Running Firefox in a systemd-nspawn container
Published: Sunday, Aug 23, 2015 Last modified: Monday, Dec 9, 2024
Bootstrap your container
Assuming you installed firefox in a container ~/containers/firefox
. On first
run I had Segmentation faults until I got st
working. I suspect it’s something to do with fonts!
Setup /etc/systemd/system/systemd-nspawn@firefox.service.d/override.conf
Mine looks like:
[Service]
ExecStart=
ExecStart=/usr/bin/systemd-nspawn \
--bind-ro=/home/hendry/.Xauthority:/home/hendry/.Xauthority \
--bind=/home/hendry/.config:/home/hendry/.config \
--bind=/tmp/.X11-unix \
--bind=/dev/snd \
--bind=/run/user/1000/pulse:/run/user/host/pulse \
-D /home/hendry/containers/firefox \
--bind /dev/shm \
--bind /etc/machine-id \
--network-veth -b
Setup systemd-networkd & OpenVPN
I use a container networking configuration like so /etc/systemd/network/80-container-host0.network.
My VPN configuration lives in ~/containers/firefox/etc/openvpn/uk.conf and
is invoked by starting openvpn@uk.service
.
Sound
This is the most difficult part! After hours of trial and error, attempting to
decipher cryptic error messages, I started pulseaudio with --disable-shm=true
and things started to work!
I’ve tweaked /usr/lib/systemd/user/pulseaudio.service
with that option.
sudo machinectl shell hendry@firefox --setenv=DISPLAY=:0 --setenv=PULSE_SERVER=unix:/run/user/host/pulse/native
Note that my $USER is hendry
which matches an account created also called
hendry
in the container. This is the only way I have figured out how to get
pulseaudio & sound working!!
Firefox fails wtih ALSA lib confmisc.c:768:(parse_card) cannot find card '0'
,
but I’ve found Chromium to work.
TODO
This setup needs work. Especially the sound part is very cumbersome. Why is it so hard to share video/sound devices? FFS!
OpenVPN is a but clumsy in the sense there is no way to quickly tell I’m on the VPN and everything is OK.
Word about network accounting
Assuming your container is called “firefox” like mine:
grep firefox /proc/net/dev
ve-firefox: 407205 2396 0 0 0 0 0 0 3732997 2814 0 0 0 0 0 0
So ~4 megabytes for a non-interactive Desktop session for BBC news. Notice from the point of view of the host, the data was transmitted - to the container!
That’s why /proc/net/dev
’s Receive and Transmit might be
flipped around.