how to use -e DISPLAY flag on osx?

[Deleted user]

I am running boot2docker on OSX 10.10

I have a simple docker image, the dockerfile is:

FROM base/archlinux
RUN pacman -Syu --noconfirm --noprogress 
RUN pacman -S --noprogress --noconfirm firefox

I know that one can use VNC (method: install VNC in image, forward ports, access using VNC on osx etc) and I do not want to use VNC if it's possible to load the GUI application in the container to the host's display using the -e DISPLAY flag. I ran docker run -ti --rm -e DISPLAY -v /tmp/.X11-unix/tmp/.X11-unix arch/firefox and got:

Error: cannot open display: /private/tmp/com.apple.launchd.TDD8jmIe6P/org.macosforge.xquartz:0

Any help is appreciated! Thanks

[jessfraz]

So since boot2docker is running docker in a virtualbox, there are going to be a few extra configurations that need to happen...
I think what you need is to add X11 forwarding to the virtualbox, I will try out some solutions.
I'm a pretty big fan of bind mounting the X11 socket so it would be cool if it was just as easy for boot2docker users :)

[jessfraz]

Yeah so I think VNC is your best option here... you could ssh into the box and enable X11 forwarding as seen here http://oroborosx.sourceforge.net/remotex.html
BUT I hate to say it the awesomeness for bind mounting the X11 sock is really best suited on a linux machine, seeing as it does not require a remote machine (virtualbox), thats really the use case for it. So I am going to close this because we don't plan on supporting something as complicated as bind mounting X11 from osx to a remote server.

[tianon]

Oh c'mon - where's your sense of adventure? Surely something magical could be done with boot2docker ssh -X ? 😈

[jessfraz]

I mean I am still going to try and find a solution in my freetime for fun ;) , but just to clear up it will be more of a hack than a fully supported docker feature :)

[tianon]

Hahaha, even the Linux version is truly a hack (but a really cool one).
Until we have "docker run -X", this is all "hack land". :D

[jessfraz]

thats what makes it sooooo cool

[cpuguy83]

Yeah, I haven't been able to get ssh -X (or -Y) to work on boot2docker at all.
On a debian host I can, of course, get ssh -X to work, but keep getting auth errors trying to start an x11 app in a container :(
Too bad you can't just bind-mount the osx socket in, that'd be awesome.

[jessfraz]

now that would actually be straight up magic

On Fri, Oct 24, 2014 at 5:19 AM, Brian Goff notifications@github.com
wrote:

Yeah, I haven't been able to get ssh -X (or -Y) to work on boot2docker at
all.
On a debian host I can, of course, get ssh -X to work, but keep getting
auth errors trying to start an x11 app in a container :(
To bad you can't just bind-mount the osx socket in, that'd be awesome.

—
Reply to this email directly or view it on GitHub
#8710 (comment).

[slobo]

A somewhat crude way to do this:

Start socat to expose local xquartz socket on a TCP port

socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"

Pass the display to container (assuming virtualbox host is available on 192.168.59.3):

docker run -e DISPLAY=192.168.59.3:0 jess/geary

(This is insecure on public networks, add bind, su and range options to socat to limit access.)

[jessfraz]

Wow @slobo

1. I am so awesomely amazed with what you are trying to do here. And with my image :D :D :D
2. THIS IS AWESOME!!!!

[thaJeztah]

Oh, that's really cool!

[saulshanabrook]

In case anyone else is trying, these are my steps to get @slobo's method to work

brew install socat
brew cask install xquartz
open -a XQuartz

socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"
# in another window
docker run -e DISPLAY=192.168.59.3:0 jess/geary

[thiagoeliasr]

It's awesome. Thanks, @slobo

[Krijger]

Note that the $DISPLAY variable is set in the XQuartz shell. In my case, the value was /private/tmp/com.apple.launchd.HxHsgt3DEr/org.macosforge.xquartz:0

[slobo]

@Krijger did you run the socat command? That will open a TCP port 6000 to read/write from the XQuartz socket. Then you use docker -e DISPLAY=192.168.59.3:0 so that it uses the newly established TCP bridge, as you currently can't bind the raw socket into the VM.

Unless your installation is special, docker -e DISPLAY=192.168.59.3:0 should instruct X clients in docker to look for X server on 192.168.59.3 port 6000, which socat will then forward to XQuartz socket.

[Krijger]

@slobo yes, I ran the socat command. Only, I ran that in a shell where DISPLAY was not set, thus socat did not forward to the XQuartz socket. The shell inside of X11 does have this variable.
EDIT: after a system restart this variable is set in the normal shell as well (I installed xquartz with brew cask)

After realizing this I changed my question to you in a statement, but you probably replied directly from email and did not see that. Sorry for that.

[slobo]

Ah, makes sense. Cheers.

[Krijger]

Note that the ip for the display is not $(boot2docker ip), but the address of the vboxnet0 that you can find in ifconfig

vboxnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:00 
inet 192.168.59.3 netmask 0xffffff00 broadcast 192.168.59.255

[apatawari]

@slobo
No protocol specified
No protocol specified
Unable to init server: Could not connect: Connection refused

(geary:1): Gtk-WARNING **: cannot open display: 192.168.59.3:0
In my case, I am getting this error. What does this mean exactly?

[apatawari]

And on the socat screen,
socat[713] E connect(5, LEN=5 AF=1 "0.0", 5): No such file or directory
is the error.

[slobo]

It would seem that xquartz socket does not exist. Try starting xquartz manually and running the socat command from xterm that pops up.

