,872 enabled fast mmap transfers using 512MB shared memory area
2022-04-03 16:12:38,872 enabled remote logging
2022-04-03 16:12:38,872 Xpra X11 desktop server version 4.4-r31122 64-bit
2022-04-03 16:12:38,873  running on Linux Ubuntu 20.04 focal
2022-04-03 16:12:38,873  remote desktop size is 1824x984 with 1 screen:
2022-04-03 16:12:38,873   :113.0 (483x260 mm - DPI: 96x96)
2022-04-03 16:12:38,882 Attached to xpra server at socket:///home/werner/.cache/x11docker/73547826459-deepin-wine-apricot/share/X10DAi-00-113
2022-04-03 16:12:38,882  (press Control-C to detach)

2022-04-03 16:12:38,896 running, 1 window

Regards, HZ

[mviereck]

However, this disables the ability to copy and paste text content between the host and the docker container, which is a feature I also want.

With --nxagent and --xpra you can use -c. Both have their own clipboard management. With --xephyr x11docker uses a custom script.

Then I use the following option of x11docker:

-c --xpra

But the Deepin desktop doesn't appear at all, and I only see the following log on stdout:

I could reproduce here. I'll look at this. Edit: --xpra fails along with --xoverip. Without this it works.

[hongyi-zhao]

With --nxagent and --xpra you can use -c. Both have their own clipboard management.

I tried -c --nxagent, but it still will defeat the image copy and paste from shutter/ksnip onto GitHub.

With --xephyr x11docker uses a custom script.

What's the script and how to use it?

[mviereck]

I tried -c --nxagent, but it still will defeat the image copy and paste from shutter/ksnip onto GitHub.

Do you have another x11docker instance running with --xephyr --clipboard? That might disturb the clipboard.

Edit: --xpra fails along with --xoverip. Without this it works.

Is fixed now.

What's the script and how to use it?

x11docker generates it internally. Depending on the display numbers etc. it looks like this:

#! /usr/bin/env bash
# share clipboard between X servers :0 and 192.168.10.100:112

mysleep () 
{ 
    sleep "${1:-1}" 2> /dev/null || sleep 1
}
rocknroll () 
{ 
    [ -s "$Timetosaygoodbyefile" ] && return 1;
    [ -e "$Timetosaygoodbyefile" ] || return 1;
    return 0
}
Timetosaygoodbyefile='/home/werner/.cache/x11docker/87037275931-deepin-wine-apricot/share/timetosaygoodbye'

while rocknroll ; do
  # read content of clipboard of first X server :0
  X1clip="$(env DISPLAY=:0 XAUTHORITY=/home/werner/.cache/x11docker/87037275931-deepin-wine-apricot/Xauthority.host.0 xclip -selection clipboard -out)"

  # check if clipboard of first X server has changed; if yes, send new content to second X server
  [ "$Shareclip" != "$X1clip" ] && {
    Shareclip="$X1clip"
    env DISPLAY=192.168.10.100:112 XAUTHORITY=/home/werner/.cache/x11docker/87037275931-deepin-wine-apricot/share/Xauthority.client xclip -selection clipboard -in <<<  "$Shareclip"
#    echo "$Shareclip" | env DISPLAY=192.168.10.100:112 XAUTHORITY=/home/werner/.cache/x11docker/87037275931-deepin-wine-apricot/share/Xauthority.client xclip -selection clipboard -in
  }
  Shareclip="${Shareclip:-' '}"     # avoid empty string error
  mysleep 0.3                       # sleep a bit to avoid high cpu usage

  # read content of clipboard of second X server 192.168.10.100:112
  X2clip="$(env DISPLAY=192.168.10.100:112 XAUTHORITY=/home/werner/.cache/x11docker/87037275931-deepin-wine-apricot/share/Xauthority.client xclip -selection clipboard -out)"

  # check if clipboard of second X server has changed; if yes, send new content to first X server
  [ "$Shareclip" != "$X2clip" ] && {
    Shareclip="$X2clip"
    env DISPLAY=:0 XAUTHORITY=/home/werner/.cache/x11docker/87037275931-deepin-wine-apricot/Xauthority.host.0 xclip -selection clipboard -in <<<  "$Shareclip"
#    echo "$Shareclip" | env DISPLAY=:0 XAUTHORITY=/home/werner/.cache/x11docker/87037275931-deepin-wine-apricot/Xauthority.host.0 xclip -selection clipboard -in
  }
  Shareclip="${Shareclip:-' '}"     # avoid empty string error
  mysleep 0.3                       # sleep a bit to avoid high cpu usage
done

---

Edit: --xoverip should not be used in general for security reasons. It serves only for few edge cases where unix sockets cannot be used.

[hongyi-zhao]

I tried -c --nxagent, but it still will defeat the image copy and paste from shutter/ksnip onto GitHub.

Do you have another x11docker instance running with --xephyr --clipboard? That might disturb the clipboard.

