I've got kwin_wayland + plasmashell (wayland) running in a container (bugs included)

Martin Graesslin mgraesslin at kde.org
Tue Mar 15 15:35:56 UTC 2016 

Hi Sebastian,

that's pretty cool! Thanks for sharing. 

Cheers
Martin

P.S.: Personally I'm a little bit shocked to see how easy it is to expose the 
GPU as that makes escaping the container pretty easy.

On Monday, March 14, 2016 5:36:28 PM CET Sebastian GrĂ¼ner wrote:
> hey all,
> 
> I've been fiddling around wit lxc on a smartphone the other week, did
> some reading and thought I'd try out some ideas with kwin_wayland.
> This is one of your proposals for this years GSOC projects at KDE [1],
> and I know my approach is different from what is explained there.
> Nevertheless I'd like to share my initial hack with you, in case anyone
> wants to pursue this further.
> Long story short: I copied random bits and pieces of the web and got
> kwin_wayland and plasmashell (via startplasmacompositor) running in a
> containerized environment with native hardware acceleration, no llvmpipe
> needed :-). (I used systemd-nspawn, docker and lxc should work as well,
> haven't tried this though).
> 
> Here is what I've done:
> Get a rootfs of your favorite distro:
> - I use Opensuse Tumbleweed since I am familiar with this. (KDE
> Frameworks 5.20, Plasma 5.5.95)
> - I set up Debian unstable as well, which worked, but this uses old KDE
> packages (debootstrap)
> - I tried Ubuntu Xenial (debootstrap), weston works with native hw, but
> kwin_wayland won't start up.
> 
> Systemd comes with a minimal container tool, systemd-nspawn [2], which
> is described as similar to a chroot and quite easy to use. With this one
> can just switch into the rootfs:
> 
> sudo systemd-nspawn -D $ROOTFSDIRECTORY/
> 
> systemd-nspawn has quite a lot of command line switches, you can set
> environment variables and bind-mount specific directories for example.
> So why not just bind-mount the device-node of my graphics-card?
> here we go:
> 
> xhost +local:
> 
> sudo systemd-nspawn --setenv=DISPLAY=:0 \
> --setenv=XAUTHORITY=~/.Xauthority \
> --setenv=XDG_RUNTIME_DIR=/run/user/1000 \
> --bind-ro=$HOME/.Xauthority:/root/.Xauthority \
> --bind=/run/user/1000/:/run/user/1000 \
> --bind=/tmp/.X11-unix \
> --bind=/dev/shm:/dev/shm \
> --bind=/dev/dri/card0:/dev/dri/card0 \
> -D suse/ kwin_wayland --libinput --xwayland --drm --windowed "konsole
> --platform wayland"
> 
> Initially I tried weston: to do this just change the command at the very
> end. If you change the command to startplasmacompositor the Plasma
> desktop starts up. In order to make Plasma useable and avoid loops for
> kscreen, powerdevil you need Dbus, so I just did bind mount my
> bus-socket with
> 
> --bind=/run/dbus/system_bus_socket:/run/dbus/system_bus_socket
> 
> It should be somehow possible to run the dbus-daemon from within the
> container.
> 
> There is probably a lot of stuff that could be improved upon, but I got
> plasmashell in a container up and running!
> If the container hangs/crashes you can terminate it from a different tty
> with machinectl [3].
> 
> I hope you like this. :-)
> 
> Sebastian
> 
> [1]
> https://community.kde.org/GSoC/2016/Ideas#Project:_Running_KWin.2FWayland_in
> _a_Docker_container [2]
> https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html [3]
> https://www.freedesktop.org/software/systemd/man/machinectl.html
> _______________________________________________
> Plasma-devel mailing list
> Plasma-devel at kde.org
> https://mail.kde.org/mailman/listinfo/plasma-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20160315/e8bd7dec/attachment.sig>

More information about the Plasma-devel mailing list