search

mviereck / x11docker

Run GUI applications and desktops in docker and podman containers. Focus on security.
MIT License
5.68k stars 379 forks source link

x11docker ERROR: --xc: Startup of x11docker/xserver failed. #454

Closed showfuture closed 2 years ago

showfuture commented 2 years ago

when I run this code:

x11docker --gpu x11docker/xfce glxgears

An error occurred:

x11docker WARNING: Running as user root.
  Maybe $(logname) did not provide an unprivileged user.
  Please use option --hostuser=USER to specify an unprivileged user.
  Otherwise, new X server runs as root, and container user will be root.

x11docker note: Option --user=root: Please set option --sudouser or --cap-default
  if you want root privileges for container user root.

Failed to get D-Bus connection: 没有那个文件或目录
x11docker WARNING: Your host X server runs without cookie authentication.

x11docker note: Option --xc for X in container enabled automatically.

x11docker note: Using X server option --xpra-xwayland

x11docker ERROR: --xc: Startup of x11docker/xserver failed.
  Last lines of xinit log:
docker: invalid reference format: repository name must be lowercase.
See 'docker run --help'.
Error: No such object: x11docker_X119_xserver_95680871231

  Type 'x11docker --help' for usage information
  Debug options: '--verbose' (full log) or '--debug' (log excerpt).
  Logfile will be: /root/.cache/x11docker/x11docker.log
  Please report issues at https://github.com/mviereck/x11docker

/bin/x11docker: 行 942: 31552 已终止               watchpidlist
/bin/x11docker: 行 942: 31559 已终止               watchmessagefifo

how to fix this

mviereck commented 2 years ago

That's odd. Here it works. Can you please show me the output with option --debug?

x11docker --gpu --debug x11docker/xfce glxgears
showfuture commented 2 years ago 
[root@unity-004 ~]# x11docker --gpu --debug x11docker/xfce glxgears
DEBUGNOTE[16:32:40,368]: Detected cgroup v1
DEBUGNOTE[16:32:40,404]: check_host(): ps can watch root processes: yes
DEBUGNOTE[16:32:40,421]: host user: root 0:0 /root
x11docker WARNING: Running as user root.
  Maybe $(logname) did not provide an unprivileged user.
  Please use option --hostuser=USER to specify an unprivileged user.
  Otherwise, new X server runs as root, and container user will be root.

DEBUGNOTE[16:32:40,429]: check_host(): Guess if running on console: no
DEBUGNOTE[16:32:40,539]: storeinfo(): cache=/root/.cache/x11docker/96360088654-xfce
DEBUGNOTE[16:32:40,544]: storeinfo(): stdout=/root/.cache/x11docker/96360088654-xfce/share/stdout
DEBUGNOTE[16:32:40,549]: storeinfo(): stderr=/root/.cache/x11docker/96360088654-xfce/share/stderr
DEBUGNOTE[16:32:40,565]: waitforlogentry(): tailstdout: Waiting for logentry "x11docker=ready" in store.info
DEBUGNOTE[16:32:40,565]: waitforlogentry(): tailstderr: Waiting for logentry "x11docker=ready" in store.info
x11docker note: Option --user=root: Please set option --sudouser or --cap-default
  if you want root privileges for container user root.

DEBUGNOTE[16:32:40,571]: storeinfo(): containeruser=root
DEBUGNOTE[16:32:40,576]: container user: root 0:0 /root
DEBUGNOTE[16:32:40,663]: Default runtime: runc
DEBUGNOTE[16:32:40,672]: Backend: docker, Backendbin: /bin/docker, Rootless: no
DEBUGNOTE[16:32:40,690]: storepid(): Stored pid '381' of 'watchpidlist':   381 pts/0    00:00:00 bash
DEBUGNOTE[16:32:40,701]: storepid(): Stored pid '391' of 'watchmessagefifo':   391 pts/0    00:00:00 bash
Failed to get D-Bus connection: 没有那个文件或目录
x11docker WARNING: Your host X server runs without cookie authentication.

x11docker note: Option --xc for X in container enabled automatically.

