In this article, I will explain how to install and use a graphical application on docker. In this way, you can run applications that are not up-to-date in Pardus repositories, but that you need, without the need to install a separate distribution.
In this article, we will run a krita application on the debian testing image using docker as an example.
Method 1: You can install docker as follows. The docker you install in this way will only work with the root user or the user added to the docker group.
apt update apt install docker.io
Method 2: You can install rootless docker as follows. Docker installed in this way works without root, but with limited privileges.
Let's install the necessary packages first.
apt install curl dbus-user-session
Then, let's set the subuid and subgid settings by running the following two commands with root.
usermod --add-subgids 1002000000-1002999999 usermod --add-subuids 1002000000-1002999999
Then, let's install rootless docker on our own user using the following command.
curl -fsSL https://get.docker.com/rootless | bash
Docker commands have been added in the bin directory in our home directory. Let's add the following to bashrc to get them in PATH.
Setting up Docker use authorization
Root privileges are required to use non-rootless docker. Therefore, you can give docker authorization to the user by doing the following.
# After this process, we may need to log out and log in. usermod -aG docker user
Note: If you grant docker privileges to the user, you are giving them the equivalent of root privileges. This can cause security problems. This procedure is therefore not recommended.
For detailed information: https://docs.docker.com/engine/security/#docker-daemon-attack-surface
I recommend using rootless docker instead.
Downloading the image
To run our application, we need to download the image of the distribution you want.
docker pull debian:testing
Setting permissions for video and audio
We need to use the following commands in order for our application running on Docker to make window creation requests properly and to control the sound of the application properly. These processes must be repeated every time we restart our computer.
# xhost +local to accept local window requests: # pactl load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 to open a pulseaudio sound server (only accept local requests)
Let's create a container from our downloaded docker image. Here we will pass the DISPLAY environmental variable and grant full hardware and network access authorization. We will also link home directories together. In this way, there will be no problems while using our hardware and network connection, and we will be able to see and edit our files easily.
docker run \ -it \ -e DISPLAY=$DISPLAY \ -e PULSE_SERVER=127.0.0.1\ -v /dev/dri:/dev/dri \ --net host \ -v /home:/home \ --name gui_application \ debian:testing
Here are the explanations of the parameters:
- -it to open interactive shell
- -e DISPLAY=$DISPLAY to pass environmental variable
- -e PULSE_SERVER=127.0.0.1 for pulseaudio sound server
- –net host for fully authorized network connection access
- -v /dev/dri: /dev/dri to access the video card
- -v /home:/home to make the home directory common
- –name to specify gui_application container name
After the container is created, a new shell will be started with the root user inside the container.
Installing the application
After entering the container, we can install our application.
apt update apt install krita
In order for our application to use the common home directory and work with similar privileges, let's create a user with the same name as our username. This user's UID must be the same as our user's.
You can change adduser user # uid in /etc/passwd. id user -> uid=1000(user) gid=1000(user) groups=1000(user) # We need to add our user to the audio and video group. (for sound and video card) usermod -aG audio user usermod -aG video user
If the /dev/dri directory in the container does not belong to the video group, let's fix its permissions.
chgrp video -R /dev/dri
Launching the application
First, let's switch to our user with the su command, and then run the command of our application.
su user krita
When we exit the container or restart the system, we can find the container-id value of the image we named in the docker ps -a output and start it again as docker start and then docker attach to log in again. If we no longer need it, we can delete the container with the docker rm command.
docker ps -a -> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -> 8b8862d05e24 debian:testing "bash" 2 hours ago Exited (137) 5 minutes ago gui_application docker start 8b8862d05e24 -> 8b8862d05e24 docker attach 8b8862d05e24
Adding to the application menu
To add our application to the application menu, let's prepare a script as follows and save it to /home/user/.local/bin/docker-krita
#!/bin/bash xhost +local: pactl load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 docker start gui_application docker exec gui_application chgrp -R video /dev/dri docker exec gui_application su $USER -c crita $@
Let's prepare our application launcher as follows and save it in /home/user/.local/share/applications/docker-krita.desktop.
[Desktop Entry] Name=Krita-docker Comment=krita on Docker GenericName=Krita Exec=/home/user/.local/bin/docker-krita %F Icon=krita Terminal=false StartupNotify=true Type=Application Categories=Utility; GTK;