lima icon indicating copy to clipboard operation
lima copied to clipboard

Published 20 hours ago verified publisher icon lima-vm

Add documentation on how to run graphical applications

Open afbjorklund opened this issue 1 year ago • 5 comments

Description

Currently lima has information on how to run a command-line application.

Either using the nerdctl.lima wrapper, or starting it from the lima shell.

But there is no example on how to run a GUI app, for instance over X11 ?

This can be done both in the QEMU display, or remotely over SSH shell.

  1. Typical local qemu DISPLAY: :0 (from startx)

  2. Typical remote host DISPLAY: localhost:10.0 (from ssh -X)

Both approaches require some setup of the VM, and some added docs.

See discussion:

  • https://github.com/lima-vm/lima/discussions/987

Boot2Docker X11:

  • https://gist.github.com/afbjorklund/cb63251c43f73a4314ada904ae8f8d87 (2017)

Preferrably, this should link to more generic documentation for containers.

For instance, accessing the applications with x11docker --backend=nerdctl.

The VM doesn't have so many "secrets" to leak, but the host X11 (alt 2) might

There is lots of detailed info available at: https://github.com/mviereck/x11docker

This command (x11docker) provides improved security, over the more naive approach:

https://github.com/mviereck/x11docker/wiki/Short-setups-to-provide-X-display-to-container

afbjorklund avatar Jul 24 '22 16:07 afbjorklund

Unfortunately none of the mentioned x11docker methods work with nerdctl backend.

Then again, it did say that it was experimental (it tries to use both --rm and -d)

Container backends:

By default x11docker tries to run docker. To change the default --backend=docker to another one like --backend=podman, create a default file for --preset. Recommended for rootful container backend: docker or podman Recommended for rootless container backend: podman Only podman allows option --home in rootless mode yet. Only podman provides useful file ownerships with option --share in rootless mode yet. --backend=nerdctl is experimental yet. It supports rootful and rootless mode. nerdctl is in heavy development stage.

Guess it is back to running as root and privileged and mounting sockets and stuff.

afbjorklund avatar Jul 25 '22 08:07 afbjorklund

In addition to the QEMU displays (gtk/sdl/cocoa), it is also possible to use a VNC display (#1003)

It can be even be accessed in a browser using noVNC, if there is no local X11 server or VNC client.

afbjorklund avatar Aug 02 '22 08:08 afbjorklund

An app I'm running uses GLFW (an openGL library) and crashes with error Glfw Error 65543: GLX: Failed to create context: BadValue (integer parameter out of range for operation)

This seems to be a graphics driver issue, with the typical solution involving updating drivers. How should I approach this from within lima? I am running on a macbook air M2 chip. I'm able to open basic windows using xquartz from lima

mef51 avatar Aug 02 '23 18:08 mef51

I'd like to share my experience of trying to get this to work. Perhaps this will be helpful to writing documentation.

Attempt 1 (simplest and most successful)

I tried getting Lima to work with X11 forwarding. It took me embarrassingly long to realize that I need to run limactl edit and add the following to the YAML:

ssh:
  forwardX11: true

This was very effective, I can now run lima xterm and it works.

Unfortunately, I ran into they annoying issue https://github.com/lima-vm/lima/issues/2099, but it's not a complete showstopper. However, it's enough of a problem that I'm not sure this capability of Lima is ready to be advertised to the world.

(Before finding the YAML file, I tried various versions of ssh -X -F /Users/ilyagr/.lima/default/ssh.config lima-default which did not work at all. At first I thought this can be solved by the likes of xhost +, but I now think ssh did not even try to establish forwarding for some reason. I'm not sure why.)

Attempt 2

I also tried to set up VNC by adding

video:
  display: vnc

to my config. This was not successful; I can connect to the machine and open the display, but the display simply says "Display output is not active" on a black screen.

This is on a QEMU VM, IIUC there is no chance of this working on a VZ VM.

