Containerize GUI Applications on Mac

After watching Container Hacks and Fun Images by Jessie Frazelle, I wanted to Containerize my GUI applications on OS X.

  • OS X doesn’t expose device files /dev/snd or /dev/video.
  • OS X doesn’t have a default x11 client. So we have to rely on XQuartz

This guide is tested under

It also works well under OS X(10.11.5) and Docker for Mac(1.12 stable) but XQuartz version must be 2.7.1_beta2(latest as of now). As pointed by Fredrik Averpil, there is a bug in XQuartz 2.7.9 stable version, which prevents opening the display from remote.

Note: After installing XQuartz you need to log out and log in back.

Running a container

  • Start xQuartz
$ open -a XQuartz
  • Allow connections from remote clients
    • xQuartz’s PreferenceSecurityAllow connections from network clients
      xQuartz preference
    • Get the ip address of your local machine
    $ ip=$(ifconfig en0 | grep inet | awk '$1=="inet" {print $2}')
    
    • Add your local machine to ACL. Using hostname is safer than using ip address.
    $ /usr/X11R6/bin/xhost + $(hostname)
    
  • Run firefox. Let’s use Jessie Frazzelle’s firefox image
$ docker run -d --name firefox -e DISPLAY=$ip:0 -v /tmp/.X11-unix:/tmp/.X11-unix jess/firefox

xQuartz preference

Edit: There is a new post with improved security using xauth instead of xhost.