x11docker
Run graphical applications in isolated Docker containers
TLDR
Launch VLC in a container
Launch Xfce in a window
Launch GNOME in a window
Launch KDE Plasma in a window
Display help
SYNOPSIS
x11docker [options] image [command]
PARAMETERS
--help
Show help message and exit.
--version
Show version and exit.
--verbose
Increase verbosity for debugging.
--graphics
Specify the graphics backend: xorg (default), xvfb, wayland, none.
--desktop
Run a desktop environment (like XFCE, KDE, GNOME) from the image.
--pulseaudio
Enable PulseAudio support for audio.
--xpra
Enable Xpra support for audio and better network performance.
--sharedir
Share a directory between the host and the container.
--home
Mount host's home directory into the container.
--security
Set the security profile: basic (default), relaxed, docker, none.
--root
Run the container as root user (not recommended for security reasons).
DESCRIPTION
x11docker simplifies running graphical (GUI) applications within Docker containers, seamlessly integrating them with the host's X11 display server.
It handles complex configuration, like setting up X11 forwarding, shared memory access, and audio configurations (PulseAudio or Xpra) to ensure smooth operation. This allows you to isolate applications within a secure container environment while still providing a native-like GUI experience.
x11docker can be used to run specific applications, full desktop environments or provide other remote connections like RDP or VNC from inside a docker container, preventing conflicts with the host system or other applications. It offers robust security options to protect the host system from potentially malicious containers, providing a safer alternative to directly running untrusted applications.
CAVEATS
Some Docker images may require specific environment variables or configurations to run correctly with X11 forwarding. Ensure the Docker image contains the necessary dependencies for the GUI application.
SECURITY
x11docker emphasizes security by default. The 'basic' security profile limits the container's access to the host system. Consider using stronger security profiles if running untrusted applications. Avoid running containers as root unless absolutely necessary.
NETWORKING
Network configuration inside the container might affect graphical applications. Check the application's network settings, firewall rules or DNS configuration inside the container if you experience network problems.