68 lines
2.3 KiB
Markdown
68 lines
2.3 KiB
Markdown
# X11Proxy
|
|
|
|
X11Proxy is a lightweight X11 proxy designed for containerized environments. It provides an AF_UNIX socket for Docker containers to connect to the host's X11 display, enabling GUI applications to run inside containers with minimal setup.
|
|
|
|
## Features
|
|
|
|
- Proxies X11 connections from a UNIX socket (default: `:5`) to the host's current `$DISPLAY`.
|
|
- Simple, minimal codebase.
|
|
- Ideal for Docker and other container runtimes.
|
|
- No complex configuration required.
|
|
|
|
## Use Case
|
|
|
|
Run GUI applications inside Docker containers by exposing a UNIX socket for X11 forwarding.
|
|
|
|
## Quick Start
|
|
|
|
### 1. Start X11Proxy
|
|
|
|
```bash
|
|
x11proxy
|
|
```
|
|
By default, this will listen on `/tmp/.X11-unix/X5` and forward to your current `$DISPLAY`.
|
|
|
|
### 2. Run a Docker Container
|
|
|
|
Mount the proxy socket into your container and set `DISPLAY` accordingly:
|
|
|
|
```bash
|
|
docker run -it \
|
|
-e DISPLAY=:5 \
|
|
-v /tmp/.X11-unix/X5:/tmp/.X11-unix/X5 \
|
|
x11-app-image
|
|
```
|
|
|
|
Replace `x11-app-image` with your GUI application's image.
|
|
|
|
### 3. Example: Running xeyes
|
|
```bash
|
|
docker run -it \
|
|
-e DISPLAY=:5 \
|
|
-v /tmp/.X11-unix/X5:/tmp/.X11-unix/X5 \
|
|
x11docker/xeyes
|
|
```
|
|
|
|
Alternatively, you can use a custom script such as `hello_xclock.sh` to run `xclock` inside a Docker container:
|
|
|
|
```bash
|
|
./hello_xclock.sh
|
|
```
|
|
|
|
This script should mount the proxy socket and set the `DISPLAY` variable appropriately, demonstrating how to launch GUI applications with minimal setup.
|
|
|
|
## Security
|
|
|
|
- The proxy socket is protected by file permissions (0700), ensuring only your user can access it.
|
|
|
|
- For remote X sessions, valid `xauth` credentials are required. X11Proxy injects these credentials into the connection automatically, so your Docker container does not need to have your `xauth` file.
|
|
|
|
- Note: X11Proxy does not provide isolation between GUI applications. Once connected, containerized apps can interact with other X11 clients on the same display (e.g. capturing input, reading window contents). This is a known limitation of X11 itself and may be addressed in future versions with optional sandboxing or per-client filtering.
|
|
|
|
## License
|
|
|
|
BSD 2-Clause License. See [https://opensource.org/license/bsd-2-clause](https://opensource.org/license/bsd-2-clause) for details.
|
|
|
|
## Credits
|
|
|
|
Inspired by [X11Docker](https://github.com/mviereck/x11docker), but with a minimal approach. |