[lxc-users] /proc/mtrr permissions inside container keep X from running inside LXC without root, but only for radeon?
Dan Kegel
dank at kegel.com
Wed Sep 14 22:59:36 UTC 2016
OK, better workaround: I learned that ubuntu 16.04 and up still
support setuid root Xorg, it's just off to the side in
xserver-xorg-legacy.
Configuring that to not drop root for X did the trick, and was a lot
easier than trying to juggle uid in ~/.xinitrc.
I've updated http://kegel.com/linux/lxc-opengl-demo/install-x.sh.txt
to add this workaround if an amd card is found.
I run 'install-x.sh guest' from inside the container's /etc/rc.local
to recreate the dev entries on each boot. (Surely there's a better
way...)
Still would like to know what's going on, but hey, at least I'm unblocked.
On Wed, Sep 14, 2016 at 11:31 AM, Dan Kegel <dank at kegel.com> wrote:
> I tried
> lxc.aa_profile = unconfined
> but it didn't seem to help.
>
> So I guess I'll live with running X as root for the moment
> (and with having to recreate those /dev entries on every boot,
> what's up with that?)
>
>
> On Tue, Sep 13, 2016 at 3:33 PM, Dan Kegel <dank at kegel.com> wrote:
>> Hey all,
>> I'm running X inside lxc containers on ubuntu 16.04.
>> The script I'm using to tweak lxc configuration to support X is
>> http://kegel.com/linux/lxc-opengl-demo/install-x.sh.txt
>> Seems to work fine for intel and nvidia, but for amd graphics (two
>> different systems so far), it complains
>> Fatal server error: AddScreen/ScreenInit failed for driver 0
>> strace shows that X can't open /proc/mtrr.
>> Running startx as root works around the problem, but that shouldn't be needed.
>> Can I buy a clue here? Thanks!
>> - Dan
>>
>> p.s. To reproduce:
>>
>> # Bring down X
>> host$ sudo systemctl start multi-user.target
>> # Create a container, add a user, give him sudo, start in foreground
>> host$ sudo lxc-create -n video -t download -- --dist ubuntu --release
>> xenial --arch amd64
>> host$ wget http://kegel.com/linux/lxc-opengl-demo/install-x.sh
>> host$ sudo sh install-x.sh host video
>> host$ sudo lxc-start -n vdeo
>> host$ sudo lxc-attach -n video adduser fred
>> host$ sudo lxc-attach -n video vi /etc/group # add fred to sudo group
>> # Restart the container in the foreground
>> host$ sudo lxc-stop -n vdeo
>> host$ sudo lxc-start -n video -F
>> # Log in to the guest as user fred, then:
>> video$ wget http://kegel.com/linux/lxc-opengl-demo/install-x.sh
>> # Alas, you have to run install-x.sh guest every time you start the
>> container, to recreate /dev stuff.
>> video$ sudo sh install-x.sh guest
>> # Only if you're using nvidia hardware: Install nvidia driver that
>> matches outer host. Careful. e.g.
>> #video$ sudo apt install nvidia-340
>> # Finally, start x in the container
>> video$ echo "exec xterm" > .xinitrc
>> video$ startx -- vt9
>>
>> This should give you an xterm with working keyboard and mouse, capable
>> of running glxgears, etc.
More information about the lxc-users
mailing list