How to run graphical Wayland applications in systemd-nspawn

After praising Systemd-nspawn, recently I pushed the limits of what I thought was possible with system-nspawn:

I needed to start a graphical application (a Wayland client) inside the container and have its window show up in the hosts’ graphical environment (having the Wayland server).

To my surprise, this actually is possible. In this tutorial, I’ll document how I achieved this.

Create a new file tree for the container:

sudo debootstrap --include=systemd bookworm /var/lib/machines/bookworm-test1

Create a new container (notice that we don’t use --ephemeral, so our changes are persisted):

sudo systemd-nspawn -D /var/lib/machines/bookworm-test1 -M test1

You are now root inside the container; create a system user for logging in later:

useradd -s /usr/bin/bash app
passwd app # give a password and remember it
apt-get install -y chromium firefox-esr
logout
# Exit the machine by pressing Ctrl plus three times ]

Next, let’s boot the container:

sudo systemd-nspawn \
  -D /var/lib/machines/bookworm-test1 \
  --machine test1 \
  --bind=$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:/tmp/wayland.sock \
  --boot

Now, log in as user app with the password that you have set, and export the following environment variables:

export WAYLAND_DISPLAY=/tmp/wayland.sock
export CHROMIUM_FLAGS="--ozone-platform-hint=wayland"

Next, try to start Firefox, which should show up in the host’s graphical desktop environment:

MOZ_ENABLE_WAYLAND=1 firefox

You can also try Chromium:

CHROMIUM_FLAGS="--ozone-platform-hint=wayland" chromium

To exit the container, press Ctrl + ]]].

The only downside of this method is that it requires a system bus, which is present only when booting the container using --boot.