From a8b90ca5b781cb96f4860428daf27d90ba5d9ebd Mon Sep 17 00:00:00 2001
From: Ezra Brooks <ezra@brooks.cx>
Date: Wed, 4 Sep 2024 15:15:58 -0600
Subject: [PATCH] Mount Xauthority into Docker containers (#173)

---
 moveit2/run.sh      | 21 +++++++++++++++++++--
 nav2_demo/run.sh    | 21 +++++++++++++++++++--
 navigation2/run.sh  | 21 +++++++++++++++++++--
 space_robots/run.sh | 21 +++++++++++++++++++--
 4 files changed, 76 insertions(+), 8 deletions(-)

diff --git a/moveit2/run.sh b/moveit2/run.sh
index 9381852..d167d56 100755
--- a/moveit2/run.sh
+++ b/moveit2/run.sh
@@ -12,5 +12,22 @@ IMG_NAME=openrobotics/moveit2
 CONTAINER_NAME="$(tr '/' '_' <<< "$IMG_NAME")"
 
 # Start the container
-docker run --rm -it --name $CONTAINER_NAME  --network host \
-    -e DISPLAY -e TERM   -e QT_X11_NO_MITSHM=1 $IMG_NAME
+# --rm: delete container after exiting
+# -it: Interactive TTY mode so you can use a shell.
+# --network host: Does not isolate Docker container from host's network interfaces.
+#                 Allows all traffic to pass through as if it originated from the host.
+#                 In our case, useful for DDS traffic for ROS.
+# -e DISPLAY: Pass the X11 display through to the container.
+# -e TERM: Pass the kind of terminal being used through to the container.
+# -e QT_X11_NO_MITSHM=1: Disables shared memory extension for Qt/X11, which does not work consistently inside a process namespace like a container.
+# -v "$XAUTHORITY:/.Xauthority": the $XAUTHORITY environment variable on the host contains the path to a file that grants access to X11.
+#                                We mount the path defined in that environment variable into the container at /.Xauthority.
+# -e XAUTHORITY=/.Xauthority: We set $XAUTHORITY *inside* the container to the place we just mounted the Xauthority (/.Xauthority)
+docker run --rm -it --name $CONTAINER_NAME \
+                    --network host \
+                    -e DISPLAY \
+                    -e TERM \
+                    -e QT_X11_NO_MITSHM=1 \
+                    -v "$XAUTHORITY:/.Xauthority" \
+                    -e XAUTHORITY=/.Xauthority \
+                    $IMG_NAME
diff --git a/nav2_demo/run.sh b/nav2_demo/run.sh
index d596ffc..a3e761d 100755
--- a/nav2_demo/run.sh
+++ b/nav2_demo/run.sh
@@ -12,5 +12,22 @@ IMG_NAME=osrf/space_nav2_demo
 CONTAINER_NAME="$(tr '/' '_' <<< "$IMG_NAME")"
 
 # Start the container
-docker run --rm -it --name $CONTAINER_NAME  --network host \
-    -e DISPLAY -e TERM   -e QT_X11_NO_MITSHM=1 $IMG_NAME
+# --rm: delete container after exiting
+# -it: Interactive TTY mode so you can use a shell.
+# --network host: Does not isolate Docker container from host's network interfaces.
+#                 Allows all traffic to pass through as if it originated from the host.
+#                 In our case, useful for DDS traffic for ROS.
+# -e DISPLAY: Pass the X11 display through to the container.
+# -e TERM: Pass the kind of terminal being used through to the container.
+# -e QT_X11_NO_MITSHM=1: Disables shared memory extension for Qt/X11, which does not work consistently inside a process namespace like a container.
+# -v "$XAUTHORITY:/.Xauthority": the $XAUTHORITY environment variable on the host contains the path to a file that grants access to X11.
+#                                We mount the path defined in that environment variable into the container at /.Xauthority.
+# -e XAUTHORITY=/.Xauthority: We set $XAUTHORITY *inside* the container to the place we just mounted the Xauthority (/.Xauthority)
+docker run --rm -it --name $CONTAINER_NAME \
+                    --network host \
+                    -e DISPLAY \
+                    -e TERM \
+                    -e QT_X11_NO_MITSHM=1 \
+                    -v "$XAUTHORITY:/.Xauthority" \
+                    -e XAUTHORITY=/.Xauthority \
+                    $IMG_NAME
diff --git a/navigation2/run.sh b/navigation2/run.sh
index 77377f6..d5604f5 100755
--- a/navigation2/run.sh
+++ b/navigation2/run.sh
@@ -11,5 +11,22 @@ IMG_NAME=osrf/space_nav2
 CONTAINER_NAME="$(tr '/' '_' <<< "$IMG_NAME")"
 
