Help! I can't bind /tmp/.X11-unix in unpriveleged LXC started as root

Mark_Wigzell · February 2, 2022, 7:09am

Hey guys, am new to LXC. I have a working unpriveleged LXC container with archlinux image. I start it as root. I cannot run glxgears:

[root@archplay /]# glxgears
Error: couldn’t open display :0.0

I have configuration in /var/lib/lxc/archplay/config as follows:

lxc.mount.entry = tmpfs tmp tmpfs defaults
lxc.mount.entry = /dev/dri dev/dri none bind,optional,create=dir
lxc.mount.entry = /dev/snd dev/snd none bind,optional,create=dir
lxc.mount.entry = /tmp/.X11-unix tmp/.X11-unix none bind,optional,create=dir,ro
lxc.mount.entry = /dev/video0 dev/video0 none bind,optional,create=file

and I’ve tried running “xhost +” before attaching to the container, to no avail.
If I run “ls” from within the container I do not see X0, so I am thinking /tmp/.X11-unix is not really bound. I don’t know where there might be some logs? I saw nothing in the journal, also nothing in /var/log/Xorg.0.log on host.

stgraber · February 2, 2022, 3:46pm

I’d make sure that your host is actually listening on a real unix socket, these days most X11 servers use abstract unix sockets which aren’t really file based and can’t be bind-mounted.

You may also need to export DISPLAY to a value matching the host.

Mark_Wigzell · February 2, 2022, 4:23pm

Hi, well I think host is using the socket, since I was able to run xeyes from a bind mounted docker container. Also of course, the /tmp/.X11-unix/X0 does exists on host so it is creating it. As I mentioned, the LXC doesn’t actually see the “X0” leading me to believe it is not mounted…

stgraber · February 2, 2022, 5:46pm

Okay, can you try the mount to somewhere else, say root/.X11-unix?

Most Linux distributions wipe /tmp on boot which could be causing the problem here.

Mark_Wigzell · February 3, 2022, 5:17am

Yes! that is correct. I was able to mount it into /root/.X11-unix in the container, and the X socket is visible there.
I looked deeper and realized that I had edited that line: “lxc.mount.entry = tmpfs tmp tmpfs defaults” into the config without stopping the LXC container first. So it was initially not working because that line was missing. So after properly stopping LXC then restart and reattach, I now do have the mount properly there, and was able to run “glxgears” so Yay!. Running "xeyes’ though, logged me out of my session! Not sure what that is.
oh and: I had to run xhost + in the host container because glxgears was not authorized. But hey, its working. Now I can proceed with my project.
Thanks for your help!