See the following running processes when I'm using -c --nxagent:

werner@X10DAi-00:~$ pgrep -af 'x11docker'
945029 xargs -I{} -r x11docker --runasroot sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers         |#$ sudo grep -Ev '^[ ]*(#|$)' /etc/sudoers           |Defaultsenv_reset         |Defaults   mail_badpass         |Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"         |root  ALL=(ALL:ALL) ALL         |%admin ALL=(ALL) ALL         |%sudo  ALL=(ALL:ALL) ALL         |$USER ALL=(ALL) NOPASSWD:ALL     EOF -c --nxagent --network=bridge --pulseaudio --xoverip --home --share=/home/werner --sudouser --desktop --init=systemd -- --device /dev/mem:/dev/mem --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- {}
945122 bash /home/werner/Public/repo/github.com/mviereck/x11docker.git/x11docker --runasroot sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers         |#$ sudo grep -Ev '^[ ]*(#|$)' /etc/sudoers           |Defaults    env_reset         |Defaults mail_badpass         |Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"         |root  ALL=(ALL:ALL) ALL         |%admin ALL=(ALL) ALL         |%sudo  ALL=(ALL:ALL) ALL         |$USER ALL=(ALL) NOPASSWD:ALL     EOF -c --nxagent --network=bridge --pulseaudio --xoverip --home --share=/home/werner --sudouser --desktop --init=systemd -- --device /dev/mem:/dev/mem --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- hongyizhao/deepin-wine:apricot
947991 bash /home/werner/Public/repo/github.com/mviereck/x11docker.git/x11docker --runasroot sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers         |#$ sudo grep -Ev '^[ ]*(#|$)' /etc/sudoers           |Defaults    env_reset         |Defaults mail_badpass         |Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"         |root  ALL=(ALL:ALL) ALL         |%admin ALL=(ALL) ALL         |%sudo  ALL=(ALL:ALL) ALL         |$USER ALL=(ALL) NOPASSWD:ALL     EOF -c --nxagent --network=bridge --pulseaudio --xoverip --home --share=/home/werner --sudouser --desktop --init=systemd -- --device /dev/mem:/dev/mem --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- hongyizhao/deepin-wine:apricot
947995 tail --pid=945122 --retry -n +1 -F /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/stderr /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/stdout /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/compositor.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/container.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/systemd.journal.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/message.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/xinit.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/xpra.client.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/xpra.server.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/stderr /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/stdout /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/compositor.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/container.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/systemd.journal.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/message.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/xinit.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/xpra.client.log /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/xpra.server.log
947996 bash /home/werner/Public/repo/github.com/mviereck/x11docker.git/x11docker --runasroot sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers         |#$ sudo grep -Ev '^[ ]*(#|$)' /etc/sudoers           |Defaults    env_reset         |Defaults mail_badpass         |Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"         |root  ALL=(ALL:ALL) ALL         |%admin ALL=(ALL) ALL         |%sudo  ALL=(ALL:ALL) ALL         |$USER ALL=(ALL) NOPASSWD:ALL     EOF -c --nxagent --network=bridge --pulseaudio --xoverip --home --share=/home/werner --sudouser --desktop --init=systemd -- --device /dev/mem:/dev/mem --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- hongyizhao/deepin-wine:apricot
947997 bash /home/werner/Public/repo/github.com/mviereck/x11docker.git/x11docker --runasroot sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers         |#$ sudo grep -Ev '^[ ]*(#|$)' /etc/sudoers           |Defaults    env_reset         |Defaults mail_badpass         |Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"         |root  ALL=(ALL:ALL) ALL         |%admin ALL=(ALL) ALL         |%sudo  ALL=(ALL:ALL) ALL         |$USER ALL=(ALL) NOPASSWD:ALL     EOF -c --nxagent --network=bridge --pulseaudio --xoverip --home --share=/home/werner --sudouser --desktop --init=systemd -- --device /dev/mem:/dev/mem --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- hongyizhao/deepin-wine:apricot
