This gives me a good idea of the syntax to use to recreate the following
with lxd:

lxc.mount.entry = /dev/dri dev/dri none bind,optional,create=dir
lxc.mount.entry = /dev/snd dev/snd none bind,optional,create=dir
lxc.mount.entry = /tmp/.X11-unix tmp/.X11-unix none
bind,optional,create=dir
lxc.mount.entry = /dev/video0 dev/video0 none bind,optional,create=file


However I am not sure of the syntax to use to implement the following
with lxd:

lxc.hook.pre-start =
/home/USERNAME/.local/share/lxc/precise-gui/setup-pulse.sh

Implementing Pulse in an lxd container is crucial to a project I wanted
to start so I would be very grateful for any help.

I was able to get graphics working fairly easily by "mounting" the
necessary devices via the 'lxc config device add <container> ...' tool,
however the following:


lxc.hook.pre-start =
/home/USERNAME/.local/share/lxc/precise-gui/setup-pulse.sh



still has me mystified.

First off I can not find documentation of how to create hooks in an LXD
configuration. Secondly I do not have enough knowledge of what this
script is doing, other than to change the paths and user names, to alter
it properly. Thirdly, there is no equivalent directories that I am aware
of that are used by lxd.

I have looked at flockport's documentation and they mention several
alternative ways to implement this but all seem to have some legacy lxc
dependency of some kind.

I did create a /tmp/.lxc directory then ran the script changing the path
to /tmp/.lxc/.pulse_socket and the user name and this seemed to be
successful. Also successfully 'export
PULSE_SERVER=/tmp/.lxc/.pulse_socket', also without error. But when I
tried 'lxc config device add <container> /tmp/.lxc/.pulse_socket
unix-char /tmp/.lxc/.pulse_socket' it returned the following error:

error: Failed to setup device: Failed to get device attributes: Not a device

perhaps this is obvious to some of you but I could really use help with
this.

(https://www.stgraber.org/2014/02/09/lxc1-0-gui-in-containers/), but in
it he say's it is used to "tell pulseaudio on the host to bind
/home/ubuntu/.pulse_socket in the container, checking that it’s not
already setup."

Well initially I got the script from flockport but went back to
Stéphane's LXC article
(https://www.stgraber.org/2014/02/09/lxc1-0-gui-in-containers/) and did
realize that I was using a script for privileged containers. Fixed the
script and it is still having problems. The script when executed
manually does not return any errors however pulse still does not export
in the container and the .pulse_socket is not created in /home/ubuntu
directory of the container and yes I specified the entire correct path
in the script.
I believe the problem may be id mapping as described in the
aforementioned blog series. The following would be added to the lxc
config file:

lxc.id_map = u 0 100000 1000
lxc.id_map = g 0 100000 1000
lxc.id_map = u 1000 1000 1
lxc.id_map = g 1000 1000 1
lxc.id_map = u 1001 101001 64535
lxc.id_map = g 1001 101001 64535

the user ubuntu in the container needs to be mapped to the same user id
as the normal user in the host. I am unaware of how this can be done in
the LXD config file or if an equivalent configuration can even be made
with LXD.

I think that if someone knows how this can be done in the LXD config
file, and also how hooks can be implemented, that sound could be quickly
enabled. If someone has any ideas please feel free to share them.
can tell (by looking at the lxc-to-lxd script) hooks are not supported
yet. Perhaps there is a workaround?
to make your graphics work?

As I mentioned this was surprisingly easy. I found the following
commands that someone had posted in an old lxc-users mailing. Sorry, I
can not remember who it was.

lxc config device add qt5-development /dev/nvidia0 unix-char
path=/dev/nvidia0

lxc config device add qt5-development /dev/nvidiactl unix-char
path=/dev/nvidiactl

lxc config device add qt5-development /dev/nvidia-uvm unix-char
path=/dev/nvidia-uvm

lxc config device add qt5-development /dev/video0 unix-char
path=/dev/video0
lxc config device add qt5-development /dev/tty0 unix-char path=/dev/tty0

lxc config device add qt5-development /dev/tty7 unix-char path=/dev/tty7

lxc config device add qt5-development /dev/tty8 unix-char path=/dev/tty8

lxc config device add qt5-development /dev/fb0 unix-char path=/dev/fb0
e99dd6437665
lxc config device add qt5-development /dev/dri unix-char path=/dev/dri

lxc config device add qt5-development /dev/dri/card0 unix-char
path=/dev/dri/card0

