Ubuntu 22.04 has a new kernel 6.5.0, so I decided to check if shift=true option works now for sockets in folders using tmpfs. I have good news and bad news.
Shifting on wayland and pulse sockets in /run works fine. Pulse requires copying a cookie (see previous post), but that’s just a minor inconvenience.
On the other hand, X11 socket X0 in /tmp doesn’t work. Applications that use it will throw an error:
Authorization required, but no authorization protocol specified
Error: Can't open display: :0
xWayland socket X1 (env var DISPLAY=:1) instead of showing this error will hang the application.
Steps to replicate X11 socket behavior with shift=true on disk device are:
incus launch images:ubuntu/jammy/cloud test
incus config device add test x11_socket disk shift=true source=/tmp/.X11-unix/X0 path=/mnt/X0
incus exec test -- sudo --user ubuntu --login
touch "/tmp/.X11-unix/X0"
sudo mount --bind "/mnt/X0" "/tmp/.X11-unix/X0"
export DISPLAY=:0
sudo apt update
sudo apt install x11-apps
xclock
You can replace touch and mount combo with ln -sf "/mnt/X0" "/tmp/.X11-unix/X0", but the effect is the same.
When using raw.idmap instead of shift=true on disk device, everything works fine:
incus launch images:ubuntu/jammy/cloud test
printf "uid $(id -u) 1000\ngid $(id -g) 1002" | incus config set test raw.idmap -
incus config device add test x11_socket disk source=/tmp/.X11-unix/X0 path=/mnt/X0
incus exec test -- sudo --user ubuntu --login
touch "/tmp/.X11-unix/X0"
sudo mount --bind "/mnt/X0" "/tmp/.X11-unix/X0"
export DISPLAY=:0
sudo apt update
sudo apt install x11-apps
xclock
Using proxy device for abstract unix socket also works fine:
incus launch images:ubuntu/jammy/cloud test
incus config device add test x11_socket proxy bind=container connect=unix:@/tmp/.X11-unix/X0 listen=unix:@/tmp/.X11-unix/X0 security.uid=$(id -u) security.gid=$(id -g)
incus exec test -- sudo --user ubuntu --login
export DISPLAY=:0
sudo apt update
sudo apt install x11-apps
xclock
We’ll see what changes Ubuntu 24.04 will bring with an even newer kernel.