948775 bash /home/werner/Public/repo/github.com/mviereck/x11docker.git/x11docker --runasroot sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers         |#$ sudo grep -Ev '^[ ]*(#|$)' /etc/sudoers           |Defaults    env_reset         |Defaults mail_badpass         |Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"         |root  ALL=(ALL:ALL) ALL         |%admin ALL=(ALL) ALL         |%sudo  ALL=(ALL:ALL) ALL         |$USER ALL=(ALL) NOPASSWD:ALL     EOF -c --nxagent --network=bridge --pulseaudio --xoverip --home --share=/home/werner --sudouser --desktop --init=systemd -- --device /dev/mem:/dev/mem --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- hongyizhao/deepin-wine:apricot
948842 bash /home/werner/Public/repo/github.com/mviereck/x11docker.git/x11docker --runasroot sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers         |#$ sudo grep -Ev '^[ ]*(#|$)' /etc/sudoers           |Defaults    env_reset         |Defaults mail_badpass         |Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"         |root  ALL=(ALL:ALL) ALL         |%admin ALL=(ALL) ALL         |%sudo  ALL=(ALL:ALL) ALL         |$USER ALL=(ALL) NOPASSWD:ALL     EOF -c --nxagent --network=bridge --pulseaudio --xoverip --home --share=/home/werner --sudouser --desktop --init=systemd -- --device /dev/mem:/dev/mem --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- hongyizhao/deepin-wine:apricot
953019 xinit /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/xinitrc -- /usr/bin/Xephyr :119 -retro +extension RANDR +extension RENDER +extension GLX +extension XVideo +extension DOUBLE-BUFFER +extension SECURITY +extension DAMAGE +extension X-Resource -extension XINERAMA -xinerama -extension MIT-SHM +extension Composite +extension COMPOSITE -extension XTEST -tst -dpms -s off -auth /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/Xauthority.server -listen tcp -dpi 96 -resizeable -noxv -screen 1824x984
953020 /usr/bin/Xephyr :119 -retro +extension RANDR +extension RENDER +extension GLX +extension XVideo +extension DOUBLE-BUFFER +extension SECURITY +extension DAMAGE +extension X-Resource -extension XINERAMA -xinerama -extension MIT-SHM +extension Composite +extension COMPOSITE -extension XTEST -tst -dpms -s off -auth /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/Xauthority.server -listen tcp -dpi 96 -resizeable -noxv -screen 1824x984
953059 sh /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/xinitrc
953147 bash /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/clipboardrc
953224 bash /home/werner/Public/repo/github.com/mviereck/x11docker.git/x11docker --runasroot sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers         |#$ sudo grep -Ev '^[ ]*(#|$)' /etc/sudoers           |Defaults    env_reset         |Defaults mail_badpass         |Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"         |root  ALL=(ALL:ALL) ALL         |%admin ALL=(ALL) ALL         |%sudo  ALL=(ALL:ALL) ALL         |$USER ALL=(ALL) NOPASSWD:ALL     EOF -c --nxagent --network=bridge --pulseaudio --xoverip --home --share=/home/werner --sudouser --desktop --init=systemd -- --device /dev/mem:/dev/mem --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- hongyizhao/deepin-wine:apricot
953227 /usr/bin/docker run --pull never --rm --tty --name x11docker_X119_hongyizhao-deepin-wine-apricot_89975920014 --user root --userns=host --runtime=runc --network bridge --cap-drop ALL --cap-add AUDIT_WRITE --cap-add CHOWN --cap-add DAC_OVERRIDE --cap-add FOWNER --cap-add FSETID --cap-add KILL --cap-add SETGID --cap-add SETPCAP --cap-add SETUID --cap-add SYS_BOOT --security-opt label=type:container_runtime_t --tmpfs /var/lib/journal --stop-signal SIGRTMIN+3 --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,readonly --tmpfs /run:exec --tmpfs /run/lock --tmpfs /tmp --mount type=bind,source=/home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share,target=/x11docker --mount type=bind,source=/home/werner/.local/share/x11docker/hongyizhao-deepin-wine,target=/home/werner --mount type=bind,source=/home/werner,target=//home.host/werner --mount type=bind,source=/home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/pulseaudio.client.conf,target=/etc/pulse/client.conf,readonly --workdir /tmp --entrypoint env --env container=docker --env XAUTHORITY=/x11docker/Xauthority.client --env DISPLAY=192.168.10.100:119 --env PULSE_COOKIE=/x11docker/pulseaudio.cookie --env PULSE_SERVER=unix:/x11docker/pulseaudio.socket --env HOME=/home/werner --env USER=werner --device /dev/mem:/dev/mem --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- hongyizhao/deepin-wine:apricot /bin/sh - /x11docker/containerrootrc
956182 tail --pid=945122 -n +1 -f /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/stderr
956188 tail --pid=945122 -n +1 -f /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/stdout
958730 /bin/sh -c /bin/journalctl --follow --no-tail >> /x11docker/systemd.journal.log 2>&1
958732 /bin/sh -c while sleep 1; do systemctl is-active console-getty >/dev/null || { echo timetosaygoodbye >>/x11docker/timetosaygoodbye ; systemctl halt ; } ; [ -s /x11docker/timetosaygoodbye ] && systemctl halt ; done
964786 sh /x11docker/cmdrc
964874 tail -f /x11docker/stdout
964875 tail -f /x11docker/stderr