[apatawari]

Actually, I realized that after posting the query. But still it gives the same error except no protocol specified is gone. I have attached the Image for the same.

[slobo]

Does "echo $DISPLAY" give you ":0" per chance? What if you try it in Terminal.app, do you get something that looks like file system path? If so, then try running socat from there. What we are trying to do is get socat to proxy traffic between TCP port and X11 unix socket, so we have to figure out the path to that socket on your system. On Linux it's often /tmp/.X11-unix/X0, but apple does some funky stuff with launch daemon to present a socket even when you don't have X11 installed so that they can inform you of missing XQuartz.

[apatawari]

Yes, In Xterm it does gave me ":0". In terminal app $DISPLAY=0.0, No file
system path, The former error which I got was while ran the socat in
Terminal.app. I did try few things in between, I think that might be the
reason may be it got corrupted. Is their any specific path that I can set
manually or should I try re-installing it.

Yes, In my linux system it did work out with direct docker command just by
mounting the path mounting.

Thanks

Best
Arihant

On Sun, Mar 1, 2015 at 3:03 PM, Slobodan Mišković notifications@github.com
wrote:

Does "echo $DISPLAY" give you ":0" per chance? What if you try it in
Terminal.app, do you get something that looks like file system path? If
so, then try running socat from there.

What we are trying to do is get socat to proxy traffic between TCP port
and
X11 unix socket, so we have to figure out the path to that socket on your
system. On Linux it's often /tmp/.X11-unix/X0, but apple does some funky
stuff with launch daemon to present a socket even when you don't have X11
installed so that they can inform you of missing XQuartz.

—
Reply to this email directly or view it on GitHub
#8710 (comment).

[slobo]

Try quitting xquartz and terminal.app, and then starting terminal.app again
and inspect $DISPLAY.

On March 1, 2015 3:35:16 PM Arihant Patawari notifications@github.com wrote:

Yes, In Xterm it does gave me ":0". In terminal app $DISPLAY=0.0, No file
system path, The former error which I got was while ran the socat in
Terminal.app. I did try few things in between, I think that might be the
reason may be it got corrupted. Is their any specific path that I can set
manually or should I try re-installing it.

Yes, In my linux system it did work out with direct docker command just by
mounting the path mounting.

Thanks

Best
Arihant

On Sun, Mar 1, 2015 at 3:03 PM, Slobodan Mišković notifications@github.com
wrote:

Does "echo $DISPLAY" give you ":0" per chance? What if you try it in
Terminal.app, do you get something that looks like file system path? If
so, then try running socat from there.

What we are trying to do is get socat to proxy traffic between TCP port
and
X11 unix socket, so we have to figure out the path to that socket on your
system. On Linux it's often /tmp/.X11-unix/X0, but apple does some funky
stuff with launch daemon to present a socket even when you don't have X11
installed so that they can inform you of missing XQuartz.

—
Reply to this email directly or view it on GitHub
#8710 (comment).

---

Reply to this email directly or view it on GitHub:
#8710 (comment)

[apatawari]

It remains the same $DISPLAY=0.0
It is also possible to set $DISPLAY variable right?

[jjvalent]

This worked for me, very awesome!!!

[tirrorex]

Hi folks, anyone managed to launch the image with cathode?
Here is the error :
http://pastebin.com/Ztz4awNb
Thanks for the working around on osx :)

[malex984]

The solution with socat may fail if your firewall is blocking incoming connections...

[JC1738]

This is great, any tips on getting sound to work?

Got spotify to come up without a problem, but no audio:

'''
docker run -it -e DISPLAY=192.168.59.3:0 -v /dev/snd:/dev/snd --privileged --name spotify jess/spotify
'''

[jessfraz]

hmmm sound on a mac in a vm... i dunno, depends on the os you are running
in the vm, if its boot2docker, i dont think that has like alsa or
pulseaudio ;)

On Tue, May 19, 2015 at 2:30 PM, JC notifications@github.com wrote:

This is great, any tips on getting sound to work?

Got spotify to come up without a problem, but no audio:

'''
docker run -it -e DISPLAY=192.168.59.3:0 -v /dev/snd:/dev/snd
--privileged --name spotify jess/spotify
'''

—
Reply to this email directly or view it on GitHub
#8710 (comment).

[xavriley]

I'm working on sound support at the moment but it's actually quite tough. The Dockerfile that builds the boot2docker iso file actually removes the sound drivers so it won't happen without a pull request or some serious hacking.

[Deleted user]

Socat (with something like glxgears) is terribly slow. Is there someway around using it or a way to improve the performance? The latency between input and visual output is about 4 seconds which is insane.

I'm looking for a way to run OpenGL applications that run on Linux to run without modification on Mac OS X.

[gzoller]

Following the socat/xquartz idea above, I fire up xquartz and in another window fire up docker passing the DISPLAY variable as shown (IP is the vboxnet0 one on ifconfig). In my docker I try to run eclipse and my docker session hangs (or eclipse is running?). On my host's terminal where I started xquartz I see this output:

2015/08/24 13:42:45 socat[13508] E connect(5, LEN=2 AF=1 "<anon>", 2): Invalid argument
2015/08/24 13:42:46 socat[13509] E connect(5, LEN=2 AF=1 "<anon>", 2): Invalid argument
2015/08/24 13:42:46 socat[13510] E connect(5, LEN=2 AF=1 "<anon>", 2): Invalid argument

Not sure what this means. This output occurred when I tried to run eclipse in the docker so the good news is that something is trying to do something. Any idea why its not working?

