how easy to run X windows in a container, such as ubuntu desktop edition? i am wanting to run multiple distros, each in its own system container. the intent is to run nothing at the host layer except to manage containers.
When you run a graphical (X11) application on a Linux distribution, you have on one part the client X11 libraries, and on the other the X11 server that will display the windows on a display.
The first part is quite easy; you can install, for example,
firefox in a LXD container and this will pull in only the necessary client X11 libraries. But when you are about to run this application, you need to choose where to show the application window, on which X11 server.
One option is to reuse your desktop’s X11 server. In that case, you would set up the container in a way that would give full access to the X11 server socket, and to the PulseAudio socket (for sound).
The easiest way to do so, is to follow this guide,
Specifically, you create here a LXD profile, and when you want to create such a GUI container, you have to launch it as follows:
lxc launch ubuntu:18.04 --profile default --profile gui myguicontainer
There are other more advanced options where you create a separate X11 server just for the container, therefore separating properly your desktop from the container applications. This is good for security, but the process is a bit more involved.
An alternative is to use a system like X2Go,
With X2Go, you can have a full Linux distro running in a LXD container and the output delivered inside a window on your desktop.
Also, some users have tried to set up a system with no X11 server to run the only X11 server through a LXD container. It should be possible but I did not read about them finishing this effort.
the plan is that only one specific container would be the desktop, running X and X clients there. the others would run like servers, no X unless Xvnc, and no X clients unless connecting to its own Xvnc or over the network.
It would be great if you manage to make an unprivileged container to run an X11 server.
It would be a long series of trial-and-error steps, and requires persistence to do the job.
without containers, the X server need root privs for a while to gain all the access it needs. i don’t know what it won’t get without such privs. i don’t know how it can access things from inside a container. but if it can from an unprivileged container, yes that would be great. i’d try from a privileged container, first, to reduce the number of things to go through T&E with.