Edit: --xpra fails along with --xoverip. Without this it works.

Is fixed now.

Great. I tried with the -c --xpra option, and it works smoothly.

What's the script and how to use it?

x11docker generates it internally. Depending on the display numbers etc. it looks like this:

I tried to use --xephyr without the -c option, but still can't copy and paste text content between host and docker container.

In short: Currently the only valid method is the -c --xpra option on my machine, which can let me do the following jobs smoothly:

1. Copy and paste text/image content between host and docker container.
2. Don't interfere with the image copy and paste from shutter/ksnip onto GitHub.

[mviereck]

953147 bash /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/clipboardrc

Somehow you have an instance of clipboardrc running. It is not started if you use --nxagent -c.

I tried to use --xephyr without the -c option, but still can't copy and paste text content between host and docker container.

Without -c the clipboard is not shared.

Why at all do you use --xoverip?

[hongyi-zhao]

953147 bash /home/werner/.cache/x11docker/89975920014-deepin-wine-apricot/share/clipboardrc

Somehow you have an instance of clipboardrc running. It is not started if you use --nxagent -c.

Let me debug it as follows:

With the --xephyr -c option:

$ pgrep -af clipboardrc
3209961 bash /home/werner/.cache/x11docker/91877410815-deepin-wine-apricot/share/clipboardrc

With the --nxagent -c option:

$ pgrep -af clipboardrc
3726861 bash /home/werner/.cache/x11docker/92319116602-deepin-wine-apricot/share/clipboardrc

With the --xpra -c option:

$ pgrep -af clipboardrc
$ 

I tried to use --xephyr without the -c option, but still can't copy and paste text content between host and docker container.

Without -c the clipboard is not shared.

With it, the problem reported here will be triggered.

Why at all do you use --xoverip?

See here.

[mviereck]

Is nxagent installed at all on your host? Otherwise x11docker will fall back to use --xephyr. Use --fallback=no to disable fallbacks. Than x11docker will fail if --nxagent is not possible.

[hongyi-zhao]

Thank you for your insightful and accurate analysis. It turns out that nxagent hasn't been installed yet, and I installed it with the following command:

$ sudo apt install nxagent

Now, the following option also works:

--nxagent -c --fallback=no

And I also confirm that the clipboardrc process disappears:

$ pgrep -af clipboardrc
$ 

But it seems that nxagent doesn't support copy image from host to docker container, while xpra does.

[mviereck]

But it seems that nxagent doesn't support comp image from host to docker container, while xpra does.

Yes, image clipboard transfer only works with xpra.

[hongyi-zhao]

So to say, xpra is one of the most powerful and feature-rich tools for this type of work.

Another strange behavior: when using xpra, the image captured by shutter can be copied from host to container, while the one captured by ksnip cannot.

[mviereck]

Another strange behavior: when using xpra, the image captured by shutter can be copied from host to container, while the one captured by ksnip cannot.

The entire X11 clipboard thing in general is a mess. It is hard to debug odd behaviour.

So to say, xpra is one of the most powerful and feature-rich tools for this type of work.

With --xpra you can also use the --scale option if that is of interest for you.

[mviereck]

Why at all do you use --xoverip?

See https://github.com/mviereck/dockerfile-x11docker-deepin/issues/36#issuecomment-735017143.

I just checked, it seems --xoverip is not needed anymore. I could run sudo xterm without --xoverip. Maybe that was a bug in sudo that is fixed meanwhile.

--share /dev/mem

Why do you use this? I'd discourage it.

[hongyi-zhao]

With --xpra you can also use the --scale option if that is of interest for you.

This option seems rather complicated:

$ x11docker -h | egrep -A4 -- '^[ ]*--scale'
     --scale=N         Scale/zoom factor N for xpra, Xorg or Weston.
                       Allowed for --xpra, --xorg --xpra-xwayland: 0.25...8.0.
                       Allowed for --weston and --weston-xwayland: 1...9.
                       (Mismatching font sizes can be adjusted with --dpi).
                       Odd resolutions with --xorg might need --scale=1.

Would you please give me an example usage, especially with --dpi?

[mviereck]

This option seems rather complicated:

I might need to ease the description. In fact it is simple. For xpra only this line is of interest:

                   Allowed for --xpra, --xorg --xpra-xwayland: 0.25...8.0.

Try a value between 0.25 an 8. For example --scale=0.5 or --scale=2.

I'll just remove the --dpi line.

[hongyi-zhao]

Try a value between 0.25 an 8. For example --scale=0.5 or --scale=2.

I tried some values, but it seems that only the default scale factor 1 gives the most pleasing and satisfying effect.

[hongyi-zhao]

I just checked, it seems --xoverip is not needed anymore. I could run sudo xterm without --xoverip. Maybe that was a bug in sudo that is fixed meanwhile.

Yes. I confirmed your conclusion.

--share /dev/mem

Why do you use this? I'd discourage it.

See https://github.com/mviereck/dockerfile-x11docker-deepin/issues/46.

[mviereck]

See https://github.com/mviereck/dockerfile-x11docker-deepin/issues/46.

Oh, I see. But if you don't need dmidecode regulary, I'd remove --share /dev/mem for security reasons. According to the SO ticket you would also need --cap-add SYS_RAWIO that I would discourage, too.

[hongyi-zhao]

But if you don't need dmidecode regulary, I'd remove --share /dev/mem for security reasons.

I see. For the sake of debugging, I want to keep it.

According to the SO ticket

BTW, what do you mean by saying SO ticket?

you would also need --cap-add SYS_RAWIO that I would discourage, too.

Thank you for your reminder. I've added this option.