DEBUGNOTE[16:32:40,800]: --xpra2-xwayland: xpra not found on host.
  You can look for the package name of this command at:
 https://github.com/mviereck/x11docker/wiki/dependencies#table-of-all-packages
DEBUGNOTE[16:32:40,803]: Dependency check for --xpra2-xwayland: 1
DEBUGNOTE[16:32:40,816]: Dependency check for --xpra-xwayland: 0
DEBUGNOTE[16:32:40,818]: Dependencies of --xpra-xwayland already checked: 0
DEBUGNOTE[16:32:40,821]: Dependencies of --xpra-xwayland already checked: 0
x11docker note: Using X server option --xpra-xwayland

DEBUGNOTE[16:32:40,824]: storeinfo(): xserver=--xpra-xwayland
DEBUGNOTE[16:32:40,866]: X container command (rootless no):
  docker run --pull=never \
  --rm \
  --detach \
  --name x11docker_X120_xserver_96360088654 \
  --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/share,target=/root/.cache/x11docker/96360088654-xfce/share \
  --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/etcpasswd.xcontainer,target=/etc/passwd,readonly \
  --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/etcgroup.xcontainer,target=/etc/group,readonly \
  --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/xcontainerrc,target=/xcontainerrc,readonly \
  --security-opt label=type:container_runtime_t \
  --ipc=shareable \
  --runtime runc \
  --cap-drop ALL \
  --security-opt=no-new-privileges \
  --user 0:0 \
  --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/tmp,target=/tmp \
  --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/Xauthority.server,target=/root/.cache/x11docker/96360088654-xfce/Xauthority.server \
  --mount type=bind,source=/root/.cache/x11docker/modelines,target=/root/.cache/x11docker/modelines,readonly \
  --env DISPLAY=:0 \
  --mount type=bind,source=/tmp/.X11-unix/X0,target=/X0,readonly \
  --env XDG_RUNTIME_DIR=/run/user/0 \
  --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/XDG_RUNTIME_DIR,target=/run/user/0  \
  --device /dev/dri/card0:/dev/dri/card0 \
  --device /dev/dri/card1:/dev/dri/card1 \
  --device /dev/dri/renderD128:/dev/dri/renderD128 \
  --device /dev/nvidia0:/dev/nvidia0 \
  --device /dev/nvidiactl:/dev/nvidiactl \
  --device /dev/nvidia-modeset:/dev/nvidia-modeset \
  --device /dev/nvidia-uvm:/dev/nvidia-uvm \
  --device /dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools \
  --device /dev/vga_arbiter:/dev/vga_arbiter \
  --group-add 39 \
  --group-add  \
  --env LD_PRELOAD=/lib/x86_64-linux-gnu/libdl.so.2:/root/.cache/x11docker/96360088654-xfce/share/XlibNoSHM.so \
  x11docker/xserver bash /xcontainerrc
DEBUGNOTE[16:32:40,892]: traperror: Command at Line 10689 returned with error code 125:
  env DOCKER_HOST= docker run --pull=never --rm --detach --name x11docker_X120_xserver_96360088654 --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/share,target=/root/.cache/x11docker/96360088654-xfce/share --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/etcpasswd.xcontainer,target=/etc/passwd,readonly --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/etcgroup.xcontainer,target=/etc/group,readonly --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/xcontainerrc,target=/xcontainerrc,readonly --security-opt label=type:container_runtime_t --ipc=shareable --runtime runc --cap-drop ALL --security-opt=no-new-privileges --user 0:0 --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/tmp,target=/tmp --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/Xauthority.server,target=/root/.cache/x11docker/96360088654-xfce/Xauthority.server --mount type=bind,source=/root/.cache/x11docker/modelines,target=/root/.cache/x11docker/modelines,readonly --env DISPLAY=:0 --mount type=bind,source=/tmp/.X11-unix/X0,target=/X0,readonly --env XDG_RUNTIME_DIR=/run/user/0 --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/XDG_RUNTIME_DIR,target=/run/user/0 --device /dev/dri/card0:/dev/dri/card0 --device /dev/dri/card1:/dev/dri/card1 --device /dev/dri/renderD128:/dev/dri/renderD128 --device /dev/nvidia0:/dev/nvidia0 --device /dev/nvidiactl:/dev/nvidiactl --device /dev/nvidia-modeset:/dev/nvidia-modeset --device /dev/nvidia-uvm:/dev/nvidia-uvm --device /dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools --device /dev/vga_arbiter:/dev/vga_arbiter --group-add 39 --group-add --env LD_PRELOAD=/lib/x86_64-linux-gnu/libdl.so.2:/root/.cache/x11docker/96360088654-xfce/share/XlibNoSHM.so x11docker/xserver bash /xcontainerrc
