-
Notifications
You must be signed in to change notification settings - Fork 379
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running as non-root user shows error due to missing process id (NixOS) #83
Comments
Thanks for your bug report, and for already pointing on the issue part of the code!
I made a change in master branch that looks for parent pid of container pid 1 ( |
Thanks for the quick response. I have not tried the commit itself yet, but the |
The important thing seems to be For NixOS, a viable solution should be to add the user to the Will test that next week. |
This sounds like a reasonable security setting by NixOS.
I prefer not to change default system settings to allow x11docker. A possible solution is to drop watching container pid at all and to watch pid 1 of container instead. This is not too hard, I could easily change that. This may still fail for special cases when the container user is different from host user, e.g. with option |
I've changed the code to watch container pid 1 instead of container pid itself. This should work now on NixOS with restricted For cases with different user of container pid 1, e.g. with options Regular use cases of unprivileged x11docker should work now without additional setup. Edit: |
With regards to this issue, I wonder if the following behavior is related to that, or independent: When I run an application in a seamless container using Xpra, after closing the application, the Xpra server is still running (tray icon), and the x11docker command does not return. Does this have anything to do with this? Edit: Right-clicking the tray icon and choosing "shutdown" causes the command to return. |
|
x11docker should terminate itself (and xpra server) if the application terminates. The whole point on watching container pid or its pid 1 is about this. x11docker terminates X if the application finishes and vica versa. A few applications do not really terminate if their window is closed but continue to run in background. Can you reproduce this with other applications? Please give me a |
Latest commit checks for |
I tried the latest commit, but the code path that checks for This is the command, which still does not terminate xpra when closing the application. Next, I will try whether adding my user to the |
It only has a visible effect if x11docker needs to watch root processes, e.g. with Fails terminating of xpra with other applications than
|
As far as I can tell, the process in question always runs under root, because the docker daemon is creating the container, not my user, no? The original issue here I encountered without using any |
Previously x11docker watched the pid of the docker container, created by dockerd and owned by root. For most x11docker options pid 1 in container is owned by the host user and can be watched without being restricted by |
I tested with xfce4-term, and with matlab, and both times shutdown worked correctly. |
Good, thanks for testing! It seems the issues are solved. Feel free to open a new issue if something else comes up. |
I did some test runs of x11docker in a NixOS VM and found that NixOS has issues with shebang |
Version: 5.3.1
OS: NixOS
When running as non-root user, the command that tries to get the process id (
ps ax | grep ...
) returns nothing, becauseps
does not list the process, as it as run as root which it cannot see.Symptopm:
container.pid
is emptyAs a result, an error window pops up, but the container starts fine otherwise.
The text was updated successfully, but these errors were encountered: