Docker & desktop applications


I decided to play around a bit with running applications that aren’t packaged up for RHEL7 via docker.  I mean, why not?  That’s one of the perks of containers, so it should be doable without much fuss right?


I did manage with little difficulty to do so, but there is a bit of work that will go into it first, and you will need to work with Dockerfiles, selinux, and sudo.  Here we go.

I found a great tutorial on this and pretty much copied the work verbatim.  I know that not all applications are going to need everything in the template, but its just a container, so to hell with it.  If it is mission critical, one should be a bit more discriminatory anyhow.


Now, what I use is the following for my stub for a Ubuntu 14.04 LTS base:

FROM ubuntu:14.04

RUN apt-get update && apt-get install -y firefox

# Replace 1000 with your user / group id
RUN export uid=1000 gid=1000 && \
mkdir -p /home/firefox && \
echo “firefox:x:${uid}:${gid}:firefox,,,:/home/firefox:/bin/bash” >> /etc/passwd && \
echo “firefox:x:${uid}:” >> /etc/group && \
echo “firefox ALL=(ALL) NOPASSWD: ALL” > /etc/sudoers.d/firefox && \
chmod 0440 /etc/sudoers.d/firefox && \
chown ${uid}:${gid} -R /home/firefox

USER firefox
ENV HOME /home/firefox
CMD /usr/bin/firefox


As you can see not alot to it.   But lets go over a few things that should stand out a bit.  First off, the variables should bark out at you very loudly.  For things to work, we need to setup a few maps between your actual system UID and GID and the fake one we are making in the container.  Second, I need to work on making this a bit more portable.  I will eventually play around with a variable for the appname, and propagate that thru the entire Dockerfile as we are doing with the UID and GID variables.   Lastly a general clean up of everything there so its a bit more logical as to what is going on and can be commented out for those that just don’t need it.

That said, usage!  I am going to presume you can install docker (yum install -y docker).  The way docker builds docker images via dockerfiles is a bit odd for those not used to it, but you will want to make a directory structure that includes a folder for each docker image’s dockerfile. So a ~/Dockerfiles/firefox/ and put the above into it in a file called … (wait for it) … Dockerfile.  Yes with a capital D.  The result using the above demonstration info would be ~/Dockerfiles/firefox/Dockerfile.

Next via a terminal, cd to that directory and enter in:

sudo docker build -t firefox .

Dont forget the trailing space and period.  The image should be getting built.  Once completed, you can enter in on the prompt:

sudo docker images

That should show a firefox image.  Now we can invoke this firefox instance as we need via:

sudo docker run -ti –rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix firefox

If you are like me and love your selinux, it will have a fit.  Open up setroubleshooter and fix it as you deem best for your tastes.  Rerunning it should then work fine.

Here is a quick screen recording demonstrating what I went over.  I have already built the image, so that was of course not there.  But I do show my dockerfile I made, the launch script and running firefox.


Leave a Reply