lima
lima copied to clipboard
lima-vm
Lima's X11 forwarding breaks after a MacBook goes to sleep
Summary
I'm trying to get Lima to work with XQuartz to run graphical applications. It mostly just works, except when my MacBook goes to sleep and wakes up again. After that, applications inside Lima can no longer seem to connect to X11 with messages like:
xterm: Xt error: Can't open display: localhost:12.0
Cc: #151, #877
My setup
I'm using Sonoma 14.2.1 on an M2 Apple silicon MacBook Pro. I installed XQuartz from its website, it reports XQuartz 2.8.5 (xorg-server 21.1.6). I'm running a Debian container. I added the following lines to limactl edit config file:
ssh:
forwardX11: true
forwardAgent: true
I also ran sudo apt install xterm in the container.
Here is some more sysinfo:
# On host system
$ uname -a
Darwin macaw.local 23.2.0 Darwin Kernel Version 23.2.0: Wed Nov 15 21:55:06 PST 2023; root:xnu-10002.61.3~2/RELEASE_ARM64_T6020 arm64 arm Darwin
$ limactl shell debian uname -a
Linux lima-debian 6.1.0-16-cloud-arm64 #1 SMP Debian 6.1.67-1 (2023-12-12) aarch64 GNU/Linux
$ lima --version
limactl version 0.19.0
This is a QEMU VM.
VM config (`lima.yaml`)
# This template requires Lima v0.7.0 or later
images:
# Try to use release-yyyyMMdd image if available. Note that release-yyyyMMdd will be removed after several months.
- location: "https://cloud.debian.org/images/cloud/bookworm/20231013-1532/debian-12-genericcloud-amd64-20231013-1532.qcow2"
arch: "x86_64"
digest: "sha512:6b55e88b027c14da1b55c85a25a9f7069d4560a8fdb2d948c986a585db469728a06d2c528303e34bb62d8b2984def38fd9ddfc00965846ff6e05b01d6e883bfe"
- location: "https://cloud.debian.org/images/cloud/bookworm/20231013-1532/debian-12-genericcloud-arm64-20231013-1532.qcow2"
arch: "aarch64"
digest: "sha512:b3754e8c4b474fad2f0bb6d483158cc8e6661cf481dcd7a8c55cc128acb4cd2d829d4afe024462ae45028f33ab977d69737d820c8f6c56800cc133cdcfb5874d"
# Fallback to the latest release image.
# Hint: run `limactl prune` to invalidate the cache
- location: "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-amd64.qcow2"
arch: "x86_64"
- location: "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-arm64.qcow2"
arch: "aarch64"
mounts:
- location: "~"
- location: "/tmp/lima"
writable: true
ssh:
forwardX11: true
forwardAgent: true
However, I also checked that this affects a VZ VM based on the "default" template in exactly the same way.
The problem
If I have XQuartz running, limactl shell debian xterm works fine at first. However, if I close the lid of the computer and reopen it an hour later, it no longer works. The error message is what I quoted before: xterm: Xt error: Can't open display: localhost:12.0.
Interestingly, the xterm I ran before closing the lid still runs and responds to new input after the lid is reopened. However, I cannot start new graphical applications from it either.
Workaround
Restarting the VM fixes the problem. I haven't yet found a better workaround, please let me know if you know one!
We need a way to restore the SSH connections after sleep, both for the host but also for the guest:
- https://github.com/lima-vm/lima/issues/598
Idle thought: This might be overkill, but perhaps Lima could allow connecting to the guest via https://www.wireguard.com/install/ if Wireguard is installed on the host. I'm more familiar with the simpler but non-free Tailscale, so I don't know just how tricky this would be; it would likely have other applications as well.
https://github.com/linuxserver/docker-wireguard could be useful to look at as an example.
Idle thought: This might be overkill, but perhaps Lima could allow connecting to the guest via https://www.wireguard.com/install/ if Wireguard is installed on the host. I'm more familiar with the simpler but non-free Tailscale, so I don't know just how tricky this would be; it would likely have other applications as well.
https://github.com/linuxserver/docker-wireguard could be useful to look at as an example.