  7981 - ::unpriv_xcbackend::start_xcontainer::main::main
DEBUGNOTE[16:32:40,896]: storeinfo(): error=64
DEBUGNOTE[16:32:40,901]: time to say goodbye (traperror)
DEBUGNOTE[16:32:40,904]: traperror: Command at Line 716 returned with error code 125:
  env DOCKER_HOST= docker run --pull=never --rm --detach --name x11docker_X120_xserver_96360088654 --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/share,target=/root/.cache/x11docker/96360088654-xfce/share --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/etcpasswd.xcontainer,target=/etc/passwd,readonly --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/etcgroup.xcontainer,target=/etc/group,readonly --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/xcontainerrc,target=/xcontainerrc,readonly --security-opt label=type:container_runtime_t --ipc=shareable --runtime runc --cap-drop ALL --security-opt=no-new-privileges --user 0:0 --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/tmp,target=/tmp --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/Xauthority.server,target=/root/.cache/x11docker/96360088654-xfce/Xauthority.server --mount type=bind,source=/root/.cache/x11docker/modelines,target=/root/.cache/x11docker/modelines,readonly --env DISPLAY=:0 --mount type=bind,source=/tmp/.X11-unix/X0,target=/X0,readonly --env XDG_RUNTIME_DIR=/run/user/0 --mount type=bind,source=/root/.cache/x11docker/96360088654-xfce/XDG_RUNTIME_DIR,target=/run/user/0 --device /dev/dri/card0:/dev/dri/card0 --device /dev/dri/card1:/dev/dri/card1 --device /dev/dri/renderD128:/dev/dri/renderD128 --device /dev/nvidia0:/dev/nvidia0 --device /dev/nvidiactl:/dev/nvidiactl --device /dev/nvidia-modeset:/dev/nvidia-modeset --device /dev/nvidia-uvm:/dev/nvidia-uvm --device /dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools --device /dev/vga_arbiter:/dev/vga_arbiter --group-add 39 --group-add --env LD_PRELOAD=/lib/x86_64-linux-gnu/libdl.so.2:/root/.cache/x11docker/96360088654-xfce/share/XlibNoSHM.so x11docker/xserver bash /xcontainerrc
  7981 - ::unpriv_xcbackend::start_xcontainer::main::main
DEBUGNOTE[16:32:40,907]: storeinfo(): error=64
DEBUGNOTE[16:32:40,915]: time to say goodbye (traperror)
DEBUGNOTE[16:32:40,918]: traperror: Command at Line 10691 returned with error code 125:
  return $?
  10758 - ::start_xcontainer::main::main
DEBUGNOTE[16:32:40,921]: storeinfo(): error=64
DEBUGNOTE[16:32:40,928]: time to say goodbye (traperror)
DEBUGNOTE[16:32:40,932]: traperror: Command at Line 7981 returned with error code 1:
  read Xcontainerid < <(unpriv_xcbackend "$Xcontainercommand" 2>> $Xinitlogfile)
  10758 - ::start_xcontainer::main::main
DEBUGNOTE[16:32:40,934]: storeinfo(): error=64
DEBUGNOTE[16:32:40,941]: time to say goodbye (traperror)
DEBUGNOTE[16:32:40,944]: storeinfo(): Xcontainerid=
DEBUGNOTE[16:32:40,979]: traperror: Command at Line 10689 returned with error code 1:
  env DOCKER_HOST= docker inspect x11docker_X120_xserver_96360088654
  7984 - ::unpriv_xcbackend::start_xcontainer::main::main
DEBUGNOTE[16:32:40,982]: storeinfo(): error=64
DEBUGNOTE[16:32:40,990]: time to say goodbye (traperror)
DEBUGNOTE[16:32:40,993]: traperror: Command at Line 716 returned with error code 1:
  env DOCKER_HOST= docker inspect x11docker_X120_xserver_96360088654
  7984 - ::unpriv_xcbackend::start_xcontainer::main::main
DEBUGNOTE[16:32:40,996]: storeinfo(): error=64
DEBUGNOTE[16:32:41,004]: time to say goodbye (traperror)

