A detail step to run desktop environment in container

catfish · October 1, 2024, 9:41am

Chapter III:

Last year, I was updating my server, and decided to pass-through gpu to vm to isolate gui environment from host to reduce possible risks that something I do in gui might destroy host. I did, but there is no audio output from vm even with an audio card pass-throughed. Most people are fine with that, but not me, a htpc is not a htpc without audio output. So I started searching for alternative. I decided to nest x11 in container after seeing this 2 post:

github.com

ken-okabe/wayland-desktop-container/blob/master/README.md

# How to set up your nested Wayland Desktop Environment with systemd-nspawn container, like VirtualBox


This tutorial walks you through setting up [Wayland](https://wiki.archlinux.org/index.php/wayland) Desktop Environment with linux [systemd-nspawn](https://wiki.archlinux.org/index.php/Systemd-nspawn) container on your computer. This is similar to VMware Workstation or VirtualBox, but linux only with minimal overhead performance.

## A Quick Look at the final result

![](https://raw.githubusercontent.com/wiki/kenokabe/wayland-desktop-container/images/Screenshot_20170318_025052.png)

## Features and benefits

✓ Hardware independent containerOS by the hardware abstraction with extremely efficient, minimal performance overhead method by systemd-nspawn container technology  
✓ 100% portable among systemd enabled linux hosts, easy backup and recovery  
✓ Direct rendering works such as 3D Desktop effects  
✓ Video and Sound works  
✓ Network works out of the box  
✓ Less likely to mess up the hostOS and infrequent reboot operations for the hostOS and the hardware, instead, enjoy the instant virtual boot, poweroff and reboot of the containerOS.

## Summary of How to

This file has been truncated. show original

Due to my short years in Linux desktop environment, I failed, kde won’t let me using x11 or xwayland socket in container, because of xauthority. It’s time to revenge.

Let’s see some necessary file in Gnome.

Launch a container.
incus launch images:debian/12 x -p default -p x11 -p hwac
Got to push xauth file to container. But xauth file in gnome changes name every time restarted. But you can see this post solved the problem: https://discuss.linuxcontainers.org/t/incus-lxd-profile-for-gui-apps-wayland-x11-and-pulseaudio/.
incus file push /run/user/1000/.mutter-* x/mnt/xauth

incus exec x bash

apt install xfce4
export XAUTHORITY=/mnt/xauth
startxfce4

But shows a warn.

But who’s dbus-launch? Container’s.

apt install dbus-x11
Start again. Well, it’s quite easy. I remember I was pulling my hair off with no idea what to do last year.

But this nested x11 is not usable, at least that’s what I think. To make it work, we need to jump out of box. We can’t open x11 in a window like wayland, but we can mix ct x11 with host.

As I said in last chapter, whatever a x11 app need to draw, it needs to tell window manager to draw for it. So, we don’t need to start a full desktop environment(Gnome) in host, a window manager is enough. Let’s try fluxbox which I’ve never used before.
In host:
apt install fluxbox -y
Now you can select fluxbox using display manager.

Let’s see some necessary file in fluxbox.

Let’s run startxfce4 in ct.

That’s way better than gnome. And way smooth than mate in weston. Wait, I forgot to push xauth file to ct, it opened anyway, I should have tried it earlier.
But what will happen after killed xfce? Fluxbox background was destroyed.

conclusion:

Nesting x11 is way more easier but less secure than wayland.
Nested x11 ct have more bugs, you can see a lot warnings in terminal.
I recommend nest wayland in wayland, x11 in x11.

That’s all, you have learnt how to run desktop envirement in container.