Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ubuntu:bionic image: GUIs and --network=host problems #3

Open
diegoferigo opened this issue Jul 29, 2018 · 2 comments
Open

ubuntu:bionic image: GUIs and --network=host problems #3

diegoferigo opened this issue Jul 29, 2018 · 2 comments
Assignees
@diegoferigo

Comments

@diegoferigo
Copy link
Owner

Images based on ubuntu:bionic are affected by a regression caused by the interaction between host's and container's dbus. This happens only if --network host is used.

In particular, I can reproduce this issue on the diegoferigo/tools image with:

docker run --rm --init  --network host --name tools --runtime runc \
    -e USERNAME=dferigo -e USER_UID=1001 -e USER_GID=1001 -e DISPLAY \
    -e XAUTHORITY=/tmp/.docker.xauth    --device /dev/dri  \
    --volume /tmp/.X11-unix:/tmp/.X11-unix:rw \
    --volume /tmp/.docker.xauth:/tmp/.docker.xauth:rw  \
    diegoferigo/tools qtcreator

I obtain the following output:

Creating dferigo group
Creating dferigo user
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
dbus[7]: The last reference on a connection was dropped without closing the connection. This is a bug in an application. See dbus_connection_unref() documentation for details.
Most likely, the application was supposed to call dbus_connection_close(), since this is a private connection.
  D-Bus not built with -rdynamic so unable to print a backtrace

Other GUIs either do not open (such as Atom, its process keeps running without errors but no window is opened) or get stuck when running (such as gitkraken, the boot animation shows up but it is black and the program never opens).

Related issues:
@diegoferigo diegoferigo self-assigned this Jul 29, 2018
@nschimme nschimme mentioned this issue Nov 29, 2018
Closed
6 tasks
@diegoferigo
Copy link
Owner Author

I discovered that on Ubuntu 18.04 the seccomp packages are not enough updated. Support to the statx syscall was added to the 2.3.3 version (source1, source2).

However, even updating it with this ppa or getting the package from cosmic didn't solve the problem in my case. I am using docker-ce 5:18.09.0~3-0~ubuntu-bionic.

The strange thing is that even using seccomp=unconfined or passing an alternative default.json does not work. Neither cap_add: ALL. The only solution atm is the privileged mode.

@diegoferigo
Copy link
Owner Author

Upstream bug: moby/moby#38442.

@diegoferigo diegoferigo mentioned this issue Apr 25, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@diegoferigo diegoferigo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@diegoferigo