 # Start the container
-docker run --rm -it --name $CONTAINER_NAME  --network host \
-    -e DISPLAY -e TERM   -e QT_X11_NO_MITSHM=1 $IMG_NAME
+# --rm: delete container after exiting
+# -it: Interactive TTY mode so you can use a shell.
+# --network host: Does not isolate Docker container from host's network interfaces.
+#                 Allows all traffic to pass through as if it originated from the host.
+#                 In our case, useful for DDS traffic for ROS.
+# -e DISPLAY: Pass the X11 display through to the container.
+# -e TERM: Pass the kind of terminal being used through to the container.
+# -e QT_X11_NO_MITSHM=1: Disables shared memory extension for Qt/X11, which does not work consistently inside a process namespace like a container.
+# -v "$XAUTHORITY:/.Xauthority": the $XAUTHORITY environment variable on the host contains the path to a file that grants access to X11.
+#                                We mount the path defined in that environment variable into the container at /.Xauthority.
+# -e XAUTHORITY=/.Xauthority: We set $XAUTHORITY *inside* the container to the place we just mounted the Xauthority (/.Xauthority)
+docker run --rm -it --name $CONTAINER_NAME \
+                    --network host \
+                    -e DISPLAY \
+                    -e TERM \
+                    -e QT_X11_NO_MITSHM=1 \
+                    -v "$XAUTHORITY:/.Xauthority" \
+                    -e XAUTHORITY=/.Xauthority \
+                    $IMG_NAME
diff --git a/space_robots/run.sh b/space_robots/run.sh
index 39c9993..c14cf67 100755
--- a/space_robots/run.sh
+++ b/space_robots/run.sh
@@ -12,5 +12,22 @@ IMG_NAME=openrobotics/space_robots_demo
 CONTAINER_NAME="$(tr '/' '_' <<< "$IMG_NAME")"
 
 # Start the container
-docker run --rm -it --name $CONTAINER_NAME  --network host \
-    -e DISPLAY -e TERM   -e QT_X11_NO_MITSHM=1 $IMG_NAME
+# --rm: delete container after exiting
+# -it: Interactive TTY mode so you can use a shell.
+# --network host: Does not isolate Docker container from host's network interfaces.
+#                 Allows all traffic to pass through as if it originated from the host.
+#                 In our case, useful for DDS traffic for ROS.
+# -e DISPLAY: Pass the X11 display through to the container.
+# -e TERM: Pass the kind of terminal being used through to the container.
+# -e QT_X11_NO_MITSHM=1: Disables shared memory extension for Qt/X11, which does not work consistently inside a process namespace like a container.
+# -v "$XAUTHORITY:/.Xauthority": the $XAUTHORITY environment variable on the host contains the path to a file that grants access to X11.
+#                                We mount the path defined in that environment variable into the container at /.Xauthority.
+# -e XAUTHORITY=/.Xauthority: We set $XAUTHORITY *inside* the container to the place we just mounted the Xauthority (/.Xauthority)
+docker run --rm -it --name $CONTAINER_NAME \
+                    --network host \
+                    -e DISPLAY \
+                    -e TERM \
+                    -e QT_X11_NO_MITSHM=1 \
+                    -v "$XAUTHORITY:/.Xauthority" \
+                    -e XAUTHORITY=/.Xauthority \
+                    $IMG_NAME