English
« Back to projectatomic.io
Ask Your Question
0

How to connect to session dbus from a docker container?

asked 2016-04-13 13:31:51 +0000

ttomecek gravatar image

I'm trying to run an application in a docker container which is using gnome keyring to store credentials. This means that the container should suppose to be able to connect to 1) X server 2) session dbus. First one is pretty easy, I haven't figured out the second though. Here is my progress:

When I run seahorse inside, I get this output:

$ docker exec -ti $container seahorse
GLib-GIO-Message: Using the 'memory' GSettings backend.  Your settings will not be saved or shared with other applications.

** (seahorse:212): WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-A0VzKXzszp: Connection refused
seahorse-Message: DNS-SD initialization failed: Daemon not running

(seahorse:212): seahorse-WARNING **: Failed to initialize PGP backend: Inappropriate ioctl for device
** Message: Remote error from secret service: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.secrets was not provided by any .service files

(seahorse:212): seahorse-WARNING **: gkr-backend.vala:90: couldn't connect to secret service: The name org.freedesktop.secrets was not provided by any .service files

Unfortunately there's nothing at the /tmp path:

[user@23eb28d3426f /]$ ll /tmp/dbus-A0VzKXzszp:
ls: cannot access /tmp/dbus-A0VzKXzszp:: No such file or directory

This is how the container is built

FROM fedora:23

RUN dnf install -y some-app-written-in-python3 python3-dbus dbus-x11 libgnome-keyring python3-gobject
ARG USER_ID=1000
RUN useradd -o -u ${USER_ID} user
USER user
...

and run

docker run \
  -v ~/.dbus/:/home/user/.dbus/ \
  -v /etc/machine-id:/etc/machine-id \
  -v /run/user/$(id -u)/keyring:/run/user/$(id -u)/keyring \
  -e GPG_AGENT_INFO \
  -e SSH_AUTH_SOCK \
  -e DISPLAY \
  -v /tmp/.X11-unix:/tmp/.X11-unix \
  -e XAUTHORITY=/.Xauthority \
  -v ~/.Xauthority:/.Xauthority:ro \
  app

When I look at my host system in ~/.dbus I get

$ cat ~/.dbus/session-bus/655c866503344ae4852755f595f7110d-0
# This file allows processes on the machine with id 655c866503344ae4852755f595f7110d using
# display :0.0 to find the D-Bus session bus with the below address.
# If the DBUS_SESSION_BUS_ADDRESS environment variable is set, it will
# be used rather than this file.
# See "man dbus-launch" for more details.
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-9j6KQ3Z1kn,guid=0d4c30348483b100649f8a75570e2950
DBUS_SESSION_BUS_PID=16
DBUS_SESSION_BUS_WINDOWID=79691777

Checking dbus specified in the file I get nothing:

$ ps 16
  PID TTY      STAT   TIME COMMAND
$ ll /tmp/dbus-*
ls: cannot access /tmp/dbus-*: No such file or directory

Is this expected?

@walters I've seen you being assigned on many dbus bugs in Bugzilla. Would you be able to help me out here please?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-04-13 14:00:43 +0000

walters gravatar image

DBus uses abstract sockets ( http://unix.stackexchange.com/questio... ) , which are network-namespace specific.

So the only real way to fix this is to not use a network namespace (i.e. docker run --net=host). Alternatively, you can run a process on the host which proxies access to the socket. I think that's what xdg-app does basically (also for security reasons to act as a filter).

There might be some other way, but that's all I can think of offhand.

edit flag offensive delete link more

Comments

`--net=host` did the trick; thanks Colin, very helpful!

ttomecek ( 2016-04-13 14:57:33 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools

Follow
1 follower

Stats

Asked: 2016-04-13 13:31:51 +0000

Seen: 3,586 times

Last updated: Apr 13 '16