Full containerized OS using containers

[Anghille]

Describe the bug
I am currently trying to setup a full-containerized desktop (remote VM if you will) using xpra in the server-side. Audio is not working, and video is (for now at least) a mess (no full screen, stuck at 1280*720 50Hz, cursor not clicking were it is showing)

To Reproduce

1. Setup a Docker image from fedora:40
2. Use the official xpra repo wget -O /etc/yum.repos.d/xpra.repo https://raw.githubusercontent.com/Xpra-org/xpra/master/packaging/repos/Fedora/xpra.repo
3. Install xpra and xpra-html5, firefox, @xfce
4. Since Fedora 40 uses pipewire, remove pipewire and install pulseaudio, pulseaudio-utils, pulseaudio-module-x11

Now this is where things get weird :

if I run xpra start-desktop --start-child=xfce4-session --exit-with-children=yes --daemon=no --bind-tcp=0.0.0.0:14500 and checks the logs, pulseaudio complains it is not finding the system-dbus and is failing to run:

failed to initialize Gtk, no display?
2024-10-11 14:11:51,080 created tcp socket '0.0.0.0:14500'
2024-10-11 14:11:51,081 created rfb socket '0.0.0.0:13500'
Socket path '/tmp/.X11-unix/X14500' not found
2024-10-11 14:11:51,117 no uinput module (not usually needed)