[qinwf]

I try this on Windows 10 without socat and with no pain, and it works!

Here is how it works:

1 . get Xming from http://sourceforge.net/projects/xming/ and install it. I installed it in C:\Xming

2 . GUI STYLE: open Xlaunch.exe

Sorry for some unknown characters on these pics, but I think you guys can get it.

CMD STYLE:

run Xming.exe :0 -multiwindow -clipboard -ac

3 . docker run -e DISPLAY=192.168.99.1:0 jess/firefox

4 . And boom.

[gzoller]

Thanks for the reply! Actually in frustration I just cold rebooted and it worked! I guess the DISPLAY variable wasn't being set on my host until I restarted.

Sent from my iPhone

On Aug 26, 2015, at 12:07 PM, Qin Wenfeng notifications@github.com wrote:

I try this on Windows 10 without socat and with no pain, and it works!

Here is how it works:

1 . get Xming from http://sourceforge.net/projects/xming/ and install it. I installed it in C:\Xming

2 . GUI STYLE: open Xlaunch.exe

Sorry for some unknown characters on these pics, but I think you guys can get it.

CMD STYLE:

run Xming.exe :0 -multiwindow -clipboard -ac

3 . docker run -e DISPLAY=192.168.99.1:0 jess/firefox

4 . And boom.

—
Reply to this email directly or view it on GitHub.

[n0mer]

@apatawari , i'm also getting 'no such file or directory'. Were you able to solve this?

[gzoller]

I'm afraid I didn't get that error. Is that on your docker window or socat window?

Sent from my iPhone

On Aug 26, 2015, at 8:21 PM, Nikolay Gorylenko notifications@github.com wrote:

@apatawari , i'm also getting 'no such file or directory'. Were you able to solve this?

—
Reply to this email directly or view it on GitHub.

[apatawari]

@n0mer , No, I could not solve this.

[n0mer]

@gzoller
error is in XQuartz's xterm; 192.168.99.1 is the IP address of vboxnet0

Firewall is disabled

[n0mer]

when socat is started from regular terminal (not XQuartz xterm)

UPDATE: @apatawari so after some digging around - here is the solution

XQuartz sets $DISPLAY variable during user log in sequence. So, complete restart (as it was done by @gzoller), although solves the problem, is overkill here - just log-off and then log-in again will be sufficient.

Even more, i suspect that XQuartz restart can be accomplished by some magic with launchctl - but i honestly do not know how to do this :)
Anyway, the point is that you should check whether socket file that $DISPLAY refers to actually exists.

In my case - i re-installed XQuartz, so i my env var was (still) pointing to old xquartz socket, but actual XQuartz was (alredy) using new socket file. Thus the error "no such file or directory'.

So the sequence that works:

step1. (IMPORTANT!)

run

socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"

in your regular iTerm.app / Terminal.app (not that one that pops after XQuartz start , becase that xterm has WRONG $DISPLAY variable value of ":0")

The point of this "step 1" (as @slobo mentioned) is to expose XQuartz socket file (that long file name that $DISPLAY refers to) as TCP port 6000

step2. run "docker run ..." command of choice

Terminal type does not matter here, this can be either xterm or your favourite shell iTerm.app/Terminal.app, because you're passing DISPLAY variable inside running docker container anyway.

docker run --rm --name spotify -e DISPLAY=192.168.99.1:0  jess/spotify

step3. run XQuartz

For me - it was not necessary, since "docker run ..." command will start XQuartz automatically.

Hope this helps.

[gzoller]

Hmm... perhaps something isn't installed correctly? I start socat first and see no output. If you do something isn't right, try a reinstall. I then start X and again see no output. If you see anything there (before starting your docker) something is wrong perhaps with the install. One clue is your echo $DISPLAY being :0. Mine is a long string of stuff. I did a cold restart and display was populated then it worked for me.

On Aug 26, 2015, at 9:56 PM, Nikolay Gorylenko notifications@github.com wrote:

when socat is started from regular terminal (not XQuartz xterm)

—
Reply to this email directly or view it on GitHub.

[n0mer]

@gzoller since GitHub says your reply was done by e-mail, you're replying to old version of my comment. Sorry, i edited it with UPDATE.

You're right - DISPLAY variable was set incorrectly. Thank you )

[luca-drf]

Hello! I've tried @n0mer method but I got an error. Here is the sequence:

1. run socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\" from iTerm
2. run docker run --rm base_distro -e DISPLAY=192.168.99.1:0 xeyes

(xeyes is installed on base_distro image)

Error:

Error response from daemon: Cannot start container 614a48db84c382a03a398d85cb1af866479d21b4befacac39dc060199ad151ef: [8] System error: exec: "-e": executable file not found in $PATH

DISPLAY is set to /private/tmp/com.apple.launchd.Pd9c5VkFmm/org.macosforge.xquartz:0

The network interface is:

vboxnet2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 0a:00:27:00:00:02
    inet 192.168.99.1 netmask 0xffffff00 broadcast 192.168.99.255

UPDATE: If I launch XQuartz before socat I get this error:

2015/09/13 15:07:54 socat[28945] E bind(5, {LEN=0 AF=2 0.0.0.0:6000}, 16): Address already in use

Am I missing something?
Thank you!

[thaJeztah]

System error: exec: "-e": executable file not found in $PATH

Docker is trying to run the -e executable; because you put the -e after the image name. You probably want to docker run --rm -e DISPLAY=.... base_distro xeyes

[luca-drf]

@thaJeztah You're very much right sir. It works! Thank you very much!

