GitHub repository: https://github.com/zcalusic/docker-skype
Skype for Linux built on Electron framework, is such a resource hog that it is to be considered an environmental issue. I'm certainly not willing to pay premium on my electricity bill, just to be able to run chat client. Not to mention laptop battery life and longevity...
Until the time when the new version is improved to use less resources, let's hope the legacy client continues working, and putting it into an isolated container should provide some extra security.
- supports multiple users (containers are run in context of a specific user)
- perfectly integrates with your Desktop Environment (themes, icons, cursors...)
- keeps settings and chat history using the host ~/.Skype directory
- saves downloads to host ~/Downloads folder
- uses host X11 display via Unix domain socket to display windows
- uses host PulseAudio server via Unix domain socket for voice/sound support
- supports Skype D-Bus API
- can open HTTP links in an already open Firefox browser on the host (ffox-remote)
- reduces CPU usage below 1% when idle (longer laptop battery life) (skype-poll-fix)
sudo apt-get purge skype- remove legacy Skype Debian package
- dockerized Skype reuses some paths to seamlessly integrate (binary, desktop file, icons)
sudo apt-get install docker-ce- install Docker CE engine
- Docker installation from your Linux distribution might also work!
sudo apt-get install golang-go- install Go compiler
- needed to build new Skype binary used to launch Skype in a container
sudo make install
sudo make uninstall
- if you change your mind later, and want to remove Docker image and all installed files
Building container image
sudo make docker_build
- build container image with the provided
- build container image with the provided
Debugging container image
To inspect the image, start root shell:
docker run --rm -it zcalusic/skype /bin/bash
To access running container, in the context of the user running it:
docker exec -it skype_username /bin/bash
Or if you need root access:
docker exec -it -u root skype_username /bin/bash
The Skype binary
/usr/bin/skype is installed setgid docker group, so that any user can launch Skype container (using Docker API generally requires superuser privileges). An alternative to add users in the docker group is much less secure, because open access to the Docker API is effectively root access.
After various environment variables are passed and host directories mounted, the container is eventually run under the specific user privileges, and called skype_username.
Some recent Linux distributions started compiling kernels with
CONFIG_LEGACY_VSYSCALL_NONE=y to improve security. On such systems Skype binary will crash with segmentation fault upon launching and leave line like this in the kernel log:
skype vsyscall attempted with vsyscall=none ip:ffffffffff600000 cs:33 sp:7ffdd2606380 ax:ffffffffff600000 si:0 di:7ffdd2606388
You can fix the issue by providing
vsyscall=emulate boot time parameter to the kernel (typically in
/etc/default/grub) and rebooting.
Contributors are welcome, just open a new issue / pull request.
The MIT License (MIT) Copyright © 2017 Zlatko Čalušić Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.