Docker for Mac lets you run any Linux executable in an isolated process on Mac. A graphical app is just another process, that needs access to the X11 socket of the system, or an X11 server. You can run X11 applications on a Mac using an open source project called Xquartz. The steps to expose XQuartz to a Linux process running in Docker are simple:
- install XQuartz from xquartz.org. Note: you need to install XQuartz version 2.7.10, version 2.7.11 does not work with Docker for Mac. Then you have 3 choices:
- Proxy the XQuartz socket to port 6000 or
- Tell Xquartz to accept network calls. This is not very secure.
- Tell Xquartz to accept network calls and require authentication, setup X11 security using xauth, and mount ~/.Xauthority in the container.
Thus, after you install XQuartz, the 3 methods are as follows.
In your .bashrc:
export DISPLAY_MAC=`ifconfig en0 | grep "inet " | cut -d " " -f2`:0
function startx() {
if [ -z "$(ps -ef|grep XQuartz|grep -v grep)" ] ; then
open -a XQuartz
socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\" &
fi
}
Create a container using X11:
startx
docker run -e DISPLAY=$DISPLAY_MAC -it jess/geary
This approach is insecure, especially if you don't use a firewall on your machine. For a more secure approach see the next section.
In your .bashrc:
export DISPLAY_MAC=`ifconfig en0 | grep "inet " | cut -d " " -f2`:0
defaults write org.macosforge.xquartz.X11 nolisten_tcp -boolean false
function startx() {
if [ -z "$(ps -ef|grep XQuartz|grep -v grep)" ] ; then
open -a XQuartz
fi
}
Create a container using X11:
startx
docker run -e DISPLAY=$DISPLAY_MAC -it jess/geary
Launch XQuartz and in security settings, set authenticate connexions and expose on network.
In a Terminal, list the magic cookies that have been set, and add one for the Docker VM bridhe IP.
$ export DISPLAY_MAC=`ifconfig en0 | grep "inet " | cut -d " " -f2`:0
$ xauth list
pc34.home/unix:0 MIT-MAGIC-COOKIE-1 491476ce33cxxx86d4bfbcea45
pc34.home:0 MIT-MAGIC-COOKIE-1 491476ce33cxxx86d4bfbcea45
$ export DISPLAY=$DISPLAY_MAC
$ xauth
Using authority file /Users/pat/.Xauthority
xauth> add 192.168.64.1:0 . 491476ce33cxxx86d4bfbcea45
xauth> exit
Writing authority file /Users/pat/.Xauthority
$ xauth list
pc34.home/unix:0 MIT-MAGIC-COOKIE-1 491476ce33cxxx86d4bfbcea45
pc34.home:0 MIT-MAGIC-COOKIE-1 491476ce33cxxx86d4bfbcea45
192.168.64.1:0 MIT-MAGIC-COOKIE-1 491476ce33cxxx86d4bfbcea45
pc34:docker-tips pat$ docker run -e DISPLAY=$DISPLAY_MAC -v ~/.Xauthority:/root/.Xauthority -it jess/gimp
In your .bashrc:
export DISPLAY_MAC=`ifconfig en0 | grep "inet " | cut -d " " -f2`:0
defaults write org.macosforge.xquartz.X11 nolisten_tcp -boolean false
function startx() {
if [ -z "$(ps -ef|grep XQuartz|grep -v grep)" ] ; then
open -a XQuartz
fi
}
Create a container using X11:
startx
docker run -e DISPLAY=$DISPLAY_MAC -v ~/.Xauthority:/root/.Xauthority -it jess/geary
Checking that port 6000 is exposed.
lsof -i :6000
Checking XQuartz / Preferences / Security / "Allow connections from network clients" should be checked if you use option 2.
Jessie Frazelle's blog post, talks and repos, are invaluable. I highly recommend looking at her Dockerfiles repo.
Benny Cornelissen's post was super useful for the Mac side.
Cameron Taggart's blog post and Victoria Lynn's repo were excellent for Octave and SciPy.