x11docker ERROR: --xc: Startup of x11docker/xserver failed.
  Last lines of xinit log:
docker: invalid reference format: repository name must be lowercase.
See 'docker run --help'.
Error: No such object: x11docker_X120_xserver_96360088654

  Type 'x11docker --help' for usage information
  Debug options: '--verbose' (full log) or '--debug' (log excerpt).
  Logfile will be: /root/.cache/x11docker/x11docker.log
  Please report issues at https://github.com/mviereck/x11docker

DEBUGNOTE[16:32:41,010]: time to say goodbye (error)
DEBUGNOTE[16:32:41,013]: storeinfo(): error=64
DEBUGNOTE[16:32:41,020]: Terminating x11docker.
DEBUGNOTE[16:32:41,023]: time to say goodbye (finish)
DEBUGNOTE[16:32:41,037]: finish(): Checking pid 391 (watchmessagefifo):   391 pts/0    00:00:00 bash
DEBUGNOTE[16:32:41,050]: finish(): Checking pid 381 (watchpidlist):   381 pts/0    00:00:00 bash
DEBUGNOTE[16:32:41,060]: termpid(): Terminating 381 (watchpidlist):   381 pts/0    00:00:00 bash
DEBUGNOTE[16:32:41,072]: waitforlogentry(): tailstderr: Stopped waiting for x11docker=ready in store.info due to terminating signal.
DEBUGNOTE[16:32:41,072]: waitforlogentry(): tailstdout: Stopped waiting for x11docker=ready in store.info due to terminating signal.
/bin/x11docker: 行 942:   381 已终止               watchpidlist
DEBUGNOTE[16:32:41,178]: termpid(): Terminating 391 (watchmessagefifo):   391 pts/0    00:00:00 bash
/bin/x11docker: 行 942:   391 已终止               watchmessagefifo
DEBUGNOTE[16:32:41,286]: x11docker exit code: 64
mviereck commented 2 years ago

Thank you! x11docker fails to find group render on your host so the command to run the X container contains a --group-add without a group. I've uploaded a commit that checks if the group exists at all.

Please update to latest beta/master and try if it works now. x11docker --update-master

showfuture commented 2 years ago

yes, it worked, thank you very much!!!

mviereck commented 2 years ago

Great! You're welcome.

showfuture commented 2 years ago

when I run this x11docker --gpu x11docker/xfce glxgears

my container image is x11docker/xserver , this is an error, how to fix this

[root@unity-004 ~]# docker ps
CONTAINER ID   IMAGE               COMMAND                CREATED         STATUS         PORTS     NAMES
1aa07f7f7297   x11docker/xserver   "bash /xcontainerrc"   5 seconds ago   Up 4 seconds             x11docker_X109_xserver_06270203912
mviereck commented 2 years ago

x11docker uses image x11docker/xserver to run a container with the X server in it. (Indicated with message:x11docker note: Option --xc for X in container enabled automatically.) This X server container appears in your docker ps output.

However, docker ps should also show the Xfce container. Did you remove it from the output above? Example here after running your command:

$ docker ps
CONTAINER ID   IMAGE               COMMAND                  CREATED          STATUS          PORTS     NAMES
f6cb9c1b39a1   x11docker/xfce      "env /usr/local/bin/…"   7 seconds ago    Up 6 seconds              x11docker_X110_x11docker-xfce-glxgears_09584907612
a175b113b547   x11docker/xserver   "bash /xcontainerrc"     15 seconds ago   Up 14 seconds             x11docker_X110_xserver_09584907612

Once you terminate the Xfce container, the X container should disappear, too. Note that both of them in this example show x11docker_X110 in the name to indicate that they belong together.

If you don't want to use x11docker/xserver, you can set --xc=no.

showfuture commented 2 years ago

when I run

x11docker --gpu=yes --runtime=nvidia --hostdisplay --pull=yes --name=unity3d-job bigdata/unity3d-job:20220705-105

just has container 

[root@unity-004 ~]# docker ps
CONTAINER ID   IMAGE               COMMAND                CREATED          STATUS          PORTS     NAMES
90c5b1d0efec   x11docker/xserver   "bash /xcontainerrc"   12 minutes ago   Up 12 minutes             x11docker_X0_xserver_61549911040

and when I enter this container, I cannot find my own application!

I also used x11docker version 6.10.0, when I run my own image, it supply my own container!

mviereck commented 2 years ago

x11docker --gpu=yes --runtime=nvidia --hostdisplay --pull=yes --name=unity3d-job bigdata/unity3d-job:20220705-105

Option --pull has been removed in release v7.0.0. Option --xc / image x11docker/xserver has been introduced in the same release. So you cannot get an x11docker/xserver container while also using --pull.

Please test with latest x11docker only and without option --pull.

and when I enter this container, I cannot find my own application!

The container of x11docker/xserver only runs an X server and provides some X tools. Compare the Xfce example above, where two containers are running showing the same X110 number.

--name=unity3d-job bigdata/unity3d-job:20220705-105

The overall command specifies a desired name for the container, but does not specify an image to run. Maybe you misunderstood option --name here. Just run something like:

x11docker --gpu --runtime=nvidia --hostdisplay unity3d-job bigdata/unity3d-job:20220705-105
mviereck commented 2 years ago

Did you succeed to start your container now?

showfuture commented 2 years ago

no, I has to use other way to slove this problem! thanks!!