Skip to content

Add Remote Desktop app (XFCE + Fiji via noVNC)#1

Merged
krokicki merged 1 commit into
mainfrom
remote-desktop
Jul 6, 2026
Merged

Add Remote Desktop app (XFCE + Fiji via noVNC)#1
krokicki merged 1 commit into
mainfrom
remote-desktop

Conversation

@krokicki

@krokicki krokicki commented Jul 6, 2026

Copy link
Copy Markdown
Member

Summary

Adds a desktop/ app: a full XFCE Linux desktop with Fiji preinstalled, streamed to the browser via TigerVNC + noVNC, running entirely inside Apptainer on a cluster node using the seamless service contract (auto_url + $FG_SERVICE_PORT/$FG_SERVICE_TOKEN, one-click tokenized access). The user's home directory is bind-mounted and writable (settings and files persist across sessions), and an optional Data Folder parameter bind-mounts an extra file-share folder and links it on the desktop.

Unlike the existing apps, no upstream image fits (Docker desktop images assume root/s6 and writable image homes; none bundles Fiji), so this adds a custom image at ghcr.io/janeliascicomp/fg-interactive-apps/desktop and a build-desktop workflow: PRs touching desktop/ get a validation build, and pushing a desktop-v* tag publishes the versioned image.

Security model

Every hop is protected, including against other users on the same shared compute node — via kernel file permissions rather than network auth:

  • The only network listener is websockify; it tunnels only WebSocket connections presenting the per-job 192-bit token (UnixDomainSocketDirectory token plugin: token = socket filename in a private directory).
  • Xvnc listens only on a unix socket in a mode-0700 node-local directory; -rfbport -1 disables TCP entirely, which is what makes SecurityTypes None safe.
  • The X display requires an xauth cookie (0600), so other local users can't attach via /tmp/.X11-unix.
  • The token never appears on a command line, so it can't leak through ps.
  • Caveat (same trade-off as the existing apps): browser↔node traffic is plain HTTP, and the tokenized URL grants a desktop/terminal as the user — treat it as a secret.

Verification done

  • runnables.yaml parses against Fileglancer's AppManifest model; build_command output verified with and without the Data Folder parameter, and the service_url_suffix passes its shell-safety validator.
  • start-desktop.sh and fiji-wrapper.sh are shellcheck-clean.
  • The UnixDomainSocketDirectory plugin (pinned websockify 0.13.0) was unit-tested directly: valid token resolves to the socket; wrong tokens, path traversal, and non-socket files are rejected.
  • TigerVNC 1.13.1 (Ubuntu 24.04) documents -rfbunixpath/-rfbunixmode and -rfbport -1; noVNC 1.6.0 documents the autoconnect/resize/path query params; the Fiji fiji-latest-linux64-jdk.zip URL returns 200.

After merge (required before the app is launchable)

  1. Push tag desktop-v1.0.0 to build and publish the image (runnables.yaml already pins :1.0.0).
  2. Make the GHCR package public so Apptainer on the cluster can pull it anonymously.
  3. End-to-end launch test from Fileglancer: one-click connect, Fiji starts, home dir writable, browser-window resize, and (from a second account on the same node) confirm the VNC socket and X display are unreachable without the token/cookie.

🤖 Generated with Claude Code

Browser-based Linux desktop running on a cluster node under rootless
Apptainer, using the seamless service contract (auto_url +
FG_SERVICE_PORT/FG_SERVICE_TOKEN). A custom image, built and published
to GHCR by the new build-desktop workflow, bundles XFCE, TigerVNC,
noVNC/websockify, and Fiji; the user's home directory is bind-mounted
and writable as with the other apps.

Security: websockify tunnels only WebSocket connections presenting the
per-job token (UnixDomainSocketDirectory plugin); Xvnc listens solely
on a unix socket in a 0700 node-local directory (TCP disabled); the X
display requires an xauth cookie. Other users on a shared node are kept
out by kernel file permissions, not network auth.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@krokicki krokicki merged commit ae15e9f into main Jul 6, 2026
1 check passed
@krokicki krokicki deleted the remote-desktop branch July 6, 2026 22:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant