search

mviereck / x11docker

Run GUI applications and desktops in docker and podman containers. Focus on security.
MIT License
5.5k stars 370 forks source link

x11docker doesn't seem to recognise nvidia vgpu #523

Closed wnark closed 5 months ago

wnark commented 5 months ago

I'm trying to use x11docker under an nvidia T4 vgpu VM, but it doesn't seem to think it's an nvidia gpu device when I run it

$ x11docker --desktop --gpu --size 1280x720  --sudouser --network -c x11docker/xfce

x11docker WARNING: User inno is member of group docker.
  That allows unprivileged processes on host to gain root privileges.

x11docker note: Using X server option --xephyr

x11docker note: Option --gpu=direct is not supported by --xephyr.
  Only --gpu=virgl would work, but needs image x11docker/xserver (option --xc).
  Options supporting direct rendering:
  --xpra-xwayland, --weston-xwayland, --xwayland, --xorg, --hostdisplay
  Fallback: Disabling option --gpu

x11docker WARNING: Option --network: Container has access to
  local network and internet.

x11docker note: Option -I, --network: The container is able to provide
  access to X server :151 (--xephyr) to the entire world.

x11docker note: Option --init=tini: Did not find a tini container init system.
  Please install catatonit or tini-static.
  You can look for the package name of this command at:
 https://github.com/mviereck/x11docker/wiki/dependencies#table-of-all-packages
  Alternatively you can provide image x11docker/xserver (option --xc).

x11docker note: --init=none: Did not find container init system
  'tini' or 'catatonit'. It should be provided by docker or podman package.
  Please install catatonit to provide a container init system.
  You can look for the package name of this command at:
 https://github.com/mviereck/x11docker/wiki/dependencies#table-of-all-packages
  Alternatively you can provide image x11docker/xserver (option --xc).

x11docker WARNING: Option --sudouser severely reduces container security.
  Container gains additional capabilities to allow sudo and su.
  If an application breaks out of container, it can harm your system
  in many ways without you noticing. Default password: x11docker

x11docker note: Option --sudouser: Enabling option --newprivileges=yes.
  You can avoid this with --newprivileges=no

x11docker WARNING: setup_capabilities(): Adding capabilities for user switching
  from root to unprivileged user

x11docker WARNING: Option --newprivileges=yes: x11docker does not set
  docker run option --security-opt=no-new-privileges.
  That degrades container security.
  However, this is still within a default docker setup.

/usr/bin/startxfce4: X server already running on display :151

(xfce4-session:82): dbind-WARNING **: 20:51:44.931: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files
/usr/bin/iceauth:  creating new authority file /tmp/XDG_RUNTIME_DIR/ICEauthority
xfce4-session: No GPG agent found
xfce4-session: No SSH authentication agent found

(xfwm4:118): dbind-WARNING **: 20:51:45.028: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files

(xfwm4:118): GLib-CRITICAL **: 20:51:45.107: g_str_has_prefix: assertion 'prefix != NULL' failed

image

wnark commented 5 months ago

Solved, just install the full dependency. https://github.com/mviereck/x11docker/wiki/Dependencies#recommended-base