This is really cool! The first time I tried to run a GUI app in a container, I discovered there's a LOT of practical gaps between "okay I have containers" and "I want to run a graphical application". Subuser bridges those gaps nicely.
My favorite part of reading the docs for subuser is how completely direct and honest they are about security of various features. E.g., if you enable some features of X bridging, you're accepting security risks, because that's how X works. (And if you don't need those features, don't enable them; it looks like subuser has it down to a one-word config flag, which is amazing.) By comparison, if you start out on your own... there's lots of brief tutorials on the internet about using xephyr, or xpra, or doing something really wildly unsafe like just plain mounting the X sockets in. But not only are all these things rough to get started on by yourself, the brief explanations thrown around are often not clear on the security implications. Subuser seems like a great way to do the right things... out of the box. And with excellent truth in packaging.
I've accumulated a lot of scripts in my personal `~/bin` over the last couple years that do stuff like "mount cwd and interesting dir $x, make sure image with $prog is here or fetch it, now pass args and invoke $prog with $HOME=..." -- and while these have been really useful to me, they've been ad-hoc and almost impossible to usefully share with others. Subuser's format for making valuable configuration like this sharable is extremely interesting.
My favorite part of reading the docs for subuser is how completely direct and honest they are about security of various features. E.g., if you enable some features of X bridging, you're accepting security risks, because that's how X works. (And if you don't need those features, don't enable them; it looks like subuser has it down to a one-word config flag, which is amazing.) By comparison, if you start out on your own... there's lots of brief tutorials on the internet about using xephyr, or xpra, or doing something really wildly unsafe like just plain mounting the X sockets in. But not only are all these things rough to get started on by yourself, the brief explanations thrown around are often not clear on the security implications. Subuser seems like a great way to do the right things... out of the box. And with excellent truth in packaging.
I've accumulated a lot of scripts in my personal `~/bin` over the last couple years that do stuff like "mount cwd and interesting dir $x, make sure image with $prog is here or fetch it, now pass args and invoke $prog with $HOME=..." -- and while these have been really useful to me, they've been ad-hoc and almost impossible to usefully share with others. Subuser's format for making valuable configuration like this sharable is extremely interesting.