[mviereck]

BTW, what do you mean by saying SO ticket?

You have referred to stack overflow: https://stackoverflow.com/questions/54068234/cant-run-dmidecode-on-docker-container With SO I mean stack overflow.

[hongyi-zhao]

In https://github.com/mviereck/x11docker/issues/428#issuecomment-1086821922, you said:

With --xephyr x11docker uses a custom script.

Do you mean only when using -c with --xephyr, the custom script will be automatically generated and take effect?

[mviereck]

Do you mean only when using -c with --xephyr, the custom script will be automatically generated and take effect?

The clipboard script is used with --xephyr, --weston-xwayland and --xorg.

[hongyi-zhao]

Let me try to further clarify my confusion as follows:

1. --xephyr, --weston-xwayland and --xorg don't have their own clipboard manager.
2. This clipboard script, as an alternative to the clipboard manager, must be activated through the -c option.
3. As a result, when using -c with --xephyr, --weston-xwayland, or --xorg, this clipboard script will take effect.

[mviereck]

Yes, correct.

[mviereck]

I have adjusted the clipboard script a bit. It should not disturb image clips anymore.

[mviereck]

I have included some basic graphical clips support in the clipboard script. I was able to run knsip in a container using --xephyr -c and to copy some graphics to the host clipboard.

In a next step I might support the middle mouse click clipboard.

[hongyi-zhao]

https://github.com/mviereck/x11docker/issues/428#issuecomment-1086884021: I'll just remove the --dpi line.

Why do you plan to do this? I just want to know how to set the resolution of docker container to achieve the best, at least close to or the same as the host. Is this possible?

[mviereck]

I have only removed the --dpi explanation from the --scale option to avoid confusion. x11docker always tries to automatically set the same dpi for the container as on host. The dpi value is regarded by some but not all applications. At most it influences font sizes. You can just try out --dpi to see the results. Try e.g. --dpi=70 or --dpi=100.

[hongyi-zhao]

I think that it should be automatically set according to the result of the following command:

$ xrdb -query | grep dpi
Xft.dpi:    96
$ xdpyinfo | grep -E 'dimensions|resolution'
  dimensions:    1920x1080 pixels (508x285 millimeters)
  resolution:    96x96 dots per inch

Taking the situation of my machine as an example, it should be set as follows accordingly:

--dpi=96

[mviereck]

x11docker uses xdpyinfo to get the dpi setting from host. In your case it would set --dpi=96. You can check that in the --debug output where the generated X server command is shown. There should be a line -dpi 96.

[hongyi-zhao]

You can check that in the --debug output where the generated X server command is shown. There should be a line -dpi 96.

Yes, the details are as follows:

[mviereck]

I've added support for middle mouse click selection. This was a hard one, I had to rewrite the clipboard code from scratch. It took several hours for these few lines. xclip can be itchy. However, finally it is done. Since a long time I had the wish to improve the x11docker clipboard management. Graphical clips are implemented rudimentary only, but should work for most use cases. Nice: It works well with and without the Xfce4 clipboard manager.

[hongyi-zhao]

xclip can be itchy.

What do you mean by saying this?

NB: Based on test, I can only copy the image from docker to host.

[mviereck]

NB: Based on test, I can only copy the image from docker to host.

How did you test? I've tried with knsip in container and it works.

What do you mean by saying this?

Try to write scripts with it and you'll see. :-) A very odd thing: If I run xclip in a function, I cannot return to the main script.

[hongyi-zhao]

How did you test?

Sorry for my fuzzy description. In fact, there are so many ways to do the test mentioned here, and I original statement is not accurate. In order to have a systematic understanding of this problem, I tried the following tests:

(A). Start docker container with --xephyr -c --fallback=no via x11docker, then confirm the following:

Success:

1. Run flameshot in container to capture some screenshot and then copy and paste it onto GitHub.
2. Run ksnip or shutter on host to capture some screenshot and then copy and paste it into the gimp running in docker container.

Failure: Run ksnip or shutter on host to capture some screenshot and then copy and paste it into the wechat running in docker container.

(B). Start docker container with --xephyr -c --fallback=no via x11docker, then confirm the following:

All of the above tests were successful.

If I run xclip in a function, I cannot return to the main script.

Can you demonstrate this to me with a minimal bash script?

[mviereck]

Failure: Run ksnip or shutter on host to capture some screenshot and then copy and paste it into the wechat running in docker container.

All of the above tests were successful.

Does it work in wechat now? If not, providing a clipboard manager in the container might help. xclip can provide only one image format at a time. Clipboard managers like xfce4-clipman can provide the clipped image in multiple formats.

Can you demonstrate this to me with a minimal bash script?

#! /bin/bash
myclip() {
  xclip -selection clipbord -in <<< "hello world"
  echo x
  return
}
set -x
while true; do
  y="$(myclip)"
done

[hongyi-zhao]

Does it work in wechat now?

This only works for xpra -c --fallback=no when copying and pasting images from the host to WeChat running in the container.

