LXD GUIs

• See Installing lxd for preparatory steps including the profiles pa and x11

Here I'm going to make a LXD container with different GUI capabilities, and try to avoid making large images if possible.

Summarising the recipe for the local image firefox-ubuntu and adding on top of that the required packages for gnome-terminal and tmux we get:

lxc launch images:ubuntu/18.04/cloud --profile default --profile x11 --profile pa x11ubu18
lxc exec x11ubu18 -- sudo --user ubuntu --login
sudo apt install x11-utils mesa-utils dbus-x11 gnome-terminal firefox
firefox & # `about:preferences` change search engine to DuckDuckGo and remove 'Home content' 
lxc snapshot x11ubu18 x11ffubu18
lxc publish x11ubu18/x11ffubu18 --alias firefox-tmux-x11-ubuntu

This is only very slightly (30MB) larger than the container I made earlier called firefox-ubuntu which just had Firefox (I'd estimate Firefox added 240MB to the size of the image). The total size of this new image (firefox-tmux-x11-ubuntu) is 371.50MB, it took a few minutes to set up.

I can launch another container from this image, using

lxc launch firefox-tmux-x11-ubuntu --profile default --profile x11 --profile pa ffx2
lxc exec ffx2 -- sudo --user ubuntu --login
firefox &

The first time I ran this, the Firefox window title showed that it was running on the other container, x11ubu18 (not the just-launched ffx2 whose login shell had launched the firefox & call!)

This seems to be due to the error message which shows:

Sandbox: /tmp/.X11-unix/X0 is inaccessible (No such file or directory); can't isolate network namespace in content processes

which I interpret as meaning that the containerised Firefox tries to find a /tmp/.X11-unix/X0 in the container (which is the location of the X server socket on the host), and since no such file exists at that path in the container, it fails to "isolate network namespace in content processes".

This attempt to connect to a pre-existing instance of Firefox can be overriden with the -no-remote flag: note that this doesn't happen if a pre-existing Firefox is running from the host (i.e. only containerised Firefoxes can potentially cross-talk in this way, presumably since they share the same socket).

Re-running the last line as

firefox -no-remote &

...we get the new defaults in Firefox which were set in the other container: search engine and home page are customised. That's because they're stored in the profile settings which were stored in the container snapshot. It even has browser history stored there!

Now let's clear the browser history and open some pages, and see if it's possible to snapshot browser state: the open tabs. The first thing to check is the last update of the recovery file.

lxc exec ffx2 -- sudo --user ubuntu --login

(Then open some URLs in Firefox to be recovered)

ls -l .mozilla/firefox/*default-release/sessionstore-backups/recovery.jsonlz4

⇣

-rw------- 1 ubuntu ubuntu 3902 Sep 21 21:18

That's similar to the current time, indicating it's a newly created backup and can be expected to store the URLs we have open. I open another tab and check the file again, and its last modified time is instantly updated.

lxc snapshot ffx2 urls_opened
lxc publish ffx2/urls_opened --alias ftxu_browsing

• (ftxu = firefox + tmux + x11 + ubuntu)

So now we can launch one of these as a new container, ffx3

lxc launch ftxu_browsing --profile default --profile x11 --profile pa ffx3