accessing the host's X server from inside chroot

Per Hedeland per at
Wed Oct 9 22:16:02 UTC 2019

On 2019-10-09 18:07, Arthur Chance wrote:
> On 09/10/2019 14:18, Per Hedeland wrote:
>> On 2019-10-09 01:45, Kostas Oikonomou wrote:
>>> I am running FreeBSD 12.0p10.  Using chroot, I am trying to run a browser
>>> (palemoon) located in /opt/devuan, which contains a Devuan Linux
>>> distribution
>>> installed with 'debootstrap'.  My objective is for the browser to use
>>> the host's
>>> (FreeBSD)
>>> X server, not the Devuan one.
>>> I've added my FreeBSD user name as a Devuan user, home in
>>> /opt/devuan/home.
>>> Now I try things like
>>> sudo chroot -u <me> /opt/devuan home/palemoon/palemoon
>>> but I cannot get past the error
>>> Error: cannot open display: :0.0
>> The display name :0.0 corresponds to a unix domain socket, typically
>> /tmp/.X11-unix/X0, which you of course can't reach after a chroot. By
>> setting the environment $DISPLAY to localhost:0.0, a TCP connection
>> should be made instead, but these days the X server doesn't listen for
>> TCP connections by default. If you start X with startx(1), it should
>> be possible to pass it '-- -listen tcp' to make the server listen for
>> TCP connections, see the respective man pages.
>> Doing this has some security implications though, since the X server
>> will then listen on the wildcard address, and it will thus be possible
>> to connect to it over the network - I didn't see a way to make it
>> listen only on the localhost/loopback address. Authorization is still
>> required to actually do anything with the server - unless, of course,
>> you turn it off with "xhost +".
> If you run the host X server with -listen tcp and and set the DISPLAY
> variable in the chroot to localhost:0.0 I think you should be able to
> connect if you either 1) copy the FreeBSD level home directory's
> .Xauthority to the chroot's home directory or 2) run "xhost +localhost"
> at the host level before connecting.

Agreed, I didn't go into the details of how to actually make the
authorization work in this scenario. I would say that copying
.Xauthority is the preferred way since it keeps the authorization, but
while "xhost +localhost" disables it for connections from localhost,
it is probably "good enough".


More information about the freebsd-questions mailing list