LinuxCommandLibrary

x11docker

Run graphical applications in isolated Docker containers

TLDR

Launch VLC in a container

$ x11docker --pulseaudio --share=[$HOME/Videos] [jess/vlc]
copy

Launch Xfce in a window
$ x11docker --desktop [x11docker/xfce]
copy

Launch GNOME in a window
$ x11docker --desktop --gpu --init=[systemd] [x11docker/gnome]
copy

Launch KDE Plasma in a window
$ x11docker --desktop --gpu --init=[systemd] [x11docker/kde-plasma]
copy

Display help
$ x11docker --help
copy

SYNOPSIS

x11docker [options] image [command]

PARAMETERS

--help
    Show help message and exit.

--version
    Show version and exit.

--verbose
    Increase verbosity for debugging.

--graphics
    Specify the graphics backend: xorg (default), xvfb, wayland, none.

--desktop
    Run a desktop environment (like XFCE, KDE, GNOME) from the image.

--pulseaudio
    Enable PulseAudio support for audio.

--xpra
    Enable Xpra support for audio and better network performance.

--sharedir :
    Share a directory between the host and the container.

--home
    Mount host's home directory into the container.

--security
    Set the security profile: basic (default), relaxed, docker, none.

--root
    Run the container as root user (not recommended for security reasons).

DESCRIPTION

x11docker simplifies running graphical (GUI) applications within Docker containers, seamlessly integrating them with the host's X11 display server.

It handles complex configuration, like setting up X11 forwarding, shared memory access, and audio configurations (PulseAudio or Xpra) to ensure smooth operation. This allows you to isolate applications within a secure container environment while still providing a native-like GUI experience.

x11docker can be used to run specific applications, full desktop environments or provide other remote connections like RDP or VNC from inside a docker container, preventing conflicts with the host system or other applications. It offers robust security options to protect the host system from potentially malicious containers, providing a safer alternative to directly running untrusted applications.

CAVEATS

Some Docker images may require specific environment variables or configurations to run correctly with X11 forwarding. Ensure the Docker image contains the necessary dependencies for the GUI application.

SECURITY

x11docker emphasizes security by default. The 'basic' security profile limits the container's access to the host system. Consider using stronger security profiles if running untrusted applications. Avoid running containers as root unless absolutely necessary.

NETWORKING

Network configuration inside the container might affect graphical applications. Check the application's network settings, firewall rules or DNS configuration inside the container if you experience network problems.

SEE ALSO

docker(1), xinit(1), xpra(1)

Copied to clipboard