[priezz]

Hi all! I have a strange problem. When I try to run some GUI containers via docker (ex., docker run --rm --name spotify -e DISPLAY=192.168.64.1:0 jess/spotify) I get the following error in the X11 (!) window (the program name differs for sure):

Spotify is already running, but not responding. Please close it and try again

I get this error for spotify and for tor-browser. VLC runs fine. What can it be?

[cocodrino]

Hi guys, I'm a bit newbie with this and it's not clear for me how get it works under linux, I'm following these artics

http://blog.amosti.net/untitlrun-githubs-atom-editor-in-docker-aka-containers-on-the-desktoped/
https://blog.jessfraz.com/post/docker-containers-on-the-desktop/

but when I try run under linux I get

No protocol specified
QXcbConnection: Could not connect to display unix:0

I also try

socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"

in other windows I run
 sudo docker run -e DISPLAY=192.168.64.1:0 jess/geary

but although I don't get any error seems than nothing happens, not sure about this over linux where doesnt exist XQuartz...

thank you!...

[shiruba]

Hey folks, thanks for your awesome work.

I personally wanted to get rid of the socat dependency to make things easier and tinkered around with the XQuartz preferences. If you check Allow connections from network clients in XQuartz -> Preferences -> Security XQuartz opens port 6000 to do exactly the same as socat.

[carhartl]

@shiruba Anything else I would need to take care of? Did that, though running an ipython --pylab in a container gives me: "cannot connect to X server 192.168.99.1:0", whereas it works with the socat workaround...

netstat seems to look okay:

$ netstat -an |grep 6000
tcp4       0      0  *.6000                 *.*                    LISTEN     
tcp6       0      0  *.6000                 *.*                    LISTEN 

The ip 192.168.99.1 is the one I extracted from the vboxnet0 adapter, passing that as -e DISPLAY=$(ifconfig vboxnet0 | grep 'inet ' | cut -d' ' -f2):0

The socat workaround worked for me...

[carhartl]

xhost + seems to have done the trick for me...

[shiruba]

You are right, you have to explicitly enable access control in XQuartz (enable the "Authenticate connections" setting) and disable access control via xhost.

Or you could setup a proper XAuthority authentication.

My settings (sorry, German):

Also, check whether port 6000 is opened. XQuartz opened port 6001 on my computer, I don't know why. This equals port 6000 + display number, so I had to set my DISPLAY variable to 10.10.10.177:1.

[slobo]

Sure, if you prefer a non-rube-goldberg solution, you can point to an X server that's already listening on a TCP port.

[dschien]

@shiruba where did the 10.10.10.177 ip address come from? Is that your `en0?

[shiruba]

@dschien This is the ip from the bridge interface of the host, which is running the Docker daemon (with OS X its the default machine, with Linux its the host itself).

[ctaggart]

I wrote a detailed blog post just now using material gathered from this issue:
GNU Octave via Docker & X11

cc @ponsfrilus @VictoriaLynn

[matthieudelaro]

Now that Docker for Mac has been released, couldn't we do something as simple as what Jess shows about Linux on her blog https://blog.jessfraz.com/post/docker-containers-on-the-desktop/ ?

docker run -it \
    -v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket
    -e DISPLAY=unix$DISPLAY \ # pass the display
    jess/geary

I tried to mount the socket directly, but docker refuses to do so:

docker run -it \
    -v $DISPLAY:/tmp/.X11-unix \ # mount the X11 socket
    -e DISPLAY=/tmp/.X11-unix \ # pass the display
    jess/geary

It seems to be due to the colon in $DISPLAY:

docker: Error response from daemon: Invalid bind mount spec "/private/tmp/com.apple.launchd.aogNZRsTSx/org.macosforge.xquartz:0:/tmp/.X11-unix": volumeinvalidmode: invalid mode: "/tmp/.X11-unix".

But when I try to mount the parent folder of the socket, it fails as well: docker mounts the whole folder, but geary cannot use the socket:

docker run -it --rm --privileged -v /private/tmp/com.apple.launchd.aogNZRsTSx/:/tmp/test/ -e DISPLAY=/tmp/test/com.apple.launchd.aogNZRsTSx/org.macosforge.xquartz:0 jess/geary
Unable to init server: Could not connect: Connection refused

(geary:1): Gtk-WARNING **: cannot open display: /tmp/test/com.apple.launchd.aogNZRsTSx/org.macosforge.xquartz:0

Even though the socket has been mounted properly:

docker run -it --rm --privileged -v /private/tmp/com.apple.launchd.aogNZRsTSx/:/tmp/test/ -e DISPLAY=unix/tmp/test/com.apple.launchd.aogNZRsTSx/org.macosforge.xquartz:0 ubuntu
root@f16aeccf1d21:/# cd /tmp/test
root@f16aeccf1d21:/tmp/test# ls -la
total 55
drwx------ 3 root root  102 Mar 25 08:08 .
drwxrwxrwt 3 root root 4096 Mar 29 08:57 ..
srwxrwxrwx 1 root root    0 Mar 25 08:08 org.macosforge.xquartz:0

(I use ubuntu image here, because jess/geary image crashes before I get access to command line)

I also tried to mount the socket in Go with fsouza/go-dockerclient, and to allow network connections in xquartz settings, but it did not help.

[jessfraz]

It doesn't work like that still, it's still a "vm" using xhyve instead ;)

On Tuesday, March 29, 2016, matthieudelaro notifications@github.com wrote:

Now that Docker for Mac has been released, couldn't we do something as
simple as what Jess shows about Linux on her blog
https://blog.jessfraz.com/post/docker-containers-on-the-desktop/ ?

docker run -it
-v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket
-e DISPLAY=unix$DISPLAY \ # pass the display
jess/geary

I tried to mount the socket directly, but docker refuses to do so:

docker run -it
-v $DISPLAY:/tmp/.X11-unix \ # mount the X11 socket
-e DISPLAY=/tmp/.X11-unix \ # pass the display
jess/geary

It seems to be due to the colon in $DISPLAY:

docker: Error response from daemon: Invalid bind mount spec "/private/tmp/com.apple.launchd.aogNZRsTSx/org.macosforge.xquartz:0:/tmp/.X11-unix": volumeinvalidmode: invalid mode: "/tmp/.X11-unix".

But when I try to mount the parent folder of the socket, it fails as well:
docker mounts the whole folder, but geary cannot use the socket:

docker run -it --rm --privileged -v /private/tmp/com.apple.launchd.aogNZRsTSx/:/tmp/test/ -e DISPLAY=/tmp/test/com.apple.launchd.aogNZRsTSx/org.macosforge.xquartz:0 jess/geary
Unable to init server: Could not connect: Connection refused

(geary:1): Gtk-WARNING **: cannot open display: /tmp/test/com.apple.launchd.aogNZRsTSx/org.macosforge.xquartz:0

Even though the socket has been mounted properly:

docker run -it --rm --privileged -v /private/tmp/com.apple.launchd.aogNZRsTSx/:/tmp/test/ -e DISPLAY=unix/tmp/test/com.apple.launchd.aogNZRsTSx/org.macosforge.xquartz:0 ubuntu
root@f16aeccf1d21:/# cd /tmp/test
root@f16aeccf1d21:/tmp/test# ls -la
total 55
drwx------ 3 root root 102 Mar 25 08:08 .
drwxrwxrwt 3 root root 4096 Mar 29 08:57 ..
srwxrwxrwx 1 root root 0 Mar 25 08:08 org.macosforge.xquartz:0

(I use ubuntu image here, because jess/geary image crashes before I get
access to command line)

I also tried to mount the socket in Go with fsouza/go-dockerclient, and to
allow network connections in xquartz settings, but it did not help.

—
You are receiving this because you modified the open/close state.
Reply to this email directly or view it on GitHub
#8710 (comment)

Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3
pgp.mit.edu http://pgp.mit.edu/pks/lookup?op=get&search=0x18F3685C0022BFF3

[matthieudelaro]

Yes, but even though it is a "vm", I could mount the docker socket of the Mac into a container, and spawn containers from within. Any idea why it works for one, and not for the other?

[thaJeztah]

there's a special case for the docker socket; IIRC the socket in /var/run/docker.sock on your mac is proxied to the socket inside the VM

[matthieudelaro]

Too bad :(

Let's do a standalone program that emulates slobo's trick with socat then. My plan is to mimic socat on one hand, and to run the container on the other hand. I use the package net to forward (based on the source code of Vinzenz Feenstra), and adapted it a little bit to connect to a unix socket. I call it this way: ./forwarder/forwarder /sbin/ifconfig bridge100 | grep "inet " | cut -d\ -f2:6000 $DISPLAY. But does Docker for Mac always use bridge100? I thought about using the mDNS docker.local, but net does not resolve it:

// conn : incoming connection from the container
// which I run with:
// docker run -e DISPLAY=`/sbin/ifconfig bridge100 | grep "inet "  | cut -d\  -f2`:0 jess/geary
// (`/sbin/ifconfig en0 | grep "inet "  | cut -d\  -f2` returning the IP of the Mac on interface bridge100)
hosts, err := net.LookupAddr(conn.RemoteAddr().String())
log.Printf("%v, %s\n", err, hosts) // lookup 46.38.248.143.in-addr.arpa. on 143.248.1.177:53: no such host, []
hosts, err = net.LookupAddr("143.248.38.46")
log.Printf("%v, %s\n", err, hosts) // lookup docker.local on 143.248.1.177:53: no such host, []
hosts, err = net.LookupHost("docker.local")
log.Printf("%v, %s\n", err, hosts) // lookup docker.local on 143.248.1.177:53: no such host, []
ips, err := net.LookupIP("docker.local")
log.Printf("%v, %s\n", err, ips) // lookup docker.local on 143.248.1.177:53: no such host, []
ips2, err := net.LookupNS("docker.local")
log.Printf("%v, %s\n", err, ips2) // lookup docker.local on 143.248.1.177:53: no such host, []

Though I can get docker.local IP in command line:

$ ping docker.local
PING docker.local (192.168.64.8): 56 data bytes
64 bytes from 192.168.64.8: icmp_seq=0 ttl=64 time=0.402 ms

I tried to compile with the flag GODEBUG=netdns=cgo, but I did not notice any modification, I guess because the cgo-based resolver is used [...] when the name being looked up ends in .local or is an mDNS name. (from the doc). I tried mDNS libraries quickly, but without any result, and dropped it since net seems to handle it by default. Any idea why net cannot resolve docker.local?

[matthieudelaro]

I finished the tool to run GUI programs in Docker containers on the Mac.
I doesn't use socat, and there isn't any configuration to set with XQuartz (just install it).

Here is Geary on Mac:
(big GIF, wait for it...)

