bash docker GUI 应用程序的 xhost 命令 (Eclipse)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/43015536/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
xhost command for docker GUI apps (Eclipse)
提问by Moritz
I'm looking at running a GUI appin docker. I've heard that this is incurs security problems due to the Xserver being exposed. I'd like to know what is being done in each of the following steps, specifically the xhost local:root:
我正在考虑在 docker中运行一个GUI 应用程序。我听说这是由于 Xserver 被暴露而导致安全问题。我想知道在以下每个步骤中正在做什么,特别是xhost local:root:
- [ -d ~/workspace ] || mkdir ~/workspace
- xhost local:root
- docker run -i --net=host --rm -e DISPLAY -v $HOME/workspace/:/workspace/:z docbill/ubuntu-umake-eclipse
- [ -d ~/工作区 ] || mkdir ~/工作区
- xhost 本地:root
- docker run -i --net=host --rm -e DISPLAY -v $HOME/workspace/:/workspace/:z docbill/ubuntu-umake-eclipse
回答by BMitch
[ -d ~/workspace ] || mkdir ~/workspace
[ -d ~/workspace ] || mkdir ~/workspace
This creates a workspace directory in your home directory if it doesn't already exist.
如果它不存在,这将在您的主目录中创建一个工作区目录。
xhost local:root
xhost local:root
This permits the root user on the local machine to connect to X windows display.
这允许本地机器上的 root 用户连接到 X windows 显示。
docker run -i --net=host --rm -e DISPLAY -v $HOME/workspace/:/workspace/:z docbill/ubuntu-umake-eclipse
docker run -i --net=host --rm -e DISPLAY -v $HOME/workspace/:/workspace/:z docbill/ubuntu-umake-eclipse
This runs a container with the following options:
这将运行一个具有以下选项的容器:
-i: interactive, input typed after this command is run is received by the process launched inside the container.--net=host: host networking, the container is not launched with an isolated network stack. Instead, all networking interfaces of the host are directly accessible inside the container.--rmautomatically cleanup the container on exit. Otherwise the container will remain in a stopped state.-e DISPLAYpass through the DISPLAY environment variable from the host into the container. This tells GUI programs where to send their output.-v $HOME/workspace/:/workspace/:zmap the workspace folder from your home directory on the host to the /workspace folder inside the container with selinux sharing settings enabled.docbill/ubuntu-umake-eclipserun this image, authored by user docbill on the docker hub (anyone is able to create an account here). This is not an official image from docker but a community submitted image.
-i:交互式,在运行此命令后键入的输入由容器内启动的进程接收。--net=host: 主机网络,容器不是用隔离的网络堆栈启动的。相反,主机的所有网络接口都可以在容器内直接访问。--rm退出时自动清理容器。否则容器将保持停止状态。-e DISPLAY将 DISPLAY 环境变量从主机传递到容器中。这告诉 GUI 程序将输出发送到哪里。-v $HOME/workspace/:/workspace/:z将工作空间文件夹从主机上的主目录映射到容器内的 /workspace 文件夹,并启用 selinux 共享设置。docbill/ubuntu-umake-eclipse运行此映像,由用户 docbill 在 docker hub 上创作(任何人都可以在此处创建帐户)。这不是来自 docker 的官方镜像,而是社区提交的镜像。
From the options, this command is most likely designed for users running on RHEL or CentOS Docker host. It will not work on Docker for Windows or Docker for Mac, but should work on other variants of Linux.
从选项来看,这个命令很可能是为在 RHEL 或 CentOS Docker 主机上运行的用户设计的。它不适用于 Windows 的 Docker 或 Mac 的 Docker,但应该适用于 Linux 的其他变体。
I've used similar commands to run my containers with a GUI, but without the xhost and host networking. Instead, I've just mapped in the X windows socket (/tmp/.X11-unix) directly to the container:
我已经使用类似的命令通过 GUI 运行我的容器,但没有 xhost 和主机网络。相反,我只是将 X windows 套接字 ( /tmp/.X11-unix) 直接映射到容器:
docker run -it --rm -e DISPLAY -u `id -u` \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-v /etc/localtime:/etc/localtime:ro \
my_gui_image