Clipboard managers like xfce4-clipman can provide the clipped image in multiple formats.

Do you mean install it into the docker container as follows?

$ sudo apt install xfce4-clipman

! /bin/bash

myclip() { xclip -selection clipbord -in <<< "hello world" echo x return } set -x while true; do y="$(myclip)" done

It will be blocked there forever:

I also tried with the self-compiled git master version of xclip, and the same test results were obtained.

[mviereck]

Do you mean install it into the docker container as follows?

Installing in image and also starting in container. E.g. with --runasuser 'xfce4-clipman &'. Or, in deepin, add it to the desktop autostart. Maybe a deepin clipboard manager exists, too, I don't know.

It will be blocked there forever:

It is not blocked if it is called without $():

#! /bin/bash
myclip() {
  xclip -selection clipbord -in <<< "hello world"
  echo x
  return
}
set -x
while true; do
  myclip
done

Note that xclip forkes itself into background and keeps running to actively provide the clip. However, this should not block the function from returning.

[hongyi-zhao]

How to substitute xfce4-clipman for xclip as the default both on host and in container?

[mviereck]

It should not be substituted but run aside and independent from x11docker. However, meanwhile I tried xfce4-clipman in container and it crashes after a while. Within a desktop environment like deepin it might work.

[mviereck]

Nevermind, neither xfce4-clipman nor some other clipboard managers seems to do any conversion on their own.

[mviereck]

I found a working clipboard manager! The problem is that xclip can only provide one image format at a time. copyq is a clipboardmanager that takes the image from xclip and provides it to other clients in multiple image formats.

To try out directly:

• Install copyq
• run x11docker with --clipboard --runfromhost 'copyq &'

Likely wechat will succeed to paste images from the clipboard.

Edit: Sorry, I've checked wrong. But copyq might provide a solution.

[hongyi-zhao]

• run x11docker with --clipboard --runfromhost 'copyq &'

Do you mean to combine the above and --xephyr as follows?

--xephyr -c --fallback=no --runfromhost 'copyq &'

I tried this method but encountered the following error:

The following can start docker container, but WeChat still fails to paste images from the clipboard.

--xephyr -c --fallback=no --runfromhost copyq

Sorry, I've checked wrong.

What do you mean?

[mviereck]

I tried this method but encountered the following error:

Can you show me the full command? Likely you have a syntax error. I don't have issues with these options.

[hongyi-zhao]

1. This can start docker container:

$ x11docker --runasroot 'sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers
        |#$ sudo grep -Ev '\''^[ ]*(#|$)'\'' /etc/sudoers  
        |Defaults   env_reset
        |Defaults   mail_badpass
        |Defaults   secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
        |root   ALL=(ALL:ALL) ALL
        |%admin ALL=(ALL) ALL
        |%sudo  ALL=(ALL:ALL) ALL
        |$USER ALL=(ALL) NOPASSWD:ALL
    EOF' --debug --xephyr -c --fallback=no --runfromhost 'copyq &' --network=bridge --pulseaudio --home --share=$HOME --sudouser --desktop --init=systemd -- --device /dev/mem:/dev/mem --cap-add SYS_RAWIO --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- hongyizhao/deepin-wine:apricot   

3. This will fail:

$ xephyr="--xephyr -c --fallback=no --runfromhost 'copyq &'"

$ x11docker --runasroot 'sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers
        |#$ sudo grep -Ev '\''^[ ]*(#|$)'\'' /etc/sudoers  
        |Defaultsenv_reset
        |Defaultsmail_badpass
        |Defaultssecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
        |rootlesskitALL=(ALL:ALL) ALL
        |%admin ALL=(ALL) ALL
        |%sudoALL=(ALL:ALL) ALL
        |$USER ALL=(ALL) NOPASSWD:ALL
EOF' --debug $xephyr --network=bridge --pulseaudio --home --share=$HOME --sudouser --desktop --init=systemd -- --device /dev/mem:/dev/mem --cap-add SYS_RAWIO --cap-add=IPC_LOCK --cap-add=NET_RAW --cap-add=NET_BIND_SERVICE -- hongyizhao/deepin-wine:apricot
DEBUGNOTE[16:31:09,335]: Detected cgroup v1
DEBUGNOTE[16:31:09,817]: check_host(): ps can watch root processes: yes
DEBUGNOTE[16:31:09,894]: host user: werner 1000:1000 /home/werner
x11docker WARNING: User werner is member of group docker.
  That allows unprivileged processes on host to gain root privileges.

