[lxc-users] LXD Based Container For Desktop Applications - Some Success - Help

Fajar A. Nugraha list at fajar.net
Fri Jul 22 08:31:18 UTC 2016

On Fri, Jul 22, 2016 at 4:33 AM, rob e <redgerhoo at yahoo.com.au> wrote:
> thanks Brian,
> yes, I have about 4 of those running - unprivileged :) And I've had a go
> with TigerVNC (which supports 3d capabilities currently lacking in X2Go).
> I can run current versions of KDE and Unity on Xephyr, which I currently
> cannot with X2Go

3d support is kinda weird with virtual displays. At least so in xrdp:
- xrdp is supposed to support remotefx which 'allows the end user to
work remotely in a Windows Aero desktop environment, watch videos and
run 3-D applications with performance that is close to a native
desktop experience' when enabled and configured correctly (i.e. you
have certain libraries, and enable certain configure switches). IIRC
there was a compile error last time I tried enabling it (long time
ago, memory kinda hazy)
- the default vnc display supports 3d (at least glxgears run), but
does not support text copy-paste
- x11rdp support text copy-paste, but does not support 3d
- xrdp's xorg module supports 3d and text copy-paste, but somehow
breaks autologin (when user/password saved by windows)

I wonder if your tigervnc solution properly support text copy-paste
between local and remote desktop.

> But for this use case, I want desktop integration from an unprivileged
> container. I have achieved it with LXC on Ubuntu 16.04... but was hoping to
> be able to use LXD. It feels like I'm so close ... just missing something,
> probably quite trivial once you know how ... I wish i knew how

IIRC you can NOT have custom uid mappings in lxd. It's either
privileged, or use-the-same-unprivileged-mapping-for-all-containers.

The workaround would PROBABLY be (untested) to have an unpriv user in
the CONTAINER (e.g. uid 100 in the container, which translates to uid
100100 in the host), then manually create a user with uid 100100 in
the HOST (e.g "unpriv_user"), grant the necessary privilege to it
(i.e. make it so that the user can login to the host, start GUI
including pulseaudio, and so on), and redo your setup. So you can skip
the specific-user-mapping step.


More information about the lxc-users mailing list