GUI app in Docker container

Has anyone been able to use dockerTools to run a GUI application? This just results in no stdout and no window. Using some tips from @K900 and this I got this far:

let
  sources = import ./nix/sources.nix;
  pkgs = import sources.nixpkgs {};
in
  pkgs.dockerTools.buildImage {
    name = "firefox-devedition";
    tag = "latest";

    copyToRoot = pkgs.buildEnv {
      name = "image-root";
      paths = [
        pkgs.firefox-devedition-bin
      ];
      pathsToLink = ["/bin"];
    };

    config = {
      Cmd = [
        "/bin/firefox-developer-edition"
      ];
    };
  }

Running docker load < $(nix-build container.nix) && docker run --env=XDG_RUNTIME_DIR=/tmp "--env=WAYLAND_DISPLAY=${WAYLAND_DISPLAY}" --volume="${XDG_RUNTIME_DIR}/${WAYLAND_DISPLAY}:/tmp/${WAYLAND_DISPLAY}" "--user=$(id --user):$(id --group)" firefox-devedition gets part of the way, but Firefox crashes:

[Parent 1, Main Thread] WARNING: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed: 'glib warning', file /builds/worker/checkouts/gecko/toolkit/xre/nsSigHandlers.cpp:167

(firefox-aurora:1): Gtk-CRITICAL **: 07:35:47.170: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed
[Parent 1, Main Thread] WARNING: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed: 'glib warning', file /builds/worker/checkouts/gecko/toolkit/xre/nsSigHandlers.cpp:167

(firefox-aurora:1): Gtk-CRITICAL **: 07:35:47.170: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed
[Parent 1, Main Thread] WARNING: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed: 'glib warning', file /builds/worker/checkouts/gecko/toolkit/xre/nsSigHandlers.cpp:167

(firefox-aurora:1): Gtk-CRITICAL **: 07:35:47.170: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed
ExceptionHandler::GenerateDump cloned child 20
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
ExceptionHandler::WaitForContinueSignal waiting for continue signal...

The result so far.

I’ve used a few containers with graphical applications in them, but all of them relied on VNC to run.

Anything that works, works. Do you have a reference/example?

jlesage publishes a few containers which uses VNC for graphical access. I’ve used them for ripping my DVD collection and transcoding them, has been great!