OK, better workaround: I learned that ubuntu 16.04 and up still support setuid root Xorg, it's just off to the side in xserver-xorg-legacy. Configuring that to not drop root for X did the trick, and was a lot easier than trying to juggle uid in ~/.xinitrc. I've updated http://kegel.com/linux/lxc-opengl-demo/install-x.sh.txt to add this workaround if an amd card is found.
I run 'install-x.sh guest' from inside the container's /etc/rc.local to recreate the dev entries on each boot. (Surely there's a better way...) Still would like to know what's going on, but hey, at least I'm unblocked. On Wed, Sep 14, 2016 at 11:31 AM, Dan Kegel <[email protected]> wrote: > I tried > lxc.aa_profile = unconfined > but it didn't seem to help. > > So I guess I'll live with running X as root for the moment > (and with having to recreate those /dev entries on every boot, > what's up with that?) > > > On Tue, Sep 13, 2016 at 3:33 PM, Dan Kegel <[email protected]> wrote: >> Hey all, >> I'm running X inside lxc containers on ubuntu 16.04. >> The script I'm using to tweak lxc configuration to support X is >> http://kegel.com/linux/lxc-opengl-demo/install-x.sh.txt >> Seems to work fine for intel and nvidia, but for amd graphics (two >> different systems so far), it complains >> Fatal server error: AddScreen/ScreenInit failed for driver 0 >> strace shows that X can't open /proc/mtrr. >> Running startx as root works around the problem, but that shouldn't be >> needed. >> Can I buy a clue here? Thanks! >> - Dan >> >> p.s. To reproduce: >> >> # Bring down X >> host$ sudo systemctl start multi-user.target >> # Create a container, add a user, give him sudo, start in foreground >> host$ sudo lxc-create -n video -t download -- --dist ubuntu --release >> xenial --arch amd64 >> host$ wget http://kegel.com/linux/lxc-opengl-demo/install-x.sh >> host$ sudo sh install-x.sh host video >> host$ sudo lxc-start -n vdeo >> host$ sudo lxc-attach -n video adduser fred >> host$ sudo lxc-attach -n video vi /etc/group # add fred to sudo group >> # Restart the container in the foreground >> host$ sudo lxc-stop -n vdeo >> host$ sudo lxc-start -n video -F >> # Log in to the guest as user fred, then: >> video$ wget http://kegel.com/linux/lxc-opengl-demo/install-x.sh >> # Alas, you have to run install-x.sh guest every time you start the >> container, to recreate /dev stuff. >> video$ sudo sh install-x.sh guest >> # Only if you're using nvidia hardware: Install nvidia driver that >> matches outer host. Careful. e.g. >> #video$ sudo apt install nvidia-340 >> # Finally, start x in the container >> video$ echo "exec xterm" > .xinitrc >> video$ startx -- vt9 >> >> This should give you an xterm with working keyboard and mouse, capable >> of running glxgears, etc. _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
