Need to be able to run GUI applications inside a docker container without upsetting Network Security or having to set the user in the container to have the same UID / GID as the host user.
I keep upsetting Network Security.
- the output of:
pinata diagnose -uon OSX
OS X: version 10.10.5 (build: 14F1808)
Docker.app: version v1.11.1-beta12
Running diagnostic tests:
[OK] Moby booted
Docker logs are being collected into /tmp/20160524-172235.tar.gz
Most specific failure is: No error was detected
Your unique id is: A9BC238C-F4F7-4328-ACB3-4189FD004E89
a reproducible case if this is a bug, Dockerfiles FTW
page URL if this is a docs issue or the name of a man page
host distribution and version ( OSX 10.10.x, OSX 10.11.x, Windows, etc )
Steps to reproduce the behavior
- Follow the instructions (ish) at http://kartoza.com/how-to-run-a-linux-gui-application-on-osx-using-docker/
- Do X-y stuff.
- Wait for Network Security to block my machine due to an open port 6000.
I understand that the issue is the socat line, viz:
socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"
where the container is configured to send to
What I’d like to do is ensure that socat is only listening to the address from whence my container will be contacting the host. Problem is, I can’t discover what that is. I’ve tried running in short bursts and trying to work out what’s going on with tcpdump. I’ve tried setting socat’s range=172.16.0.0/12 and/or the container’s DISPLAY to 172.17.0.1, to no avail. Ideas at this point would be appreciated.