GUI app in container does not connect to X server in host

This is no doubt a FAQ but --sorry, I couldn’t locate any solution on the Net so far …

I am trying to run a GUI app (glxgears) in a docker container (based on Ubuntu 16.04) on a Ubuntu 16.04.2_LTS host. Doesn’t work, though I seem to be following the solutions indicated in the past. I get the error in the container:

/tmp/GPU$ docker run --rm --privileged -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix -v /dev/snd:/dev/snd -it glxgears bash
root@7d09bca7d9c0:/# glxgears
No protocol specified
Error: couldn’t open display :0

More details:

  • Host is running X server:
    /tmp/GPU$ ps -ef | grep X
    root 20053 1096 1 14:39 tty7 00:00:40 /usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch

    Docker version 17.06.0-ce, build 02c1d87

/tmp/GPU$ docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 13
Server Version: 17.06.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfb82a876ecc11b5ca0977d1733adbe58599088a
runc version: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.8.0-41-generic
Operating System: Ubuntu 16.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.31GiB
Name: sundar-nuc
ID: ROP5:N44F:SBL5:RSMJ:YNL7:7D24:L7WU:3LFZ:GBYT:YLW6:EYL5:4JVS
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Http Proxy: @@@
Https Proxy: @@@
No Proxy: @@@,127.0.0.1,localhost
Registry: @@@
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false

/tmp/GPU$ uname -a
Linux … 4.8.0-41-generic #44~16.04.1-Ubuntu SMP Fri Mar 3 17:11:16 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

The Dockerfile for the container image is:
FROM ubuntu:16.04
LABEL “mesa.version”="10.1.3"
LABEL “opengl.version”=“2.1”

RUN mkdir -p /etc/apt
COPY apt.conf /etc/apt
COPY resolv.conf /etc
RUN apt-get update &&
apt-get -y install
libgl1-mesa-dri
libgl1-mesa-glx
mesa-utils

RUN export uid=1000 gid=1000 &&
mkdir -p /home/developer &&
echo “developer:x:${uid}:${gid}:Developer,:/home/developer:/bin/bash” >> /etc/passwd &&
echo “developer:x:${uid}:” >> /etc/group &&
echo “developer ALL=(ALL) NOPASSWD: ALL” > /etc/sudoers.d/developer &&
chmod 0440 /etc/sudoers.d/developer &&
chown ${uid}:${gid} -R /home/developer

USER developer
ENV HOME /home/developer

Thank you,
Sundar

Apart from --privileged, I have also tried “–security-opt seccomp:unconfined”. Is there any other factor that can block X server connection?