DEBUGNOTE[16:31:10,145]: storeinfo(): cache=/home/werner/.cache/x11docker/33868571032-
DEBUGNOTE[16:31:10,161]: storeinfo(): stdout=/home/werner/.cache/x11docker/33868571032-/share/stdout
DEBUGNOTE[16:31:10,176]: storeinfo(): stderr=/home/werner/.cache/x11docker/33868571032-/share/stderr
DEBUGNOTE[16:31:10,223]: waitforlogentry(): tailstderr: Waiting for logentry "x11docker=ready" in store.info
DEBUGNOTE[16:31:10,223]: waitforlogentry(): tailstdout: Waiting for logentry "x11docker=ready" in store.info
DEBUGNOTE[16:31:10,432]: Default runtime: runc
DEBUGNOTE[16:31:10,509]: storeinfo(): containeruser=werner
DEBUGNOTE[16:31:10,525]: container user: werner 1000:1000 /home/werner
x11docker WARNING: You are running GNOME desktop in outdated version
  GNOME Shell 3.36.9
  This might cause issues with host applications if using additional X servers.
  It is recommended to use another desktop environment or GNOME >= 3.38.
  Only --xorg or discouraged option --hostdisplay might work as expected.

DEBUGNOTE[16:31:10,655]: Dependency check for --xephyr: 0
DEBUGNOTE[16:31:10,664]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[16:31:10,671]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[16:31:10,678]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[16:31:10,686]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[16:31:10,693]: storeinfo(): xserver=--xephyr
x11docker WARNING: Option --network: Container has access to
  local network and internet.

DEBUGNOTE[16:31:10,774]: storepid(): Stored pid '3999064' of 'watchpidlist': 3999064 pts/7    00:00:00 bash
DEBUGNOTE[16:31:10,820]: storepid(): Stored pid '3999142' of 'watchmessagefifo': 3999142 pts/7    00:00:00 bash
x11docker WARNING: Option --pulseaudio allows container applications
  to catch your audio output and microphone input.

DEBUGNOTE[16:31:11,416]: storeinfo(): pulseaudiomoduleid=43
DEBUGNOTE[16:31:11,529]: storeinfo(): DISPLAY=:117
DEBUGNOTE[16:31:11,549]: storeinfo(): XAUTHORITY=/home/werner/.cache/x11docker/33868571032-/share/Xauthority.client
DEBUGNOTE[16:31:11,562]: storeinfo(): XSOCKET=/tmp/.X11-unix/X117
DEBUGNOTE[16:31:11,580]: storeinfo(): XDG_RUNTIME_DIR=/run/user/1000
DEBUGNOTE[16:31:11,601]: storeinfo(): Xenv=DISPLAY=:117 XAUTHORITY=/home/werner/.cache/x11docker/33868571032-/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X117 XDG_RUNTIME_DIR=/run/user/1000
DEBUGNOTE[16:31:11,650]: X server command:
  /usr/bin/Xephyr :117  \
  -retro \
  +extension RANDR \
  +extension RENDER \
  +extension GLX \
  +extension XVideo \
  +extension DOUBLE-BUFFER \
  +extension SECURITY \
  +extension DAMAGE \
  +extension X-Resource \
  -extension XINERAMA -xinerama \
  -extension MIT-SHM \
  +extension Composite +extension COMPOSITE \
  -extension XTEST -tst \
  -dpms \
  -s off \
  -auth /home/werner/.cache/x11docker/33868571032-/Xauthority.server \
  -nolisten tcp \
  -dpi 96 \
  -resizeable \
  -noxv \
  -screen 1824x984 \

DEBUGNOTE[16:31:11,658]: storeinfo(): x11dockerpid=3995513
DEBUGNOTE[16:31:11,724]: x11docker version:  7.1.5-beta-5
  Backend version:               Docker version 20.10.9, build c2ea9bc
  OCI Runtime:                   runc
  Host system:                   "Ubuntu 20.04.3 LTS"
  Host architecture:             amd64 (x86_64)
  Command:
    '/home/werner/Public/repo/github.com/mviereck/x11docker.git/x11docker' '--runasroot' 'sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers
        |#$ sudo grep -Ev '^[ ]*(#|$)' /etc/sudoers  
        |Defaultsenv_reset
        |Defaultsmail_badpass
        |Defaultssecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
        |rootlesskitALL=(ALL:ALL) ALL
        |%admin ALL=(ALL) ALL
        |%sudoALL=(ALL:ALL) ALL
        |$USER ALL=(ALL) NOPASSWD:ALL
EOF' '--debug' '--xephyr' '-c' '--fallback=no' '--runfromhost' ''copyq' '&'' '--network=bridge' '--pulseaudio' '--home' '--share=/home/werner' '--sudouser' '--desktop' '--init=systemd' '--' '--device' '/dev/mem:/dev/mem' '--cap-add' 'SYS_RAWIO' '--cap-add=IPC_LOCK' '--cap-add=NET_RAW' '--cap-add=NET_BIND_SERVICE' '--' 'hongyizhao/deepin-wine:apricot' 
  Parsed options:

