English
« Back to projectatomic.io
Ask Your Question
0

How to connect to session dbus from a docker container?

asked 2016-04-13 13:31:51 +0000

ttomecek gravatar image

I'm trying to run an application in a docker container which is using gnome keyring to store credentials. This means that the container should suppose to be able to connect to 1) X server 2) session dbus. First one is pretty easy, I haven't figured out the second though. Here is my progress:

When I run seahorse inside, I get this output:

$ docker exec -ti $container seahorse
GLib-GIO-Message: Using the 'memory' GSettings backend.  Your settings will not be saved or shared with other applications.

** (seahorse:212): WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-A0VzKXzszp: Connection refused
seahorse-Message: DNS-SD initialization failed: Daemon not running

(seahorse:212): seahorse-WARNING **: Failed to initialize PGP backend: Inappropriate ioctl for device
** Message: Remote error from secret service: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.secrets was not provided by any .service files

(seahorse:212): seahorse-WARNING **: gkr-backend.vala:90: couldn't connect to secret service: The name org.freedesktop.secrets was not provided by any .service files

Unfortunately there's nothing at the /tmp path:

[user@23eb28d3426f /]$ ll /tmp/dbus-A0VzKXzszp:
ls: cannot access /tmp/dbus-A0VzKXzszp:: No such file or directory

This is how the container is built

FROM fedora:23

RUN dnf install -y some-app-written-in-python3 python3-dbus dbus-x11 libgnome-keyring python3-gobject
ARG USER_ID=1000
RUN useradd -o -u ${USER_ID} user
USER user
...

and run

docker run \
  -v ~/.dbus/:/home/user/.dbus/ \
  -v /etc/machine-id:/etc/machine-id \
  -v /run/user/$(id -u)/keyring:/run/user/$(id -u)/keyring \
  -e GPG_AGENT_INFO \
  -e SSH_AUTH_SOCK \
  -e DISPLAY \
  -v /tmp/.X11-unix:/tmp/.X11-unix \
  -e XAUTHORITY=/.Xauthority \
  -v ~/.Xauthority:/.Xauthority:ro \
  app

When I look at my host system in ~/.dbus I get

$ cat ~/.dbus/session-bus/655c866503344ae4852755f595f7110d-0
# This file allows processes on the machine with id 655c866503344ae4852755f595f7110d using
# display :0.0 to find the D-Bus session bus with the below address.
# If the DBUS_SESSION_BUS_ADDRESS environment variable is set, it will
# be used rather than this file.
# See "man dbus-launch" for more details.
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-9j6KQ3Z1kn,guid=0d4c30348483b100649f8a75570e2950
DBUS_SESSION_BUS_PID=16
DBUS_SESSION_BUS_WINDOWID=79691777

Checking dbus specified in the file I get nothing:

$ ps 16
  PID TTY      STAT   TIME COMMAND
$ ll /tmp/dbus-*
ls: cannot access /tmp/dbus-*: No such file or directory

Is this expected?

@walters I've seen you being assigned on many dbus bugs in Bugzilla. Would you be able to help me out here please?

edit retag flag offensive close merge delete

5 answers

Sort by » oldest newest most voted
0

answered 2016-04-13 14:00:43 +0000

walters gravatar image

DBus uses abstract sockets ( http://unix.stackexchange.com/questio... ) , which are network-namespace specific.

So the only real way to fix this is to not use a network namespace (i.e. docker run --net=host). Alternatively, you can run a process on the host which proxies access to the socket. I think that's what xdg-app does basically (also for security reasons to act as a filter).

There might be some other way, but that's all I can think of offhand.

edit flag offensive delete link more

Comments

`--net=host` did the trick; thanks Colin, very helpful!

ttomecek ( 2016-04-13 14:57:33 +0000 )edit
0

answered 2017-11-02 05:00:19 +0000

A container image is a lightweight, remain solitary, executable bundle of a bit of programming that incorporates everything expected to run it: code, runtime, system tools, system libraries, settings. Available for Do my Assignment Linux and Windows based applications, containerized software will dependably run the same, paying little respect to the earth.

edit flag offensive delete link more
0

answered 2017-10-24 11:47:20 +0000

WilliamNorman gravatar image

updated 2017-10-24 11:47:47 +0000

The Docker Engine can keep user qualifications in an outside, for example, the local keychain of the working framework. Utilizing an outer store is more secure than putting away qualifications in the Docker configuration file. To utilize a credentials store, you require an outside aide program to communicate with a particular keychain or outer store. Docker requires the assistant program to be in the client’s host. Writing Help UK | AssignmentEmpire

edit flag offensive delete link more
0

answered 2017-09-20 10:17:29 +0000

However, Psiphon provides a signed version of Psiphon3. It is not distributed as an installable pack. Instead, you get a single executable file which is signed by Psiphon Inc psiphon3

edit flag offensive delete link more
0

answered 2017-08-20 14:54:44 +0000

freedom apk

appvn

psiphon 3

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools

Follow
1 follower

Stats

Asked: 2016-04-13 13:31:51 +0000

Seen: 4,832 times

Last updated: Nov 02