For those who are on Ubuntu Trusty and above we have a separate section and download below on how to run GUI apps in unprivileged containers.

If you are new to LXC please head to our LXC getting started guide before trying this.

You can launch X apps from within the container and they will open up in a new window in your host. Or use a script on the host that executes the X app in the container and gives you a window, behaving much like any other GUI app on the system.

You can install something like Wine or Steam in a container and use it to run Windows Apps and Games isolated in their own container. Or like Stephane you can run apps like Chrome in a container to isolate it from the rest of your system. This makes sense for a number of use cases.

Conceptually you are exporting the dri, video and audio devices into the container and using these to run your apps. So there is no need to install X or drivers in the container. The GUI apps will use the hosts display and audio. Nice!

Stephane's Google Chrome example basically sets up Google Chrome in an Ubuntu container, gives the container access to the X server, and setups a script to launch Chrome. Its also exports pulse audio. Pulseaudio can be fussy and involved and may not work in all environments and distributions.

We are going to show you how to run GUI apps in both normal and unprivileged containers. Here is a screencast of the LXC GUI container in action.

Unprivileged containers are an exciting upstream feature of LXC but current dependencies limit them to latest versions of Ubuntu Trusty for now. Please see our using unprivileged containers guide for more.

For instance in this post by LXC developer Stephane Graber you can see how he uses this to run Google Chrome in a container locally. He uses unprivileged containers for the post.

Not many know you can run accelerated GUI apps in your LXC containers locally and its fairly simple to do. Yes, we are talking about Xserver with proper acceleration and audio and not a VNC based solution which would be the way to run X apps remotely.

Browse to the Flockport container section and download the LXC GUI container. Once downloaded untar it in your LXC folder /var/lib/lxc

tar -xpJf lxcgui.tar.xz -C /var/lib/lxc --numeric-owner

Or if you are using the flockport utility

flockport get lxcgui

Before you can start the container let's take a quick look at what is making the GUI in the container possible. Head to the /var/lib/lxc/lxcgui folder and open the config file in your favorite editor. You will see the following 5 lines, and this is all you need to create you own LXC GUI container.

lxc.mount.entry = /dev/dri dev/dri none bind,optional,create=dir lxc.mount.entry = /dev/snd dev/snd none bind,optional,create=dir lxc.mount.entry = /tmp/.X11-unix tmp/.X11-unix none bind,optional,create=dir lxc.mount.entry = /dev/video0 dev/video0 none bind,optional,create=file lxc.hook.pre-start = /var/lib/lxc/lxcgui/setup-pulse.sh

As you can see the configuration above line 1-4 are mounting the dri, snd, video devices in the container along with the /tmp/.X11-unix folder. This is all it takes to run accelerated GUI apps in your container.

Simples! For the GUI yes and it works smoothly. The audio is a bit involved, pulseaudio may fail weirdly on different systems. We have tested this on Debian Wheezy and Ubuntu Trusty hosts.

You will notice on the last line we are loading a setup-pulse.sh script. This is for audio. Let's have a look at what it does. Open the setup-pulse script located in /var/lib/lxc/lxcgui folder.

nano setup-pulse.sh

#!/bin/sh PULSE_PATH=/var/lib/lxc/lxcgui/rootfs/home/ubuntu/.pulse_socket if [ ! -e "$PULSE_PATH" ] || [ -z "$(lsof -n $PULSE_PATH 2>&1)" ]; then sudo -u username -i pactl load-module module-native-protocol-unix auth-anonymous=1 \ socket=$PULSE_PATH fi

As you can see the script exports pulseaudio via a socket into the container. But trying to run the pactl command in the script as root is going to fail. That's why there is a sudo switch username. Change the 'username' in the script to your normal username on your host.

Start the container

lxc-start -n lxcgui -d

The container should start without any errors. If you get any errors it will most likely be because of pulseaudio permission issues.

We will explore pulseaudio troubleshooting solutions at the end of this article. In the interim open the container config file and comment out the lxc.hook.pre-start line, so we can proceed with the GUI.

#lxc.hook.pre-start = /var/lib/lxc/lxcgui/setup-pulse.sh

Start the container after commenting out the line.

Now that the container is running we can use lxc-attach to get into it. However since we are going to run most of the GUI apps as the ubuntu user in the container, its better to ssh into the container. To do that first get the container IP

lxc-ls -f

Now let's ssh as user ubuntu into the container. In my case the container IP is 10.0.3.107. Like with all Flockport ubuntu containers the pass for the ubuntu user is ubuntu Please change this after first login with the passwd ubuntu command.

ssh ubuntu@10.0.3.107

Once you are logged into the container we are ready to run some GUI apps. The container has Chromium and some utilities to test. To run GUI we first need to set some environmental variables. On the command line run the following 2 commands

export DISPLAY=:0 export PULSE_SERVER=/home/ubuntu/.pulse_socket

Please note: The default display is usually :0. If you have changed this for any reason then please change the variable as suitable.

Now let's run a couple of apps.

chromium-browser --disable-setuid-sandbox

This should launch a Chromium browser window on your host. Browse to Youtube and check if its working as expected with audio. This is actually running in your container. Chrome and Chromium do not play well with container namespaces and that's why we need to use the disable-setuid option.

Let's test an mp3

audacious

This should open up audacious. Test an mp3 to confirm audio working.

Now let's do an elementary 3D GUI test

glxgears

This should give you a frame rate identical to your host, so there is no overhead running your 3D apps in the container. You can run Steam in an LXC container and see for yourself.

You can basically run any GUI app including a desktop environment, Wine Windows apps, 3D games with near zero performance penalty and additional flexibility. Awesome!

Using another X session

You can also start a separate X instance on another VT and use that for GUI apps running on your container. For instance start a separate X instance with 'startx' from another VT, and in the container change the 'export DISPLAY=:0' to 'export DISPLAY=:1' . This will launch all GUI apps started on the container on your separate X window.

Launching GUI container app with a script directly from the host

It would be a hassle to start the container, log into it, set environmental variables every time you want to run a GUI app. So you can use a script to launch the GUI app directly from the container.

For instance the script below from Stephane's Chrome guide automatically starts the container, setups environmental variables and launches Google Chrome in the container.

You can set up a link to it on your desktop to execute the script. Chrome launches in about 3 seconds from the container. To use it to launch other apps just change the CMD-LINE value.

#!/bin/sh CONTAINER=lxcgui CMD_LINE="chromium-browser --disable-setuid-sandbox $*" STARTED=false if ! lxc-wait -n $CONTAINER -s RUNNING -t 0; then lxc-start -n $CONTAINER -d lxc-wait -n $CONTAINER -s RUNNING STARTED=true fi PULSE_SOCKET=/home/ubuntu/.pulse_socket lxc-attach --clear-env -n $CONTAINER -- sudo -u ubuntu -i \ env DISPLAY=$DISPLAY PULSE_SERVER=$PULSE_SOCKET $CMD_LINE if [ "$STARTED" = "true" ]; then lxc-stop -n $CONTAINER -t 10 fi