[winswitch] Xpra Xorg launch sequence: using a unix domain socket in /tmp/.X11-unix

Timothy Hobbs timothy at hobbs.cz
Sun Aug 2 00:50:04 BST 2015 

Hey,

I have finished implementing basic XPRA support in subuser. I haven't worked on getting mmap working yet, but I will do so shortly. I am currently planning the release of subuser 0.3 which will add XPRA support. You can read my draft press release here: http://subuser.org/news/0.3.html

I have run into one problem, which is that when I launch the xpra server in a container the DPI isn't set correctly or something.  Take a look at this screen shot of the Arduino IDE for example: http://timothy.hobbs.cz/arduino.png

You see the size of the text in the menu? Obviously I am going to have to transfer DPI info to xpra from the host. How should I go about doing that?

Thank you,
Timothy Hobbs

On Mon, Jul 20, 2015 at 09:46:44AM +0700, Antoine Martin wrote:
> I think the wiki could do with some improvements with regards to running
> xpra with containers (feel free to edit), until then:
> * make sure mmap is enabled (and you can even use a trimmed down build
> without any video codecs, which is much safer)
> * disable compression
> The performance should be very close to native, if not then something is
> not setup right.
> 
> Cheers
> Antoine
> It appears that I have fixed my imediate problem. I was sharing
> /tmp/.X11-unix using docker volumes, and I needed to run chmod 1777
> /tmp/.X11-unix on it to get the permissions the way Xorg wants them :)
> 
> Tim
> 
> On Sat, Jul 18, 2015 at 10:08:25PM +0200, Timothy Hobbs wrote:
> > Dear list,
> >
> > I am the creator of subuser.org. Subuser is a free open source software
> project (LGPL3) which aims to allow a person to run desktop applications
> inside Docker containers. Subuser has several aims. One is to make it
> easier to publish desktop applications on linux by improving portability.
> Another is to make the desktop more secure by containing those desktop
> applications within their respective containers.
> >
> > Right now, the seccond goal is not met. Desktop applications communicate
> with the host's X11 server by sharing the /tmp/.X11-unix folder with it.
> This works well, but is completely insecure. I have been waiting for
> wayland to come out in order to provide a secure solution. However, spurred
> on by the success of OZ, written by subgraph.com I have begun to reconsider
> xpra as an intermediate option.
> >
> > As I want to maintain portability and ease of creating subuser Docker
> images, I do not wish to install the xpra server in each Docker image which
> contains a desktop application. In order to maintain this sepparation of
> requirements, I have come up with the following architecture involving 3
> containers:
> >
> > -------------                      -------------
> > |desktop app| <--/tmp/.X11-unix--> |xpra server|    Untrusted
> > -------------                      -------------
> >                                          ^
> >                                          | ~/.xpra
> >                                          v
> > -------------                       -------------
> > | host      |  <--/tmp/.X11-unix--> |xpra client|   Trusted
> > -------------                       -------------
> >
> > This allows me to run 3 containers.
> >
> > 1) contains the untrusted desktop application
> > 2) contains an untrusted xpra server
> > 3) contains a trusted xpra client
> >
> > I can use an up-to-date version of xpra, as I do not need to have xpra
> installed on the host.
> >
> > The only problem, is that when I run
> >
> > $ xpra start :100 --start-child=xterm
> >
> > I don't end up with a unix domain socket in the xpra server's
> /tmp/.X11-unix directory. This is despite the fact that I have -nolisten
> tcp set in xpra.conf:
> >
> > xvfb=Xorg -dpi 96 -noreset -nolisten tcp +extension GLX +extension RANDR
> +extension RENDER -logfile ${HOME}/.xpra/Xorg.${DISPLAY}.log -config
> /etc/xpra/xorg.conf
> >
> > I am confused as to why this is happening, and how I can get a unix
> domain socket to work with. I cannot use a UDP socket due to the
> difficulties of sharing UDP sockets between containers.
> >
> > I have been testing this settup on xpra version 0.14.10
> >
> > Thank you in advance for your help,
> >
> > Timothy Hobbs
> > _______________________________________________
> > shifter-users mailing list
> > shifter-users at lists.devloop.org.uk
> > http://lists.devloop.org.uk/mailman/listinfo/shifter-users
> _______________________________________________
> shifter-users mailing list
> shifter-users at lists.devloop.org.uk
> http://lists.devloop.org.uk/mailman/listinfo/shifter-users

More information about the shifter-users mailing list