Thanks Jess for your Docker image :)

It's written in Go. It also works on Linux. Windows is in the roadmap. And it will be open source soon.

[thaJeztah]

@matthieudelaro is that on "Docker for Mac" or with VirtualBox?

[matthieudelaro]

Docker for Mac

[thaJeztah]

@matthieudelaro that's cool! Very nice

[avsm]

@matthieudelaro awesome! Would love to see it; I've got an SSH agent forwarding container that works on D4Mac, so that+your GUI forwarder makes for an excellent dev environment... https://github.com/avsm/docker-ssh-agent-forward

[matthieudelaro]

Thanks! @avsm Yes, it does :)

[priezz]

@matthieudelaro, is GLX working with your solution? Is it possible to try the tool?

Actually it is not hard to run GUI app, it's hard to make it run fast...

xhost +192.168.65.1 # replace it with your local bridge interface ip
docker run -it -e DISPLAY=192.168.65.1:0 jess/tor-browser

[matthieudelaro]

Yes you can try the tool: I just made it open source :)
matthieudelaro.github.io/nut/ Develop in containers, Run GUI apps, Share dev environments!
I tested it on Docker for Mac and Linux.

[priezz]

@matthieudelaro, thanks, the tool is nice. However it suffers from the same GLX problem as every other known solution (gears demo runs hundreds times slower than running natively /opt/X11/bin/glxgears). You can try with tianon/glxgears image.

libGL error: No matching fbConfigs or visuals found
libGL error: failed to load driver: swrast

[matthieudelaro]

hum... Unfortunately I don't know much about GLX.
Do you think it might help to mount GPUs in the container? Because on Linux I've been running deep learning algorithms on GPU inside a container without any performance issue (docker run .... --device="/dev/nvidia0:/dev/nvidia0", and so on for all ls /dev/ | grep nvidia)

[priezz]

That could be a solution, please try. However, I always assumed, that GLX commands are to be processed on the X server, not client, so attaching GPU device to the container (client) should not give any affect. But probably I am mistaken. As for the GPU device, it seems it is not in the /dev under OS X, so I have no idea how to attach it to docker...
I assume that the problem can be in runnin X session through the ip connection, not through the unix socket. Do you know the way to use the /private/tmp/com.apple.launchd.<some_id>/org.macosforge.xquartz:0 socket (directly, w/o socat) instead of ip?

[matthieudelaro]

I'll try on Linux, but I don't have any GPU on my Mac, so this one will have to wait.
I tried many things to mount this UNIX socket, but as far as I know, it is simply not possible with Docker for Mac yet to mount a UNIX socket in the VM. (The docker socket is an exception.)

[priezz]

I don't have any GPU on my Mac

​Not possible, you should have one ☺ I assume it is the integrated GPU like Intel HD 4000 or similar​ (find it in "About this Mac...").

[matthieudelaro]

Yes you're right, I meant I don't have a dedicated graphic card, and I don't expect to find it on the file system like Nvidia cards on Linux. Unfortunately, with Docker for Mac, I doubt we could mount the device even if we were to find, for the same reason as for UNIX sockets. @thaJeztah is there device support on Docker for Mac?

[justincormack]

No there is no device passthrough support.

I am not sure that is the issue with GL though, looks like XQuartz is not
supporting the needed extensions. Maybe they can be added upstream?
On 19 Apr 2016 11:19 am, "matthieudelaro" notifications@github.com wrote:

Yes you're right, I meant I don't have a dedicated graphic card, and I
don't expect to find it on the file system like Nvidia cards on Linux.
Unfortunately, with Docker for Mac, I doubt we could mount the device even
if we were to find, for the same reason as for UNIX sockets. @thaJeztah
https://github.com/thaJeztah is there device support on Docker for Mac?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#8710 (comment)

[priezz]

XQuartz ​ has extensions for sure. When running the `glxge​ars` demo w/o docker it works well.

[johnjelinek]

@matthieudelaro: have you shipped a binary for us to try with yet?

[thaJeztah]

@johnjelinek see https://github.com/matthieudelaro/nut

[matthieudelaro]

@johnjelinek: After compiling nut, you can run geary using the following example : https://github.com/matthieudelaro/nut/tree/master/examples/geary.
Go in the folder and run nut geary.

[lucj]

Using @slobo / @saulshanabrook approach with socat, I got the notary error. Any idea of the pb ?

$ docker run jess/geary
docker: notary.docker.io does not have trust data for docker.io/jess/geary.
See 'docker run --help'.

[Deleted user]

I kept getting an empty DISPLAY variable despite turning off the firewall, re-installing XQuartz (and restarting) and enabled X11Forwarding in sshd config file. This was fixed by putting XQuartz in startup items of OS X: https://www.reddit.com/r/osx/comments/y6e59/xquartz_and_apparently_incorrectly_set_display/c5sshzq. Hope this helps!

[ikabar-tracxpoint]

I still can't get my container to work.
Running socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\" result in
socat[54880] E bind(5, {LEN=0 AF=2 0.0.0.0:6000}, 16): Address already in use

To run my container I use:
sudo docker run -i -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=unix$DISPLAY --privileged --volumes-from data-container-persistence --name mycont company/container

I'm using MacBookPro with MacOS 10.12.1

I searched the web for a solution but everywhere redirect me here. Can someone help ?
Thanks, Ika.

