in a digital-signage project, we do for a customer, we are using balenaCloud. First of all, it works for almost everything like a charm. We use balenaOS as the host-system on RaspberryPi’s and IntelNuc’s to show images from AWS S3 with a modified Electron-App on the connected displays. BalenaCloud does the fleet management and image distribution, etc. for us.
Our customer has a special request now. He wants us to use a special piece of hardware. It is a 32-bit Debian system. We already did manage to start balenaOS in a docker container (self-compiled 32bit Docker daemon with scripts from github.com/balena-os/balenaos-in-container). We cannot flash the whole hardware because of existing software that needs to run beside the balenaOS.
Now to the tricky part. Is it possible to mount/route the X-Server (/tmp/.X11-unix) from Debian to the balenaOS to the balenaService running to show content? We cannot start a new X-Server in the balenaService because the system has also some apps that need to be shown on the display.
We did modify the balena-in-container script already to forward the X-server into the balenaOS. The small step missing is the forwarding from balenaOS to the balenaService, which is running inside. We tried it with a docker-compose file to bind the X-Server(/tmp/.X11-unix) but only named-values are allowed in that file.
Are there any other options we could try to get the X-Server forwarded from balenaOS to that balenaService?
Thanks for getting in touch. This is definitely a tricky issue, since balenaOS does not support bind mounts into containers. I will reach out to our engineers and see if anyone has experience of running balenaOS in a container and then trying to bind X11 from the host, through the balenaOS container and into a balena service. It’s possible we could try to recreate the scenario and try to work it out. But this won’t be quick - please bear with us!
I’ve spoken with some of my colleagues and it sounds like this won’t be possible, because balenaOS does not support bind mounts for security reasons. balenaOS expects to be the main OS running on a machine and does not run X11 itself - so the only way of doing this is how you’ve done it with your other users: running X11 within a container.
A similar question,
I would like to forward an X application running in a balena service container over the balena tunnel to my local device (development laptop).
How could I get this working?
I notice that in the hostOS /etc/ssh/sshd_config the X11Forwarding is set to no, so I guess that would have to change.
Does the same limitation for the above question apply here? I wasn’t totally clear on what bind mounts were.
I guess the X application in the balena service container would have to set the DISPLAY to some local host value and that might work?
I’m not that familiar with X so forgive any obvious ignorance.
Is this even possible since balena ssh is only ssh to the hostOS but from hostOS → container its a docker command?