What is the correct way to pass /tmp/.X11-unix into a chroot?

[dandelionred]

I debootstrapped ubuntu 19.04 into /nas/chroot/disco and installed smplayer inside.

Running this

firejail --noprofile --chroot=/nas/chroot/disco smplayer

I get this

...
qt.qpa.xcb: could not connect to display :0
...

As a dirty fix I set up such bind

sudo mount --bind /tmp /nas/chroot/disco/tmp

and chrooted smplayer can start now.

Is there some native to firejail way to pass /tmp/.X11-unix into a chroot?

Btw I run xorg with -nolisten local so there is no abstract socket. Hence /tmp/.X11-unix is the only way to X.

[smitsohu]

Setting an environment variable FIREJAIL_X11 should work.

[dandelionred]

Setting an environment variable FIREJAIL_X11 should work.

I'm not sure how to use it

$ FIREJAIL_X11=1 firejail --noprofile --chroot=/nas/chroot/disco smplayer
Error: cannot find /tmp/.X11-unix in chroot directory

[smitsohu]

You need to create an empty /tmp/.X11-unix directory as mount point first.

[dandelionred]

Thanks, it works now.

Mby the FIREJAIL_X11 tip should be added to https://firejail.wordpress.com/documentation-2/x11-guide/ ?

[smitsohu]

To be honest, FIREJAIL_X11 is quite a dirty solution itself.

In the moment Firejail doesn't help too much in setting up the chroot, but this also means it will not get in your way too much. I think what you described in the original post is "the correct way" actually.

[dandelionred]

KK, got it.

[smitsohu]

A last note:

Don't set FIREJAIL_X11 to yes, any other value will work just fine.

[dandelionred]

@smitsohu What is wrong with FIREJAIL_X11=yes?

[smitsohu]

@dandelionred FIREJAIL_X11=yes is used internally to indicate that an --x* option has been parsed; setting it to a value other than yes navigates around possible issues.

Did I already mention it is dirty? 😄