X.Org X Server 1.20.14
X Protocol Version 11, Revision 0
Build Operating System:  6.7.3-200.fc39.aarch64
Current Operating System: Linux 0b54ac4012d8 6.6.12-linuxkit #1 SMP Fri Jan 19 08:53:17 UTC 2024 aarch64
Kernel command line: init=/init loglevel=1 root=/dev/vdb rootfstype=erofs ro vsyscall=emulate panic=0 linuxkit.unified_cgroup_hierarchy=1 console=hvc0   virtio_net.disable_csum=1 eth0.IPNet=192.168.65.3/24 eth0.router=192.168.65.1 eth0.mtu=65535 eth1.dhcp vpnkit.connect=connect://2/1999 com.docker.VMID=5bb344b1-9d9b-4d7b-9abf-607b2164b84e
Build Date: 10 April 2024  12:00:00AM
Build ID: xorg-x11-server 1.20.14-35.fc40
Current version of pixman: 0.43.4
	Before reporting problems, check http://wiki.x.org
	to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
	(++) from command line, (!!) notice, (II) informational,
	(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(++) Log file: "/run/xpra/14500/Xorg.log", Time: Fri Oct 11 14:11:51 2024
(++) Using config file: "/etc/xpra/xorg.conf"
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
2024-10-11 14:11:52,137 debug enabled for ['xpra.scripts.server', 'dbus']
2024-10-11 14:11:52,138 debug enabled for ['xpra.scripts.server', 'dbus']
2024-10-11 14:11:52,138 reload_dbus_attributes(:14500) dbus_env_data=
2024-10-11 14:11:52,138 reload_dbus_attributes(:14500) dbus_env={}
2024-10-11 14:11:52,476 debug enabled for ['xpra.server.dbus.start', 'dbus']
2024-10-11 14:11:52,476 dbus_launch='dbus-launch --sh-syntax --close-stderr', current DBUS_SESSION_BUS_ADDRESS=None
2024-10-11 14:11:52,476 start_dbus(dbus-launch --sh-syntax --close-stderr) env={'HOME': '/root', 'PATH': '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 'LOGNAME': 'root', 'LANG': 'C.UTF-8', 'USER': 'root', 'XDG_SESSION_TYPE': 'x11', 'DISPLAY': ':14500', 'CKCON_X11_DISPLAY': ':14500', 'XAUTHORITY': '/root/.Xauthority'}
2024-10-11 14:11:52,481 out(['dbus-launch', '--sh-syntax', '--close-stderr'])="DBUS_SESSION_BUS_ADDRESS='unix:path=/tmp/dbus-AyyCrQVSaC,guid=bafbb2a0de47fb93a061c2d467093228';\nexport DBUS_SESSION_BUS_ADDRESS;\nDBUS_SESSION_BUS_PID=74;\n"
2024-10-11 14:11:52,481 dbus_pid=74, dbus-env={'DBUS_SESSION_BUS_ADDRESS': 'unix:path=/tmp/dbus-AyyCrQVSaC,guid=bafbb2a0de47fb93a061c2d467093228', 'DBUS_SESSION_BUS_PID': '74'}
2024-10-11 14:11:52,481 started new dbus instance: {'DBUS_SESSION_BUS_ADDRESS': 'unix:path=/tmp/dbus-AyyCrQVSaC,guid=bafbb2a0de47fb93a061c2d467093228', 'DBUS_SESSION_BUS_PID': '74'}
2024-10-11 14:11:52,487 debug enabled for ['xpra.platform.posix.gui', 'posix', 'dbus']
2024-10-11 14:11:52,493 debug enabled for ['xpra.gtk.error', 'x11', 'util', 'error']
2024-10-11 14:11:52,521 debug enabled for ['xpra.server.core', 'websocket']
2024-10-11 14:11:52,522 debug enabled for ['xpra.server.core', 'dbus']
2024-10-11 14:11:52,550 debug enabled for ['xpra.x11.server.base', 'dbus']
2024-10-11 14:11:52,601 debug enabled for ['xpra.net.websockets.common', 'websocket']
2024-10-11 14:11:52,620 debug enabled for ['xpra.net.websockets.handler', 'network', 'websocket']
2024-10-11 14:11:52,621 pointer device emulation using XTest
2024-10-11 14:11:52,622 serving html content from '/usr/share/xpra/www'
2024-10-11 14:11:52,623 wrote pid 7 to '/run/xpra/14500/server.pid'
2024-10-11 14:11:52,637 Warning: socket directory '/run/xpra'
2024-10-11 14:11:52,637  expected permissions 775 but found 700
2024-10-11 14:11:52,639 created unix domain sockets:
2024-10-11 14:11:52,639  '/run/user/0/xpra/0b54ac4012d8-14500'
2024-10-11 14:11:52,639  '/run/xpra/0b54ac4012d8-14500'
2024-10-11 14:11:52,639  '/root/.xpra/0b54ac4012d8-14500'
2024-10-11 14:11:52,639  '/run/xpra/14500/socket'
2024-10-11 14:11:52,639 created abstract sockets:
2024-10-11 14:11:52,639  '@xpra/14500'
2024-10-11 14:11:52,639 init_dbus(74, {'DBUS_SESSION_BUS_ADDRESS': 'unix:path=/tmp/dbus-AyyCrQVSaC,guid=bafbb2a0de47fb93a061c2d467093228', 'DBUS_SESSION_BUS_PID': '74'})
2024-10-11 14:11:52,640 xvfb pid 51
2024-10-11 14:11:52,645 setting dummy crtc and output 0 to:
2024-10-11 14:11:52,645  1280x1024 50Hz (339x271 mm, dpi=96)
2024-10-11 14:11:52,647 monitor 0 is 'VFB-0' 1280x1024
2024-10-11 14:11:52,647 init_dbus_server() dbus_control=True
2024-10-11 14:11:52,647 init_dbus_server() env: {'DBUS_SESSION_BUS_ADDRESS': 'unix:path=/tmp/dbus-AyyCrQVSaC,guid=bafbb2a0de47fb93a061c2d467093228', 'DBUS_SESSION_BUS_PID': '74'}
2024-10-11 14:11:52,647 debug enabled for ['xpra.server.dbus.common', 'dbus']
2024-10-11 14:11:52,652 debug enabled for ['xpra.server.dbus.server_base', 'dbus', 'server']
2024-10-11 14:11:52,652 debug enabled for ['xpra.server.dbus.server', 'dbus', 'server']
2024-10-11 14:11:52,653 debug enabled for ['xpra.x11.dbus.x11_dbus_server', 'dbus', 'server']
2024-10-11 14:11:52,654 org.xpra.Server(<desktop_server.XpraDesktopServer object at 0xffff9d62aa00 (xpra+x11+desktop+desktop_server+XpraDesktopServer at 0xaaab0e8294f0)>)
2024-10-11 14:11:52,654 dbus_exception_wrap() <bound method DesktopServerBase.make_dbus_server of <desktop_server.XpraDesktopServer object at 0xffff9d62aa00 (xpra+x11+desktop+desktop_server+XpraDesktopServer at 0xaaab0e8294f0)>>()=None
2024-10-11 14:11:52,655 debug enabled for ['xpra.notifications.common', 'dbus', 'notify']
2024-10-11 14:11:52,656 debug enabled for ['xpra.dbus.notifications_forwarder', 'dbus', 'notify']
2024-10-11 14:11:52,656 notifications: bus name 'org.freedesktop.Notifications', request=1
2024-10-11 14:11:52,656 D-Bus notification forwarding is available
2024-10-11 14:11:52,663 pulseaudio server started with pid 84
2024-10-11 14:11:52,664  private server socket path:
2024-10-11 14:11:52,664  '/run/xpra/14500/pulse/pulse/native'
2024-10-11 14:11:52,667 debug enabled for ['xpra.gstreamer.common', 'audio', 'gstreamer']
2024-10-11 14:11:52,668 debug enabled for ['xpra.audio.gstreamer_util', 'audio', 'gstreamer']
W: [pulseaudio] main.c: This program is not intended to be run as root (unless --system is specified).
E: [pulseaudio] core-util.c: Failed to connect to system bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
E: [null-sink] util.c: Failed to connect to system bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory

I supposed, based on this ticket (#3212) and an other one that is older where it was stated that 'pulseaudio' and all application where using their own "private" dbus to avoid messing with maybe currently running dbus.