[Tset-Noitamotua]

@qinwf Thanks for Windows 10 hint. It worked for me, too. But I did it a bit different:

1. choco install xming
2. put Xming.exe on PATH
3. Xming.exe :0 -multiwindow -clipboard -ac -from 192.168.178.21 (network IP of my host)
4. docker run -e DISPLAY=192.168.178.21:0 jess/firefox

It's a bit laggy but works. so cool! Though some errors appear in the console

(firefox:1): Gtk-WARNING **: Locale not supported by C library.
        Using the fallback 'C' locale.
process 1: D-Bus library appears to be incorrectly set up; failed to read machine uuid: Failed to open "/etc/machine-id": No such file or directory

Any ideas on how to enhance performance of the container and to avoid the errors?

Cheers
Tset

[marcelmfs]

@ikabar-tracxpoint you probably have something else allocating the network port, use:
lsof -i TCP:6000 to figure out which process is holding the socket, and if you'd like to, kill the PID.

[ikabar-tracxpoint]

Hi @marcelmfs.

If I run XQuartz than I have:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
X11.bin 20702 ikabar 11u IPv6 0x84a809611258619d 0t0 TCP *:6000 (LISTEN)
X11.bin 20702 ikabar 12u IPv4 0x84a809611cf250a5 0t0 TCP *:6000 (LISTEN)

If I kill XQuartz I have nothing.

[krab-skunk]

@ikabar-tracxpoint I had the same problem as you and i made it work as follow:

Close xQuartz.

IN a normal terminal, run as follow:

socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"

You can put it in a screen session
Still in a normal terminal, enter:

docker run -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=<PUT YOUR IP HERE>:0 jess/firefox
It take time to boot xquartx, and voila, it should work fine

Good luck

[ikabar-tracxpoint]

@steve-heslouin I need to buy you a beer!

Well, I did manage based on other similar answers to get jess/firefox running but had a problem with my container.

But following your comment I started digging more and found that the root cause for me was using the latest version of XQuartz. (This is a mac issue).
When downgrading to XQuartz 2.7.8 things started to work.

[krab-skunk]

@ikabar-tracxpoint
Anytime for the beer, i accept delivery :P

Regarding XQuartz, I'm running 2.7.11 (latest version) on latest release of Sierra and so far so good

[lukaslueg]

I've got a Dockerfile in my dotfiles that gives me a blank throwaway box with all my beloved shell settings. On MacOS, I have the following shell-function that (re-) builds the image, starts socat to pass X11 to quartz (think firefox), starts a new shell, and throws everything away (including socat) when I quit.

boxxed_quartz() {
    docker build -t fedora_boxxed:latest - < $HOME/.dotfiles/fedora_boxxed
    socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\" & SOCAT_PID=$!
    docker run -w /root -v $HOME/.dotfiles:/root/.dotfiles:ro -e TERM=$TERM -e DISPLAY=$(ifconfig vboxnet0 | grep "inet" | cut -d " " -f 2):0 --rm=true -it fedora_boxxed
    kill $SOCAT_PID
}

[Integralist]

I'm having issues with this.
I'm trying to get to a point where I can yank something from Vim (inside the container).
And have the yanked text end up on both the linux clipboard and the host (macOS) clipboard.

I have the following Makefile which copies my vim directory and vimrc into the docker build context, then builds an image with vim installed and then runs the container (it fires up xquarts and socat before it runs):

copy_vim_files:
	@if [ ! -d "./.vim" ]; then cp -r "$$HOME/.vim" ./.vim; fi
	@if [ ! -f "./.vimrc" ]; then cp "$$HOME/.vimrc" ./.vimrc; fi

remove_vim_files:
	@rm -rf ./.vim
	@rm ./.vimrc

xquart:
	@if [[ $(shell ls /Applications/Utilities/ | grep -c XQuartz) -lt 1 ]]; then echo Installing XQuartz && brew install Caskroom/cask/xquartz; else echo XQuartz already installed; fi
	@if [[ $(shell echo $(shell ps aux | grep -ic '/Applications/Utilities/XQuartz.app')) -lt 3 ]]; then echo Opening XQuartz && open -a XQuartz; else echo XQuartz is already running; fi

socat:
	@if [[ $(shell echo $(shell brew list | grep -ic socat)) -lt 1 ]]; then echo Installing Socat && brew install socat; else echo Socat already installed; fi
	@if [[ $(shell echo $(shell ps aux | grep -ic socat)) -lt 4 ]]; then echo "Opening Socat as a background process" && (socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$$DISPLAY\" &); else echo Socat is already running; fi
	@echo "Don't forget to kill the socat process when you're done!" # TODO: try storing process id with $!

build: copy_vim_files
	@docker build -t python-container-with-vim .

run: xquart socat build
	$(eval IP := $(shell ifconfig vboxnet0 | grep "inet" | cut -d " " -f 2))
	@docker run -it --rm=true -e TERM=$$TERM -e DISPLAY=$(IP):0 -v "$$(pwd)":/app -v /tmp/.X11-unix:/tmp/.X11-unix python-container-with-vim /bin/bash

clean: remove_vim_files
	-@docker rmi -f python-container-with-vim &> /dev/null || true

rebuild: clean run

Here's my Dockerfile:

FROM python:3.6.1

WORKDIR /tmp

RUN apt-get update -y
RUN apt-get install -y git xclip
RUN git clone https://github.com/vim/vim.git && cd vim && ./configure && apt install ncurses-dev && make && make install

ADD ./requirements.txt /app/requirements.txt
RUN pip install -r /app/requirements.txt

COPY .vim /root/.vim
COPY .vimrc /root/.vimrc

WORKDIR /app

Note: my .vimrc is setup to use set clipboard+=unnamed

But when I run the container and try to check that xclip works, I get an error:

xclip -selection clipboard < app.py
2017/04/12 10:26:11 socat[61346] E connect(5, LEN=2 AF=1 "<anon>", 2): Invalid argument Error: Can't open display: 10.51.50.1:0

Does anyone know how I can fix that error, and then beyond that how to get the linux clipboard contents onto my host clipboard?

