Many of the graphical container examples don't work. For example, take
guix shell --container --network --no-cwd ungoogled-chromium \
--preserve='^DISPLAY$' -- chromium
from (guix)Invoking guix shell. It fails with:
Authorization required, but no authorization protocol specified
[1:1:0127/163058.718097:ERROR:ozone_platform_x11.cc(238)] Missing X
server or $DISPLAY
[1:1:0127/163058.718126:ERROR:env.cc(255)] The platform failed to
initialize. Exiting.
To make it work, "XAUTHORITY" needs to be preserved and exposed:guix shell --container --network --no-cwd ungoogled-chromium --preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --expose=/tmp/.X11-unix --expose="$XAUTHORITY" -- chromium
For another example, take "eolie" from "(guix)Invoking guix environment":
guix environment --preserve='^DISPLAY$' --container --network \
--expose=/etc/machine-id \
--expose=/etc/ssl/certs/ \
--share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/ \
--ad-hoc eolie nss-certs dbus -- eolie
it fails with
Authorization required, but no authorization protocol specified
Unable to init server: Could not connect: Connection refused
Authorization required, but no authorization protocol specified
Unable to init server: Could not connect: Connection refused
Authorization required, but no authorization protocol specified
Unable to init server: Could not connect: Connection refused
Preserving XAUTHORITY and exposing $XAUTHORITY makes it actually start,
though the created window is invisible. Exposing /sys makes the window
actually visible, albeit with
(WebKitWebProcess:2): Gtk-WARNING **: 16:40:32.008: cannot open display: :1 Unable to init server: Could not connect: Connection refused warnings.An additional issue, is that the examples -- even after adjustment -- stop working with network-less containers, e.g.
guix environment --preserve='^DISPLAY|XAUTHORITY$' --container --expose=/etc/machine-id --expose=/etc/ssl/certs/ --expose="$XAUTHORITY" --share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/ --expose=/sys --expose=/sys/bus --ad-hoc eolie nss-certs dbus -- eolie
fails with Unable to init server: Could not connect: Connection refused Unable to init server: Could not connect: Connection refused Unable to init server: Could not connect: Connection refused (org.gnome.Eolie:1): Gtk-WARNING **: 16:41:53.524: cannot open display: :1.(I discovered this with the FHS container example in https://guix.gnu.org/en/blog/2023/the-filesystem-hierarchy-standard-comes-to-guix-containers/ -- it was a no-network application I tried out, so I left out the --network.)
To fix this, I had to add --expose=/tmp/.X11-unix. It should be documented how to make network-less containers for graphical applications -- nowhere in the manual or FHS blog post is /tmp/.X11-unix mentioned.
Greetings, Maxime.
OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
