←back to thread

Wayland Apps in WireGuard Docker Containers

(www.procustodibus.com)
44 points justinludwig | 2 comments | 17 Oct 24 22:36 UTC | HN request time: 0.001s | source
Show context
Arnavion ◴[18 Oct 24 00:52 UTC] No.41875367[source]
I do the same X + Wayland + PulseAudio socket mounted inside a (Podman, not Docker) container thing for sandboxing GUI programs like Steam, so that they do not have access to any host resources (especially the filesystem, which Steam has a reputation for not handling well :) ) unless I specifically allow it.
replies(2): >>41875422 #>>41875677 #
freedomben ◴[18 Oct 24 01:00 UTC] No.41875422[source]
Are you willing to share any of your code, especially for Steam? I'd love to do this as well but had a hell of a time getting X/Wayland and the GPU all mounted in. Gave up after a short time (have too many projects already) and just used the Flatpak, but I'd love to fully containerize it.
replies(1): >>41875468 #
1. Arnavion ◴[18 Oct 24 01:07 UTC] No.41875468[source]
https://news.ycombinator.com/item?id=34634854

My current one is quite a bit different (based on Debian instead of Ubuntu, additional steps to make VR work, and some other changes) but the parts related to sockets etc are the same.

replies(1): >>41875552 #
2. freedomben ◴[18 Oct 24 01:28 UTC] No.41875552[source]
Neat, thank you!

Direct link to Gist for any other interested people: https://gist.github.com/Arnavion/81006757190c29aa0b24c674e24...