  ()  --runasroot 'sed -r "s/^[[:blank:]]*[|]//" <<-EOF > /etc/sudoers
        |#$ sudo grep -Ev '\''^[ ]*(#|$)'\'' /etc/sudoers  
        |Defaultsenv_reset
        |Defaultsmail_badpass
        |Defaultssecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
        |rootlesskitALL=(ALL:ALL) ALL
        |%admin ALL=(ALL) ALL
        |%sudoALL=(ALL:ALL) ALL
        |$USER ALL=(ALL) NOPASSWD:ALL
EOF' --debug --xephyr -c --fallback 'no' --runfromhost ''\''copyq' --network 'bridge' --pulseaudio '' --home '' --share '/home/werner' --sudouser '' --desktop --init 'systemd' -- '&'\''' '--device' '/dev/mem:/dev/mem' '--cap-add' 'SYS_RAWIO' '--cap-add=IPC_LOCK' '--cap-add=NET_RAW' '--cap-add=NET_BIND_SERVICE' '--' 'hongyizhao/deepin-wine:apricot'
  x11docker was started by:      werner
  As host user serves:           werner
  Container user will be:        werner
  Container user password:       x11docker
  Running in a terminal:         yes
  Running on console:            no
  Running over SSH:              no
  Running sourced:               no
  bash $-:                       huBE
x11docker WARNING: Option --init=systemd slightly degrades container isolation.
  It adds some user switching capabilities x11docker would drop otherwise.
  However, they are still within default docker capabilities.
  Not within default docker capabilities it adds capability SYS_BOOT.
  Some processes in container will run as root.

x11docker WARNING: Option --init=systemd: Sharing /sys/fs/cgroup from host.

x11docker ERROR: Image &' not found locally.
  Please pull or build image first.

  Type 'x11docker --help' for usage information
  Debug options: '--verbose' (full log) or '--debug' (log excerpt).
  Logfile will be: /home/werner/.cache/x11docker/x11docker.log
  Please report issues at https://github.com/mviereck/x11docker

DEBUGNOTE[16:31:11,817]: time to say goodbye (error)
DEBUGNOTE[16:31:11,827]: storeinfo(): error=64
DEBUGNOTE[16:31:11,841]: Terminating x11docker.
DEBUGNOTE[16:31:11,848]: time to say goodbye (finish)
DEBUGNOTE[16:31:11,909]: finish(): Checking pid 3999142 (watchmessagefifo): 3999142 pts/7    00:00:00 bash
DEBUGNOTE[16:31:11,974]: finish(): Checking pid 3999064 (watchpidlist): 3999064 pts/7    00:00:00 bash
DEBUGNOTE[16:31:12,026]: termpid(): Terminating 3999064 (watchpidlist): 3999064 pts/7    00:00:00 bash
DEBUGNOTE[16:31:12,209]: termpid(): Terminating 3999142 (watchmessagefifo): 3999142 pts/7    00:00:00 bash
DEBUGNOTE[16:31:12,271]: waitforlogentry(): tailstderr: Stopped waiting for x11docker=ready in store.info due to terminating signal.
DEBUGNOTE[16:31:12,278]: waitforlogentry(): tailstdout: Stopped waiting for x11docker=ready in store.info due to terminating signal.
DEBUGNOTE[16:31:12,341]: x11docker exit code: 64

[mviereck]

I have implemented a working solution that needs image x11docker/xserver. If you already have this image, please pull it again.

The image now contains copyq and uses it to provide multiple image formats after xclip has send an image clip. Limitation: This works only for clips in the container, but not for clips send from container to host.

For your setup, just pull image x11docker/xserver and run:

x11docker --xephyr --desktop --clipboard --init=systemd -- hongyizhao/deepin-wine:apricot

wechat should be able to paste images now.

$ xephyr="--xephyr -c --fallback=no --runfromhost 'copyq &'"

This will be parsed wrong. bash won't recognize that '' within "" should be seen as a single argument.

[hongyi-zhao]

x11docker --xephyr --desktop --clipboard --init=systemd -- hongyizhao/deepin-wine:apricot

These options can't enable internet access:

Then I tried with my original xephyr related options without --runfromhost 'copyq &', still I can't copy image from host and paste it into WeChat.

$ xephyr="--xephyr -c --fallback=no --runfromhost 'copyq &'"

This will be parsed wrong. bash won't recognize that '' within "" should be seen as a single argument.

So, how can I put these options into a variable to facilitate debugging?

[mviereck]

Then I tried with my original xephyr related options without --runfromhost 'copy &', still I can't copy image from host and paste it into WeChat.

Did you pull image x11docker/xserver? You also need to update x11docker.

So, how can I put these options into a variable to facilitate debugging?

It is not possible. Maybe --runfromhost copy\ & would work. However, you don't need --runfromhost 'copy &' anymore.

[hongyi-zhao]

Did you pull image x11docker/xserver?

$ docker images|grep xserver
x11docker/xserver           latest    360fa88946c0   2 hours ago         936MB

You also need to update x11docker.

$ git log -1
commit f5e4c6cef2fac78cc73415421ecf11dad8dafaed (HEAD -> master, origin/master, origin/HEAD)
Author: mviereck <bachbaum24@gmx.de>
Date:   Wed Apr 6 10:29:08 2022 +0200

    --xc --clipboard: Use copyq to provide multiple clip TARGETS formats #428