I replicated everything except the nvidia lines as they do not apply to
me. Also I found that I was not able to "mount" directories with this
command like /dev/dri and /dev/snd. I had to execute a line for each
device in these directies such as /dev/dri/card0 and so on. After this
the config file looked like the following:

name: gc1
profiles:
- default
config:
volatile.base_image:
e99dd64376651ed3b81bf312d2cfde1ef0a58ecd296a9ae4b654bda733f832ee
volatile.eth0.hwaddr: 00:16:3e:0f:6d:36
volatile.last_state.idmap:
'[{"Isuid":true,"Isgid":false,"Hostid":500000,"Nsid":0,"Maprange":458752},{"Isuid":false,"Isgid":true,"Hostid":500000,"Nsid":0,"Maprange":458752}]'
devices:
/dev/dri/card0:
path: /dev/dri/card0
type: unix-char
/dev/dri/controlD64:
path: /dev/dri/controlD64
type: unix-char
/dev/dri/renderD128:
path: /dev/dri/renderD128
type: unix-char
/dev/fb0:
path: /dev/fb0
type: unix-char
/dev/snd/controlC0:
path: /dev/snd/controlC0
type: unix-char
/dev/snd/hwC0D0:
path: /dev/snd/hwC0D0
type: unix-char
/dev/snd/hwC0D3:
path: /dev/snd/hwC0D3
type: unix-char
/dev/snd/pcmC0D0c:
path: /dev/snd/pcmC0D0c
type: unix-char
/dev/snd/pcmC0D0p:
path: /dev/snd/pcmC0D0p
type: unix-char
/dev/snd/pcmC0D3p:
path: /dev/snd/pcmC0D3p
type: unix-char
/dev/snd/pcmC0D7p:
path: /dev/snd/pcmC0D7p
type: unix-char
/dev/snd/pcmC0D8p:
path: /dev/snd/pcmC0D8p
type: unix-char
/dev/snd/seq:
path: /dev/snd/seq
type: unix-char
/dev/snd/timer:
path: /dev/snd/timer
type: unix-char
/dev/tty0:
path: /dev/tty0
type: unix-char
/dev/tty7:
path: /dev/tty7
type: unix-char
/dev/tty8:
path: /dev/tty8
type: unix-char
/dev/video0:
path: /dev/video0
type: unix-char
root:
path: /
type: disk
ephemeral: false

Then launched gc1 and ssh -X ***@10.0.1.16 and launched a browser and
chromium-bsu. Both worked flawlessly but without sound.
GUI containers; information on the subject is very scarce. Even
Stéphane's new series of LXD articles does not cover it. Is LXD not
recommended for GUI use?

Me as well. it seems like an important use case. My guess is the
developers are avoiding their creation getting labeled as yet another
application container system.

Osborne in a response to me on >03/11. I haven't been able to use them
successfully, but I will now try your method.
create a "GUI profile" that I can apply to any container that requires
it. My containers are unpriviledged, so I don't know if any of this will
work. It would be great to get some guidance from the devs.
not, where are they set?

X works perfectly with this setup on an unprivileged container. In
answer to your question I did not have to do any other settings for it
to work "out of the box", only the things mentioned in my previous post.
I don't know if maybe in the background lxd is implementing the
"bind,optional,create=dir" params invisibly but that is all I had to do.
Pulse is another thing though, still working on that. Found this
https://github.com/lxc/lxd/issues/579 though that gives some clues as to
how privileges can be corrected for pulse. I am still studying and
experimenting with it as it is, at the moment, somewhat over my head.
Also it seems that legacy lxc configs can be implemented by doing the
following:


|name: homebind config: *raw.lxc: |* lxc.mount.entry = /home/tribaal
home/tribaal none bind 0 0 devices: {} |

I have played with importing the regular user into the container via
lxc.id_map to work around pulse permissions with some promise but so far
not successful.

Hope someone else that knows more than me can help us out with this.