[dragon788]

@Integralist Completely theoretical untested possibly unhinged theory, but does running a docker exec <container> <command> in a subshell outside the container and piping the result of the subshell over to pbcopy on OSX work?

So assuming you've "yanked" inside the vim window in the container, then calling the command $(docker exec myvimcontainer xclip -o) should write to stdout, so if you add | pbcopy it should end up in your OSX clipboard?

$(docker exec myvimcontainer xclip -o) | pbcopy

You could also try specifying a different display to xclip though I'm not sure it will "see" across the connection from the container to the host.

[ksylvan]

This discussion was SUPER useful! After brew cask install xquartz and starting XQuartz:

In the xterm shell, I do this:

$ docker -v
Docker version 17.06.0-ce, build 02c1d87
$ socat TCP-LISTEN:6001,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\" &
[1] 55121
$ docker run -d --rm -e HOME=$(pwd) -e XAUTHORITY=/tmp/xauth \
  -v ~/.Xauthority:/tmp/xauth \
  -e DISPLAY=$(ifconfig en4 | grep 'inet '|awk '{print $2}'):1 \
  --net host -v $(pwd):$(pwd) kayvan/scidvspc

And I have the scidvspc GUI working perfectly. Thank you all!

[kbroughton]

The magic for me was the above, swap en4 for en13. ifconfig and try one of the ones that thas 'inet ' that is a space, not a number. Then i changed :1 to :0 and voila!

docker run -it -e HOME=$(pwd) -e XAUTHORITY=/tmp/xauth -v 
/Users/kbroughton/.Xauthority:/tmp/xauth -e DISPLAY=$(ifconfig en13 | grep 'inet '|awk '{print 
$2}'):0 --net host -v $(pwd):$(pwd) 3a29 bash

[thom-nic]

I've found using xhost is the easiest way to do this, as long as mounting the unix socket from MacOS is a no-go. It was mentioned above but I wanted to give a more complete example.

First, run XQuartz and open the pref pane. On the Security tab, make sure Allow connections from network clients is enabled. If it was not already checked, you probably need to quit and restart XQuartz.

Now from a mac terminal, run:

open -a XQuartz
xhost + $(hostname)      # this must be called after starting xquartz

docker run --rm -it -e DISPLAY=$(hostname):0 openmicroscopy/octave \
    --eval "graphics_toolkit gnuplot;plot(rand(10));pause"   # this is just an example to show X11 working

If the above doesn't work, try this instead:

IFACE=en4       # change this to whatever your active interface is
IP=$(ifconfig $IFACE | grep inet | awk '$1=="inet" {print $2}')
xhost + $IP       # The '+' is important!

# now run docker as above, substitute `-e DISPLAY=$IP:0`

[jay-hankins]

Note that, if you have trouble finding the correct IP, docker.for.mac.host.internal is routable from the container networks, so setting it as the DISPLAY variable inside the container works without trying to track down the appropriate interface's IP.

[thom-nic]

@jay-hankins I tried both DISPLAY=tcp:docker.for.mac.host.internal:0 and DISPLAY=192.168.65.2:0. I suspect the problem lies in what do you use for xhost + $IP on the MacOS side? I tried xhost + 192.168.65.2 but that did not work, I can't open a display from inside the container unless I use the public hostname or IP.

[jay-hankins]

@thom-nic Sorry, should have clarified; I use the socat method, not the xhost method. I tried a few different things but xhost never seemed to work.

So, here's what works for me on mac OS High Sierra 10.13.3:

$ socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\" & 
$ docker run -e DISPLAY=docker.for.mac.host.internal:0 jess/tor-browser

As I said, docker.for.mac.host.internal is only known to the client containers, so something like xhost +$(docker.for.mac.host.internal) wouldn't work.

[tateman74]

Hey Guys,

Is there still momentum on this? I realize this thread is nearly 4 years old. But, I can also see extremely valid use cases of serving UIs from containers as does everyone else here.

I'm doing all of the above with Docker 18.0.3, a recent socat version, XQuartz 2.7.11 and OSX 10.13.3.

I've tried @jessfraz's chrome, firefox, slack, etc, etc and all of them are basically unusable.

Piergiorgio Niero's demo of getting GPU support into the container is a pretty cool read:
https://medium.com/@pigiuz/hw-accelerated-gui-apps-on-docker-7fd424fe813e

Seems to get GLXGears going much faster on the GL side. It's obviously super impressive that he's running Blender in a container. I'm guessing I'm not going to be getting a fantastic render of Gangnam Style Doom - (credit Playcanvas guys - you're AWESOME):
https://playcanv.as/b/abx8Go4g/

Am I just an idiot? Don't answer that! 😀
Is anyone seeing near perfect performance from say Firefox or Chrome in containers streaming through X11?

Should I try the xhost route instead? Are we seeing similar results on Windows with Windows containers?

Thanks for any advice.

Steven

[galderz]

I've tried @jessfraz's chrome, firefox, slack, etc, etc and all of them are basically unusable.

I've tried slack but it's way too slow for me too :(