Was this intended to be posted in another place? Doesn't seem relevant to X11.
I was thinking that if the SSH connection (with X forwarding) went via Wireguard, it wouldn't break on sleep AFAIK. I should've mentioned that, sorry for the confusion.
This is based on my experience with Tailscale (which is commercial but freemium). Installing tailscale in the VM and using it for ssh should be smoother workaround for the problem, but I haven't double-checked yet.
same issue here. it looks like the SSH sever in vm died after host wakeup sometime. restarting works for me but quite annoying. macos: 14.4.1 (23E224)
when stop the vm, it complains there's no ssh.sock:
INFO[0000] Waiting for the host agent and the driver processes to shut down
INFO[0000] [hostagent] Received SIGINT, shutting down the host agent
INFO[0000] [hostagent] Shutting down the host agent
INFO[0000] [hostagent] Stopping forwarding "/run/lima-guestagent.sock" (guest) to "/Users/jgao/.lima/default/ga.sock" (host)
INFO[0000] [hostagent] Unmounting "/Users/jgao"
INFO[0000] [hostagent] Unmounting "/tmp/lima"
WARN[0000] [hostagent] failed to exit SSH master error="failed to execute `ssh -O exit -p 60022 127.0.0.1`, out=\"Control socket connect(/Users/jgao/.lima/default/ssh.sock): No such file or directory\\r\\n\": exit status 255"
WARN[0000] [hostagent] an error during shutting down the host agent error="failed to run [ssh -F /dev/null -o IdentityFile=\"/Users/jgao/.lima/_config/user\" -o IdentityFile=\"/Users/jgao/.ssh/id_rsa\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^[email protected],[email protected]\" -o User=jgao -o ControlMaster=auto -o ControlPath=\"/Users/jgao/.lima/default/ssh.sock\" -o ControlPersist=yes -T -O cancel -L /Users/jgao/.lima/default/ga.sock:/run/lima-guestagent.sock -N -f -p 60022 127.0.0.1 --]: \"\": exit status 255"
INFO[0000] [hostagent] Shutting down QEMU with ACPI
INFO[0000] [hostagent] Sending QMP system_powerdown command
FATA[0180] did not receive an event with the "exiting" status```
It actually seems to me that this is an X11-specific issue, and not an issue with the SSH connection itself, at least for me.
If I use limactl shell, that connection survives a sleep-resume cycle fine. I believe this connection goes over SSH. The terminal part of the connection still works after the resume. The X11 forwarding only works until the computer goes to sleep, though.
Am I misunderstanding something?
Another interesting option for working around this is https://github.com/Xpra-org/xpra or the (seemingly less mature) https://github.com/wayland-transpositor/wprs.
I'll leave another comment if I actually test them.
Update: No luck so far, Xpra crashes on startup on Mac OS Sonoma (Apple Silicon), https://github.com/Xpra-org/xpra/issues/4017#issuecomment-2105506722. Seems to be some sort of GTK issue. WPRS doesn't seem to support Mac OS at all.
Historically there was NX for this type of set up, not sure if anyone uses it since it stopped being Open Source
https://en.wikipedia.org/wiki/NX_technology
NX doesn't seem to have any binaries for Apple Silicon, the best I can find is https://downloads.nomachine.com/download/?id=7. That might work via Rosetta, but it makes me suspicious that they haven't updated their site since Apple Silicon appeared in the world. They DO ship binaries for ARM Linux, so maybe the part inside Lima would work. Since they are close-source, other people cannot try to compile better binaries.
To me, NX sounds very similar to VNC or RPD (https://github.com/neutrinolabs/xrdp). Both seem to have good Mac OS clients and open-source Linux clients.
They have a couple of disadvantages: unlike X11 forwarding with XQuartz and unlike Xpra, they show an entire Linux desktop in one window, and every remote app lives in that one window. Also, I found both hard to configure inside Lima (though I'm sure it's possible with enough effort).