Since we are in a container, I supposed that it needed at least the system dbus to be running. I therefore appended this command : dbus-uuidgen > /var/lib/dbus/machine-id & dbus-daemon --system & && xpra start-desktop --start-child=xfce4-session --exit-with-children=yes --daemon=no --bind-tcp=0.0.0.0:14500 to first run a system dbus on the container.

After that, pulseaudio stopped complaining about missing system dbus. It was complaining about missing module-x11 but a simple dnf install pulseaudio-module-x11 fixed the error. Now I am stuck with :

E: [pulseaudio] module-x11-xsmp.c: Failed to open connection to session manager: Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed
E: [pulseaudio] module.c: Failed to load module "module-x11-xsmp" (argument: "display=:14500.0 xauthority=/root/.Xauthority session_manager=local/unix:@/tmp/.ICE-unix/134,unix/unix:/tmp/.ICE-unix/134"): initialization failed.

Any command, with XDR_RUNTIME_DIR manually set to a bunc of places (/run/xpra, /run/user/&{UID}/xpra, /tmp, /home/user/.xpra) fails with:

pactl info
Connection failure: Connection refused
pa_context_connect() failed: Connection refused

Funnly, cloning the xpra repo inside the containers and running the pactl_impl.py return sme informations:

./xpra/audio/pulseaudio/pactl_impl.py
2024-10-11 14:31:46,729 Warning: failed to query pulseaudio using 'pactl info'
2024-10-11 14:31:46,729  Connection failure: Connection refused
2024-10-11 14:31:46,729  pa_context_connect() failed: Connection refused
* device
* devices                         : 0
* pulseaudio
  - cookie-hash                   : <hash>
  - found                         : True
  - id                            : 0@2e8374a74ec0a3dcccf9e678670931bf/84
  - server                        : {2e8374a74ec0a3dcccf9e678670931bf}unix:/run/xpra/14500/pulse/pulse/native
  - wrapper                       : pactl

A lot (if not all) xfce plugins complains with errors of the like GetManagedObjects() failed: org.freedesktop.DBus.Error.Spawn.ChildExited: Launch helper exited with unknown return code 1

For the video side, the xpra always starts with :
2024-10-11 14:11:52,645 setting dummy crtc and output 0 to:
2024-10-11 14:11:52,645 1280x1024 50Hz (339x271 mm, dpi=96)
2024-10-11 14:11:52,647 monitor 0 is 'VFB-0' 1280x1024

I tried using dnf install xrandr && xrandr --output DUMMY0 --rate 60 --size 1920*1080 or other variations, but the browser wont acknoledge this. In fact, all I want is the OS to dynamically adapt to the size of the browser window :(

System Information (please complete the following information):

• Server OS: Fedora 40 (container version) running on Macos (but same problem on Host Linux ubuntu 22.04.4)
• Client OS: Macos 15
• xpra-html5-16.2-1.r0.fc40.noarch
• xpra-filesystem-6.1.3-10.r0.fc40.noarch
• xpra-common-6.1.3-10.r0.fc40.aarch64
• xpra-codecs-nvidia-6.1.3-10.r0.fc40.aarch64
• xpra-codecs-6.1.3-10.r0.fc40.aarch64
• xpra-client-6.1.3-10.r0.fc40.aarch64
• xpra-x11-6.1.3-10.r0.fc40.aarch64
• xpra-audio-6.1.3-10.r0.fc40.aarch64
• xpra-client-gtk3-6.1.3-10.r0.fc40.aarch64
• xpra-server-6.1.3-10.r0.fc40.aarch64
• xpra-6.1.3-10.r0.fc40.aarch64

Additional context

• I am trying to create a self-containerized OS that can run on a lot of plateform without the need to setup too much things (docker, and that about it)
• I am trying to make this container as secure as possible (non-root user, acces to only its home and some other folders + applications)

If you could explain how things works that would help me so much. I understand what dbus is for, what pulseaudio is, what xpra is. But I have a hard time undnerstanding how everything talks to each other nicely :(
I did read A LOT of issues in this repo (Almost every issue, from issue that could be sort-of related to ones that dont even link remotely to my problem) but I am still unsure how things work and why I am running into those problems

[totaam]

I understand what dbus is for, what pulseaudio is, what xpra is. But I have a hard time undnerstanding how everything talks to each other nicely :(

• xpra needs pulseaudio for https://github.com/Xpra-org/xpra/blob/master/docs/Features/Audio.md
• pulseaudio may use dbus
• xpra may also use dbus if available

AFAIK, none of these are absolutely essential, though some applications may misbehave without dbus.
If you don't care about audio, just disable it: --no-audio.