I tried sudo apt install gnome and restarting the VM; it didn't help. I am not too familiar with this aspect of Linux system administration, so I gave up.

Attempt 3

I also briefly tried to use xrdp with Microsoft Remote Desktop client for Mac OS. I couldn't immediately figure out how to configure xrdp so that I can log in to the correct user account that Lima sets up to not have a password. In other words, I got to its login screen and no further. I may try this again.

My config details

You can see #2099 for additional details about my config.

My full lima.yaml:

# This template requires Lima v0.7.0 or later
images:
  # Try to use release-yyyyMMdd image if available. Note that release-yyyyMMdd will be removed after several months.
  - location: "https://cloud.debian.org/images/cloud/bookworm/20231013-1532/debian-12-genericcloud-amd64-20231013-1532.qcow2"
    arch: "x86_64"
    digest: "sha512:6b55e88b027c14da1b55c85a25a9f7069d4560a8fdb2d948c986a585db469728a06d2c528303e34bb62d8b2984def38fd9ddfc00965846ff6e05b01d6e883bfe"
  - location: "https://cloud.debian.org/images/cloud/bookworm/20231013-1532/debian-12-genericcloud-arm64-20231013-1532.qcow2"
    arch: "aarch64"
    digest: "sha512:b3754e8c4b474fad2f0bb6d483158cc8e6661cf481dcd7a8c55cc128acb4cd2d829d4afe024462ae45028f33ab977d69737d820c8f6c56800cc133cdcfb5874d"
  # Fallback to the latest release image.
  # Hint: run `limactl prune` to invalidate the cache
  - location: "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-amd64.qcow2"
    arch: "x86_64"
  - location: "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-arm64.qcow2"
    arch: "aarch64"
mounts:
  - location: "~"
  - location: "/tmp/lima"
    writable: true
ssh:
  forwardX11: true
  forwardAgent: true
video:
  # QEMU display, e.g., "none", "cocoa", "sdl", "gtk", "vnc", "default".
  # Choosing "none" will hide the video output, and not show any window.
  # Choosing "vnc" will use a network server, and not show any window.
  # Choosing "default" will pick the first available of: gtk, sdl, cocoa.
  # As of QEMU v6.2, enabling anything but none or vnc is known to have negative impact
  # on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334
  # 🟢 Builtin default: "none"
  display: vnc
  # VNC (Virtual Network Computing) is a platform-independent graphical
  # desktop-sharing system that uses the Remote Frame Buffer protocol (RFB)
  vnc:
    # VNC display, e.g.,"to=L", "host:d", "unix:path", "none"
    # By convention the TCP port is 5900+d, connections from any host.
    # 🟢 Builtin default: "127.0.0.1:0,to=9"
    display: null

Thank you for making Lima! :)

ilyagr avatar Dec 27 '23 01:12 ilyagr

Adding my experience here. I prefer to run GUI apps in Lima via X11 forwarding, as described by @ilyagr ("Attempt 1") in the previous comment.

However, in my case (running Ubuntu in Lima), apps like Chromium and Firefox weren't running, and failing with errors like: Missing X server or $DISPLAY or X11 connection rejected because of wrong authentication. Error: cannot open display: localhost:10.0

Which is weird, because setting up an X11 connection and $DISPLAY env var is exactly what forwardX11: true in lima.yaml is supposed to do.

After some troubleshooting, it turns out this issue occurs because Ubuntu now distributes Chromium and Firefox as Snap packages. The issue and fix are described in this StackExchange post:

The workaround is to simply do: export XAUTHORITY=$HOME/.Xauthority before running the remote X11 application.

This fixed the problem for me, and I've added that line to a .profile file in my home dir so that I don't need to set the XAUTHORITY var by hand every time.

Hopefully this provides enough information to help others with similar problems running Snap-packaged apps in Lima!

prehensileBBC avatar Feb 16 '24 10:02 prehensileBBC