GUI app in Docker container

l0b0 · March 7, 2024, 7:04am

Has anyone been able to use dockerTools to run a GUI application? This just results in no stdout and no window. Using some tips from @K900 and this I got this far:

let
  sources = import ./nix/sources.nix;
  pkgs = import sources.nixpkgs {};
in
  pkgs.dockerTools.buildImage {
    name = "firefox-devedition";
    tag = "latest";

    copyToRoot = pkgs.buildEnv {
      name = "image-root";
      paths = [
        pkgs.firefox-devedition-bin
      ];
      pathsToLink = ["/bin"];
    };

    config = {
      Cmd = [
        "/bin/firefox-developer-edition"
      ];
    };
  }

Running docker load < $(nix-build container.nix) && docker run --env=XDG_RUNTIME_DIR=/tmp "--env=WAYLAND_DISPLAY=${WAYLAND_DISPLAY}" --volume="${XDG_RUNTIME_DIR}/${WAYLAND_DISPLAY}:/tmp/${WAYLAND_DISPLAY}" "--user=$(id --user):$(id --group)" firefox-devedition gets part of the way, but Firefox crashes:

[Parent 1, Main Thread] WARNING: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed: 'glib warning', file /builds/worker/checkouts/gecko/toolkit/xre/nsSigHandlers.cpp:167

(firefox-aurora:1): Gtk-CRITICAL **: 07:35:47.170: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed
[Parent 1, Main Thread] WARNING: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed: 'glib warning', file /builds/worker/checkouts/gecko/toolkit/xre/nsSigHandlers.cpp:167

(firefox-aurora:1): Gtk-CRITICAL **: 07:35:47.170: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed
[Parent 1, Main Thread] WARNING: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed: 'glib warning', file /builds/worker/checkouts/gecko/toolkit/xre/nsSigHandlers.cpp:167

(firefox-aurora:1): Gtk-CRITICAL **: 07:35:47.170: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed
ExceptionHandler::GenerateDump cloned child 20
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
ExceptionHandler::WaitForContinueSignal waiting for continue signal...

The result so far.

monotux · March 7, 2024, 8:49am

I’ve used a few containers with graphical applications in them, but all of them relied on VNC to run.

l0b0 · March 7, 2024, 9:29am

Anything that works, works. Do you have a reference/example?

monotux · March 9, 2024, 9:03am

jlesage publishes a few containers which uses VNC for graphical access. I’ve used them for ripping my DVD collection and transcoding them, has been great!

wr7 · May 2, 2024, 10:55pm

For anyone who finds this on google, there’s a way to directly use X11 through docker/podman. I use podman, but you can probably just replace the podman in the commands with docker.

You shouldn’t have to do anything special with your default.nix file, but here’s what I’ve tested this with

{ pkgs ? import <nixpkgs> {} }:

let inherit (pkgs) stdenv; in

pkgs.dockerTools.buildNixShellImage {
  name = "docker-test";
  tag = "a";

  drv = pkgs.mkShell {
    packages = [pkgs.firefox]; # Using firefox as a test/example

    shellHook = '' # Optional (just to make the ls command look nicer)
      alias ls="ls --color=tty"
    '';
  };
}

Run the container with

xhost +local:users && podman run -it --env DISPLAY=$DISPLAY --volume /tmp/.X11-unix:/tmp/.X11-unix localhost/docker-test:a

As for firefox, a few things still don’t work with it though. Namely audio and https. I’ve gathered all of my information from loosely following this article which also has information on how get sound to work.