Hey, I have finished implementing basic XPRA support in subuser. I haven't worked on getting mmap working yet, but I will do so shortly. I am currently planning the release of subuser 0.3 which will add XPRA support. You can read my draft press release here: http://subuser.org/news/0.3.html
I have run into one problem, which is that when I launch the xpra server in a container the DPI isn't set correctly or something. Take a look at this screen shot of the Arduino IDE for example: http://timothy.hobbs.cz/arduino.png You see the size of the text in the menu? Obviously I am going to have to transfer DPI info to xpra from the host. How should I go about doing that? Thank you, Timothy Hobbs On Mon, Jul 20, 2015 at 09:46:44AM +0700, Antoine Martin wrote: > I think the wiki could do with some improvements with regards to running > xpra with containers (feel free to edit), until then: > * make sure mmap is enabled (and you can even use a trimmed down build > without any video codecs, which is much safer) > * disable compression > The performance should be very close to native, if not then something is > not setup right. > > Cheers > Antoine > It appears that I have fixed my imediate problem. I was sharing > /tmp/.X11-unix using docker volumes, and I needed to run chmod 1777 > /tmp/.X11-unix on it to get the permissions the way Xorg wants them :) > > Tim > > On Sat, Jul 18, 2015 at 10:08:25PM +0200, Timothy Hobbs wrote: > > Dear list, > > > > I am the creator of subuser.org. Subuser is a free open source software > project (LGPL3) which aims to allow a person to run desktop applications > inside Docker containers. Subuser has several aims. One is to make it > easier to publish desktop applications on linux by improving portability. > Another is to make the desktop more secure by containing those desktop > applications within their respective containers. > > > > Right now, the seccond goal is not met. Desktop applications communicate > with the host's X11 server by sharing the /tmp/.X11-unix folder with it. > This works well, but is completely insecure. I have been waiting for > wayland to come out in order to provide a secure solution. However, spurred > on by the success of OZ, written by subgraph.com I have begun to reconsider > xpra as an intermediate option. > > > > As I want to maintain portability and ease of creating subuser Docker > images, I do not wish to install the xpra server in each Docker image which > contains a desktop application. In order to maintain this sepparation of > requirements, I have come up with the following architecture involving 3 > containers: > > > > ------------- ------------- > > |desktop app| <--/tmp/.X11-unix--> |xpra server| Untrusted > > ------------- ------------- > > ^ > > | ~/.xpra > > v > > ------------- ------------- > > | host | <--/tmp/.X11-unix--> |xpra client| Trusted > > ------------- ------------- > > > > This allows me to run 3 containers. > > > > 1) contains the untrusted desktop application > > 2) contains an untrusted xpra server > > 3) contains a trusted xpra client > > > > I can use an up-to-date version of xpra, as I do not need to have xpra > installed on the host. > > > > The only problem, is that when I run > > > > $ xpra start :100 --start-child=xterm > > > > I don't end up with a unix domain socket in the xpra server's > /tmp/.X11-unix directory. This is despite the fact that I have -nolisten > tcp set in xpra.conf: > > > > xvfb=Xorg -dpi 96 -noreset -nolisten tcp +extension GLX +extension RANDR > +extension RENDER -logfile ${HOME}/.xpra/Xorg.${DISPLAY}.log -config > /etc/xpra/xorg.conf > > > > I am confused as to why this is happening, and how I can get a unix > domain socket to work with. I cannot use a UDP socket due to the > difficulties of sharing UDP sockets between containers. > > > > I have been testing this settup on xpra version 0.14.10 > > > > Thank you in advance for your help, > > > > Timothy Hobbs > > _______________________________________________ > > shifter-users mailing list > > [email protected] > > http://lists.devloop.org.uk/mailman/listinfo/shifter-users > _______________________________________________ > shifter-users mailing list > [email protected] > http://lists.devloop.org.uk/mailman/listinfo/shifter-users _______________________________________________ shifter-users mailing list [email protected] http://lists.devloop.org.uk/mailman/listinfo/shifter-users
