Description
Currently, Windows Containers with process isolation only provide access to a service console session. While this works for headless/server-style workloads, it prevents running GUI-based applications.
With process isolation, containers already share the host kernel and can detect host hardware (e.g., GPU devices). This makes them very close to a native environment, and GUI support would unlock a wide range of new use cases:
- Running GUI applications in isolated environments.
- Testing applications that require full hardware access (GPU, displays, etc.) without needing a VM.
- Providing a lightweight alternative to full virtualization for GUI-based apps.
Comparison to Existing Options
- Sandboxie Plus: Currently my only option for lightweight sandboxing with GUI support, but it’s a third-party solution.
- Windows Sandbox: Provides GUI support and even GPU-PV, while being more lightweight than a full Hyper-V VM. However, it’s limited to running only a single sandbox at a time, which makes it unsuitable for running multiple isolated GUI environments.
- Hyper-V VMs: Full GUI support, but heavy compared to process-isolated containers.
Request
It would be extremely valuable if Windows Containers with process isolation could support GUI sessions, either directly or by providing a mechanism to connect to a container’s desktop/interactive session.
One possible approach could be to implement a GUI server, which would communicate with the container over networking to forward and render GUI calls—similar to how X server works on Linux/Unix systems. In this model, all computation remains inside the container, while the host is only responsible for displaying the rendered output.
➡️ Please consider prioritizing this feature, as it would greatly enhance the usability of Windows Containers for a broader range of real-world applications. If this feature is being considered, could you also provide a rough timeline or roadmap for when it might be available?
Impact
- Provides a more "native" containerized experience for Windows applications.
- Removes reliance on external tools like Sandboxie.
- Bridges the gap between server-only container use cases and desktop/workstation scenarios.
Description
Currently, Windows Containers with process isolation only provide access to a service console session. While this works for headless/server-style workloads, it prevents running GUI-based applications.
With process isolation, containers already share the host kernel and can detect host hardware (e.g., GPU devices). This makes them very close to a native environment, and GUI support would unlock a wide range of new use cases:
Comparison to Existing Options
Request
It would be extremely valuable if Windows Containers with process isolation could support GUI sessions, either directly or by providing a mechanism to connect to a container’s desktop/interactive session.
One possible approach could be to implement a GUI server, which would communicate with the container over networking to forward and render GUI calls—similar to how X server works on Linux/Unix systems. In this model, all computation remains inside the container, while the host is only responsible for displaying the rendered output.
➡️ Please consider prioritizing this feature, as it would greatly enhance the usability of Windows Containers for a broader range of real-world applications. If this feature is being considered, could you also provide a rough timeline or roadmap for when it might be available?
Impact