Comments (10)
There is work being done to secure X11 by some gnome people I believe but
ya X11 is ridiculously insecure...
On Fri, Jun 5, 2015 at 4:22 PM, TerrorFactor [email protected]
wrote:
When messing around with your Docker images, I wanted to check if a
container was completely isolated. I tried it with your Spotify image, as I
know Spotify doesn't like being started multiple times.
So I created 2 containers with your Spotify-image, and tried to run them
both.
It didn't work :(
Spotify knew there was already a Spotify running. I figured it might be,
because both instances were mapped to the same folders on the host, so I
changed that. No luck.Upon googling a bit more, I suspect it's because X11 is used. Do you know
how to fix that, or is there a workaround?—
Reply to this email directly or view it on GitHub
#24.
Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3
pgp.mit.edu http://pgp.mit.edu/pks/lookup?op=get&search=0x18F3685C0022BFF3
from dockerfiles.
Would using VNC work? I'd guess I have to make an image with a VNC server in it, which will give some overhead, but if it's really isolated that way, that's okay. It'll still be better than running a VM for every app.
from dockerfiles.
I honestly don't think so, but would be interesting to try.
On Fri, Jun 5, 2015 at 4:30 PM, TerrorFactor [email protected]
wrote:
Would using VNC work? I'd guess I have to make an image with a VNC server
in it, which will give some overhead, but if it's really isolated that way,
that's okay. It'll still be better than running a VM for every app.—
Reply to this email directly or view it on GitHub
#24 (comment)
.
Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3
pgp.mit.edu http://pgp.mit.edu/pks/lookup?op=get&search=0x18F3685C0022BFF3
from dockerfiles.
Sooooo, it seems that I can't even get your stock image to build:
Errors were encountered while processing:
colord
E: Sub-process /usr/bin/dpkg returned an error code (1)
The command .... returned a non-zero code: 100
Updating your image without rebuilding also doesn't seem to be an option, as I can't get a shell due to the X11 requirement.
from dockerfiles.
Hmm thats odd seeing as I just updated all of them and they built just
fine..
On Fri, Jun 5, 2015 at 6:10 PM, TerrorFactor [email protected]
wrote:
Sooooo, it seems that I can't even get your stock image to build:
Errors were encountered while processing:
colord
E: Sub-process /usr/bin/dpkg returned an error code (1)The command .... returned a non-zero code: 100
Updating your image without rebuilding also doesn't seem to be an option,
as I can't get a shell due to the X11 requirement.—
Reply to this email directly or view it on GitHub
#24 (comment)
.
Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3
pgp.mit.edu http://pgp.mit.edu/pks/lookup?op=get&search=0x18F3685C0022BFF3
from dockerfiles.
That's weird. I'm using a pretty much fresh installed 14.04 64 bit ubuntu, and only installed docker today. I'll install a fresh VM and have another go. There isn't anything special needed to build an image as far as I know?
from dockerfiles.
It did work on a fresh VM with a fresh docker. Added another repository, guessing i'm having a different version of docker now.
Didn't manage to get vnc/any thing else working though. Used this for the VNC setup: http://stackoverflow.com/a/16311264/4225082
Just get the error that the display was not found (like you get when you don't "xhost +" before using your method.
Then found that I could use xephyr, as that isolates x, so that should work. Used this as basis: http://blog.whitenite.de/docker-container-running-gui-apps-feat-sockets-and-xephyr/
Get the xephyr window, with window manager. A spotify window opens up, but it's just an empty window, the actual app isn't visible.
Tried it with the ubuntu window manager (compiz), but that doesn't help either.
I think I'll keep using sandboxie for a while ;(
from dockerfiles.
You can use subuser's secure X11 bridge to provide X11 isolation. I am currently working on getting @jfrazelle's repository ported to subuser. Stay tuned.
from dockerfiles.
@timthelion results on the porting?
from dockerfiles.
closing as this is not bugs with this repo, thanks! but feel free to discuss!
from dockerfiles.
Related Issues (20)
- novice question - bug HOT 2
- cathode - error during build HOT 1
- jess/firefox ESNI is broken HOT 3
- dockerfile config changes
- tor-browser/dockerfile: version 9.0.10 not available
- official website for jessfraz/pastebinit seems down
- docker hub profile disambiguation
- jess/firefox won't start HOT 3
- Consider firefox image updates for stable tracks HOT 1
- Consider Alpine Linux foundation for Firefox and Chromium
- Using audio on the jess/pulseaudio container, with Podman and Mac OS
- Q - In the chromium Dockerfile, is the add user step necessary?
- Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted HOT 1
- Dockerfile for Logseq Desktop?
- the jess/virtualbox docker image how can use
- Docker images not updated since 2023-06-13 HOT 4
- Dick
- GitHub CLI | Take GitHub to the command line
- New
- . yu
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dockerfiles.