Discussion on running X11 applications from within LXD system containers

With LXD, you can create system containers. These system containers are similar to virtual machines, while at the same time they are very lightweight.

In a VM, you boot a full Linux kernel and you run your favorite Linux distribution in a virtualized environment that has a fixed disk size and dedicated allocation of RAM memory. To get a graphics application to run in a VM, you need a virtualized GPU, such that will have hardware accelerated access to the host graphics driver.

In contrast, in a system container, you keep using the running Linux kernel of the host, and you just start the container image (runtime, aka rootfs) of your favorite Linux distribution. Your container uses as much disk space are needed from a common storage, and the same goes with the memory (you can also put strict restrictions, if you need). To get a graphics application to run in a container, you need to pass a Unix socket of your existing X server (or a new isolated X server).

In this post we are going to discuss the details of running X11 applications from within a LXD system container. There are a few different ways, so we explain them here.

  1. The X11 application in the container accesses the host’s X server through a network protocol. For example, connecting from the host to the container with ssh -X ... for X11 forwarding.
  2. The X11 application in the container uses directly the X server of the host (by having access to the X Unix socket or X port). It is easy to setup, with GPU acceleration, but you do not get isolation between the container and the host. I have written several tutorials on this.
  3. The X11 application in the container use a separate X server running on the host (such as xpra, Xephyr). There is isolation between the container and the host. You may have GPU acceleration with this. I have not written a tutorial yet.
  4. The container starts its own X server on the computer. There is a post for LXC using a privileged container but not for LXD yet.
  5. Using X2Go in the container to run either individual X11 applications or even a full desktop. You need to install X2Go components both on the container and the host. There is isolation but there is no GPU acceleration.

Updates

  1. Initial post.

Permanent link to this article: https://blog.simos.info/discussion-on-running-x11-applications-from-within-lxd-system-containers/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: