Discussion on running X11 applications from within LXD system containers

With LXD, you can create system containers. These system containers are similar to virtual machines, while at the same time they are very lightweight.

In a VM, you boot a full Linux kernel and you run your favorite Linux distribution in a virtualized environment that has a fixed disk size and dedicated allocation of RAM memory. To get a graphics application to run in a VM, you need a virtualized GPU, such that will have hardware accelerated access to the host graphics driver.

In contrast, in a system container, you keep using the running Linux kernel of the host, and you just start the container image (runtime, aka rootfs) of your favorite Linux distribution. Your container uses as much disk space are needed from a common storage, and the same goes with the memory (you can also put strict restrictions, if you need). To get a graphics application to run in a container, you need to pass a Unix socket of your existing X server (or a new isolated X server).

In this post we are going to discuss the details of running X11 applications from within a LXD system container. There are a few different ways, so we explain them here.

  1. The X11 application in the container accesses the host’s X server through a network protocol. For example, connecting from the host to the container with ssh -X ... for X11 forwarding.
  2. The X11 application in the container uses directly the X server of the host (by having access to the X Unix socket or X port). It is easy to setup, with GPU acceleration, but you do not get isolation between the container and the host. I have written several tutorials on this.
  3. The X11 application in the container use a separate X server running on the host (such as xpra, Xephyr). There is isolation between the container and the host. You may have GPU acceleration with this. I have not written a tutorial yet.
  4. The container starts its own X server on the computer. There is a post for LXC using a privileged container but not for LXD yet.
  5. Using X2Go in the container to run either individual X11 applications or even a full desktop. You need to install X2Go components both on the container and the host. There is isolation but there is no GPU acceleration.

Updates

  1. Initial post.

Permanent link to this article: https://blog.simos.info/discussion-on-running-x11-applications-from-within-lxd-system-containers/

5 comments

1 ping

Skip to comment form

    • Oz Dror on April 19, 2020 at 02:15
    • Reply

    I have been using lxc container with its own arch X11 server. The ubuntu (20.04) uses VT(1-5) and Arch VT (7-8). Each needs at leas 2 VTs. One for GDM and one for the user. I had to make a minor change to GDM and recompile it.

    I would like to switch to lxd. I am assuming that I’ll need to have a privileged container (is that correct?). Did any one try that or it is not possible to do. Basically I’d to share any device with the container. tty 5-9, mouse and keyboard etc ? sound devices. Is it possible?

    What about Wayland+Nvidia display server + gdm with lxc or LXD. Is that possible?

    Any help /ideas will be appreciated.

    1. Hi! Do you have a writeup that shows how to use LXD for this? It would help tremendously to adapt for LXD.
      LXD has built-in facilities to share resources from the host to the container, therefore, it should be feasible.

      I hope it is possible to do with an unprivileged container.

    • Oz Dror on April 26, 2020 at 18:48
    • Reply

    I am in a process of converting the lxc container. I’ll be trying privileged and non privileged. Did not try the X11-server yet.

    • Axel on November 5, 2020 at 16:08
    • Reply

    Hello Oz,
    do you have some more information yet to get this working?

    Thanks

      • Oz Dror on November 9, 2020 at 01:04
      • Reply

      Yes. Basically it works with the nvidia driver. You need to install cuda in the host. The version of the nvidia driver needs to be matched in the host and in the container. If you want to used gdm. You need to recompile it with this option “-D initial-vt=9” to avoid conflict with vt1 you also need to allow access to many devices. Also you probably want to cancel the getty process to tty1-10. It is basically disabling one of the getty systemd units. This is important if you want the host to start at boot. I can send you my config file if you want.

      for example
      I have ubuntu host gdm running in vt1 and arch container gdm in vt9. When I start a gdm session with either one, it will peak without any conflicts one of the unused vt2 to vt7. The Arch container is actually my working computer. Ubuntu is a host and a backup.

  1. […] Discussion on running X11 applications from within LXD system containers […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: