Container Hacks in Docker
Jessie Frazelle spoke at DockerCon 2015 about how she uses Docker containers to run desktop applications.
As a Core Maintainer at Docker, Frazelle briefed her audience on a few of her explorations with containerization on Linux and Windows. As a result of installing her daily-use desktop apps in containers, she keeps her host really clean -- still, it does require a hack or two.
[caption id="attachment_1998" align="aligncenter" width="832"]
Jessie Frazelle at DockerCon 2015[/caption]
For example, Frazelle displayed a few hundred lines of bash aliases that she employs for running various apps in containers: Mutt, Notify OSD, Slack, and Spotify, just to name a few. “None of these are very clean!” she pointed out. “I don’t like to show the commands, I just show the cool alias.”
Then there are the little roadblocks you don’t expect. Like how clicking links to open in Chrome across a container doesn’t work. So Frazelle uses a URL launcher via .Xresources to call docker exec chrome.
The level of workarounds that Frazelle has explored to test the limits of what you can containerize is impressive. She uses apt-file to find which packages provide an
.so file and then installs those packages in a container. For file management, she uses volumes. So, a container for GIMP is mounted with the Pictures folder, for example. Some apps are less of a struggle than others, of course.
You can even run Google Hangouts because audio/video will work inside a Chrome container if you mount your devices. OpenGL works with sound. For an NES emulator, Frazelle has played The Legend of Zelda in a container, loading ROMs by mounting volumes. Containerizing VirtualBox lets Frazelle run VMS to run other containers, but this needs a kernel module -- modprobe in the host. She actually ran an Ubuntu VM in VirtualBox in a container.
For Skype, Frazelle linked to a PulseAudio container to provide audio. She mounted /dev/video0 and noted that you can mount printers as well. For a bit of real-time flair, Frazelle called an audience member during her talk.
Tor runs in a container via tor-browser and is mounted by way of system-level proxy. She uses --net host to map host networking into the container. Side note: Frazelle submitted a Dockerfile to the Tor Project so that they can run their tests in it. “Now everything I do won’t be read by the NSA,” Frazelle joked, “which is nice.”
After her talk, Frazelle fielded a few questions from the audience. One attendee asked if apps lost state when she launched them. “You can mount a volume to the point where the app stores its data,” she responded. “You just have to figure out where those files are.” When asked how she handles permissions, she replied that she chowns the files over as an exec.
Someone else asked what she considered the most difficult app to containerize. “Visual Studio Code,” Frazelle answered, “because it didn’t come with any instructions. I had to use a lot of strace to find all the library and header files. It was hard to start from nothing and get it working.”
When asked if her window manager runs in Docker, Frazelle admitted defeat. “It’s something I want to do, and there have been attempts at this, but we haven’t succeeded yet.”
Another question was, “Have you experienced containerizing apps that require different kernel configurations?” Frazelle stated that she hasn’t run into anything conflicting, but sometimes she has to load a module. “I had to copy files to my host to build the module to build the .ko, but then I could delete all the building files.”
For one of the last questions, an attendee asked, “Do you have to install your video drivers into the host or can you do them in the container?” Frazelle responded that it’s not necessary for basic audio and video, but Chrome and OpenGL require you to have the same graphics libraries as the host (like the Mesa libraries, for example).
Hacking your desktop apps to run in containers might not be on the To Do list for everyone, but Codeship readers can probably rest assured: If Frazelle can put Skype in a container, you can probably put your app in one too.
PS: If you are interested in Docker support from Codeship, click here.
Stay up to date
We'll never share your email address and you can opt out at any time, we promise.