Alfred's spAcE

Firefox in LXC

Published by

Alfred Yang

on

This is referring to https://www.stgraber.org/2014/02/09/lxc-1-0-gui-in-containers/

## I use Trusty in Wily
$ lxc-create -t download -n gui -- -d ubuntu -r trusty -a amd64

## change mount and pre-start hook(replacing USERNAME appropriately):
$ vi ~/.local/share/lxc/gui/config

lxc.mount.entry = /dev/dri dev/dri none bind,optional,create=dir
lxc.mount.entry = /dev/snd dev/snd none bind,optional,create=dir
lxc.mount.entry = /tmp/.X11-unix tmp/.X11-unix none bind,optional,create=dir
lxc.mount.entry = /dev/video0 dev/video0 none bind,optional,create=file

lxc.hook.pre-start = /home/USERNAME/.local/share/lxc/gui/setup-lxc.sh

# change id_map, same file

lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
-> (assuming uid/gid is 1000/1000)

lxc.id_map = u 0 100000 1000
lxc.id_map = g 0 100000 1000
lxc.id_map = u 1000 1000 1
lxc.id_map = g 1000 1000 1
lxc.id_map = u 1001 101001 64535
lxc.id_map = g 1001 101001 64535

## create start-up hook
$ vi ~/.local/share/lxc/gui/setup-lxc.sh

#!/bin/sh
PULSE_PATH=$LXC_ROOTFS_PATH/home/ubuntu/.pulse_socket

if [ ! -e "$PULSE_PATH" ] || [ -z "$(lsof -tn $PULSE_PATH 2>&1)" ]; then
    pactl load-module module-native-protocol-unix auth-anonymous=1 \
        socket=$PULSE_PATH
fi

# below to let container can connect to host X server
XAUTH_FILE="${LXC_ROOTFS_PATH}/home/ubuntu/.Xauthority"
rm $XAUTH_FILE
touch $XAUTH_FILE
xauth extract - $DISPLAY | xauth -f $XAUTH_FILE merge ~/.Xauthority

## after create script, make it executable

chmod a+x ~/.local/share/lxc/gui/setup-lxc.sh

## change folder owner

$ sudo chown -R 1000:1000 ~/.local/share/lxc/gui/rootfs/home/ubuntu

## install software in container

$ lxc-start -n gui -d
$ lxc-attach -n gui -- umount /tmp/.X11-unix
# you can change ubuntu repo to your prefer site;
$ lxc-attach -n gui -- apt-get update
$ lxc-attach -n gui -- apt-get dist-upgrade -y
$ lxc-attach -n gui -- apt-get install ubuntu-artwork dmz-cursor-theme ca-certificates pulseaudio firefox -y
$ lxc-attach -n gui -- apt-get -f install -y
$ lxc-attach -n gui -- sudo -u ubuntu mkdir -p /home/ubuntu/.pulse/
$ echo "disable-shm=yes" | lxc-attach -n gui -- sudo -u ubuntu tee /home/ubuntu/.pulse/client.conf
# optional install - tmpreaper fonts-wqy-microhei flashplugin-installer default-jre icedtea-7-plugin
$ lxc-stop -n gui

## script to start firefox in LXC
$ vi ~/.local/share/lxc/gui/start-firefox 
#!/bin/sh
CONTAINER=gui
CMD_LINE="firefox $*"

STARTED=false

if ! lxc-wait -n $CONTAINER -s RUNNING -t 0; then
 lxc-start -n $CONTAINER -d
 lxc-wait -n $CONTAINER -s RUNNING
 STARTED=true
fi

PULSE_SOCKET=/home/ubuntu/.pulse_socket

lxc-attach --clear-env -n $CONTAINER -- sudo -u ubuntu -i \
 env DISPLAY=$DISPLAY PULSE_SERVER=$PULSE_SOCKET $CMD_LINE

if [ "$STARTED" = "true" ]; then
 lxc-stop -n $CONTAINER -t 10
fi

## desktop file (replacing USERNAME appropriately):
$ vi ~/.local/share/applications/lxc-firefox.desktop 
[Desktop Entry]
Version=1.0
Name=Firefox in LXC
Comment=Access the Internet
Exec=/home/USERNAME/.local/share/lxc/gui/start-firefox %U
Icon=/home/USERNAME/.local/share/lxc/gui/rootfs/usr/share/pixmaps/firefox.png
Type=Application
Categories=Network;WebBrowser;

Rate this:

2 responses to “Firefox in LXC”

Eric J

2016.05.01

When running a headless Ubuntu 14.x (or 16.x) server, how do you get a desktop environment to work within an unprivileged container?

Reply
1. Alfred Yang
  
  2016.05.02
  
  Maybe on your ssh client – I suppose it is a Linux desktop with Xserver running, you can use ssh -Y to redirect X to your Linux desktop. But I never try it, my host is a Ubuntu desktop.
  
  Reply

Leave a comment Cancel reply

Recent posts