Well done for figuring out how to get pulseaudio installed instead of pipewire.
We should improve the documentation on that subject.

For the video side, the xpra always starts with :
2024-10-11 14:11:52,645 setting dummy crtc and output 0 to:
2024-10-11 14:11:52,645 1280x1024 50Hz (339x271 mm, dpi=96)
2024-10-11 14:11:52,647 monitor 0 is 'VFB-0' 1280x1024

The initial resolution when starting a desktop session can be changed, ie: xpra desktop --resize-display=1080p

I tried using dnf install xrandr && xrandr --output DUMMY0 --rate 60 --size 1920*1080

The resolution is meant to be changed in response to changes to the browser window dimensions, not directly via xrandr.
Works-for-me(tm).

---

BTW, you don't need to install these in a container:

• xpra-codecs-nvidia
• xpra-client-gtk3

[Anghille]

I do need the audio. The problem is that even with a system dbus lqunched and pulseaudio installed instead of pipewire, audio isnt working at all :(

For video, I will look into it, since it is absolutly ignoring my resolution settings and absolutly not doing dynamic scaling. That is why I tried to use xrandr to fix this issue without success

[totaam]

Any command, with XDR_RUNTIME_DIR manually set to a bunc of places

So you're running as root inside the container?
It may be better to use a non-root user with a correct $XDG_RUNTIME_DIR set by the login / system.
This may well be what is preventing pulseaudio / dbus from working properly.

You may also want to set XPRA_PRIVATE_PULSEAUDIO=0:

xpra/xpra/server/mixins/audio.py

Line 35 in ba3d760

PRIVATE_PULSEAUDIO = envbool("XPRA_PRIVATE_PULSEAUDIO", True)

Since the xpra instance won't be interfering with another one since there aren't any.

not doing dynamic scaling.

What sort of scaling are you expecting it to do?

For the video side, the xpra always starts with :

Oh, it just occurred to me that what you mean by "video" is the resolution of the virtual display.
In the context of xpra, video often means video stream encoding of window contents (for better compression).
"Virtual display", "vfb" or graphics are slightly less ambiguous terms.

[psobolewskiPhD]

On a related note, is there an official xpra container available in any registry?

[totaam]

is there an official xpra container available in any registry?

Not yet, we should make one as this would be trivial. (based on Fedora)

[Anghille]

For the container side, I am running as a non-root user (the multiple warnings in the logs hint clearly in that direction, and I want my image to be as secure as possible). Therefore, I have given the permission to run dbus-daemon --syste command in the sudoers file for the container user.

What I do is RUN as root, installed the aforementioned packages (xpra, xpra-html, pulseaudio ...), setup configuration files (i have copied the files found in /etc/xpra/conf.d/{05_features.conf, etc.}, then run the dbus-daemon --system && xpra [...].

I first tried to run "vanilla" ( modifications to the `05_features.conf, 20_audio.conf etc.), then started tinkering in the files to try to find my problem. I am now trying to run pulse audio with this config:

#!/usr/bin/pulseaudio -nF

### Create virtual output device sink
load-module module-null-sink sink_name=audio_output sink_properties=device.description="Virtual\ Audio\ Output"

# Allow pulse audio to be accessed via TCP (from localhost only), to allow other users to access the virtual devices
load-module module-native-protocol-unix socket=/tmp/pulseaudio.socket auth-anonymous=1

### Make sure we always have a sink around, even if it is a null sink.
load-module module-always-sink

And this overwride command: /usr/bin/pulseaudio --log-level=info --disallow-module-loading --disallow-exit --exit-idle-time=-1 but without any succes.

I am now rebuilding the image, adding an XDG_RUNTIME_DIR set to /run/user/${UID} and the XPRA_PRIVATE_PULSEAUDIO=0

I will try to use more precise wording. I was indeed speaking about the virtual display resolution :)

[totaam]

Therefore, I have given the permission to run dbus-daemon --system command in the sudoers file for the container user.

As per https://github.com/Xpra-org/xpra/wiki/Reporting-Bugs, this is an essential piece of information, not something to be gleaned later.

then run the dbus-daemon --system && xpra [...].

Does it work if everything runs as root, including xpra?
I would start there.

[Anghille]

(still_ on it, just a LOT of things going on, I will keep you posted when I can give you a more thorough description 🔸 ) Thank you for everything !