Public Repository

Last pushed: a day ago
Short Description
Run Skype in a Docker container
Full Description

GitHub repository: https://github.com/zcalusic/docker-skype

Run Skype legacy 32bit Linux desktop client (4.3.0.37) in an isolated Docker container. Gain additional security and keep your host 64bit clean (no need for multiarch setup).

Motivation

Skype for Linux built on Electron framework, is such a resource hog that it is to be considered an environmental issue. I'm certainly not willing to pay premium on my electricity bill, just to be able to run chat client. Not to mention laptop battery life and longevity...

Until the time when the new version is improved to use less resources, let's hope the legacy client continues working, and putting it into an isolated container should provide some extra security.

Features

  • supports multiple users (containers are run in context of a specific user)
  • perfectly integrates with your Desktop Environment (themes, icons, cursors...)
  • keeps settings and chat history using the host ~/.Skype directory
  • saves downloads to host ~/Downloads folder
  • uses host X11 display via Unix domain socket to display windows
  • uses host PulseAudio server via Unix domain socket for voice/sound support
  • supports Skype D-Bus API
  • can open HTTP links in an already open Firefox browser on the host (ffox-remote)
  • reduces CPU usage below 1% when idle (longer laptop battery life) (skype-poll-fix)

Installation

  • sudo apt-get purge skype - remove legacy Skype Debian package
    • dockerized Skype reuses some paths to seamlessly integrate (binary, desktop file, icons)
  • sudo apt-get install docker-ce - install Docker CE engine
    • Docker installation from your Linux distribution might also work!
  • sudo apt-get install golang-go - install Go compiler
    • needed to build new Skype binary used to launch Skype in a container
  • sudo make install
    • pulls Skype Docker image from Docker Hub
    • builds new Skype binary
    • installs binary, desktop file & icons (borrowed from the official Skype Debian package)

Uninstallation

  • sudo make uninstall
    • if you change your mind later, and want to remove Docker image and all installed files

Building container image

  • sudo make docker_build
    • build container image with the provided Dockerfile:

Debugging container image

To inspect the image, start root shell:

  • docker run --rm -it zcalusic/skype /bin/bash

To access running container, in the context of the user running it:

  • docker exec -it skype_username /bin/bash

Or if you need root access:

  • docker exec -it -u root skype_username /bin/bash

Details

The Skype binary /usr/bin/skype is installed setgid docker group, so that any user can launch Skype container (using Docker API generally requires superuser privileges). An alternative to add users in the docker group is much less secure, because open access to the Docker API is effectively root access.

After various environment variables are passed and host directories mounted, the container is eventually run under the specific user privileges, and called skype_username.

Troubleshooting

Some recent Linux distributions started compiling kernels with CONFIG_LEGACY_VSYSCALL_NONE=y to improve security. On such systems Skype binary will crash with segmentation fault upon launching and leave line like this in the kernel log:

skype[1899] vsyscall attempted with vsyscall=none ip:ffffffffff600000 cs:33 sp:7ffdd2606380 ax:ffffffffff600000 si:0 di:7ffdd2606388

You can fix the issue by providing vsyscall=emulate boot time parameter to the kernel (typically in /etc/default/grub) and rebooting.

Contributors

Contributors are welcome, just open a new issue / pull request.

License

The MIT License (MIT)

Copyright © 2017 Zlatko Čalušić

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Docker Pull Command
Owner
zcalusic