Here is my complete setup with Docker for example. what I use: CentOS and Mate Desktop,systemd and VNC. It provides additional OpenVPN and Tor. Mate works better as gnome desktop. If somebody is interested. Downloaded adobe and nux repo for VLC (needs to be hacked to run as root). https://github.com/CentOS/sig-cloud-instance-images/tree/66add29c188e42d4d855f4d4acdb2b73d547edb6/docker <https://github.com/CentOS/sig-cloud-instance-images/tree/66add29c188e42d4d855f4d4acdb2b73d547edb6/docker> Everything runs as root as a test case. Cheers Andy Sample setup: FROM scratch ADD centos-7.4.1708-docker.tar.xz / LABEL name="CentOS Base Image" \ vendor="CentOS" \ license="GPLv2" \ build-date="20170911" COPY adobe-release-x86_64-1.0-1.noarch.rpm /root/adobeflash.rpm COPY nux-dextop-release-0-5.el7.nux.noarch.rpm /root/nux.rpm RUN yum -y install /root/adobeflash.rpm; \ yum -y install epel-release; \ yum -y install /root/nux.rpm; \ rm -f /root/adobeflash.rpm /root/nux.rpm; \ yum -y update; \ yum install -y tigervnc-server xterm ; \ yum install -y mate-applets mate-backgrounds.noarch mate-control-center mate-control-center-filesystem mate-desktop mate-desktop-libs mate-icon-theme mate-menus mate-menus-libs mate-notification-daemon mate-panel mate-panel-libs mate-polkit mate-session-manager mate-settings-daemon mate-system-monitor mate-terminal mate-themes mate-user-guide caja-open-terminal caja-wallpaper pluma engrampa unrar p7zip; \ yum -y install gnome-icon-theme.noarch gnome-keyring gnome-themes-standard; RUN yum install -y bind-utils net-tools traceroute tor openvpn openssh-server openssh-clients; RUN yum install -y firefox thunderbird vlc eog ; sed -i 's/geteuid/getppid/' /usr/bin/vlc; RUN rm -f /etc/localtime;cd /etc; ln -s ln -s ../usr/share/zoneinfo/Europe/Amsterdam localtime RUN yum -y install ntp; systemctl enable ntpd RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ rm -f /lib/systemd/system/multi-user.target.wants/*;\ rm -f /etc/systemd/system/*.wants/*;\ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*;\ rm -f /lib/systemd/system/anaconda.target.wants/*; \ systemctl enable tor; systemctl enable sshd VOLUME [ "/sys/fs/cgroup" ] RUN echo -e 'vncpassword\vncpassword\n' | vncpasswd RUN cp /lib/systemd/system/vncserver at .service /etc/systemd/system/vncserver@:0.service RUN sed 's/<USER>/root/g' -i /etc/systemd/system/vncserver@:0.service RUN sed 's/\/usr\/bin\/vncserver %i/\/usr\/bin\/vncserver %i -geometry 1280x1024/g' -i /etc/systemd/system/vncserver@:0.service RUN sed 's/\/home\/root/\/root/g' -i /etc/systemd/system/vncserver@:0.service RUN systemctl enable vncserver@:0.service RUN echo "#!/bin/sh" > /root/.vnc/xstartup RUN echo "unset SESSION_MANAGER" >> /root/.vnc/xstartup RUN echo "unset DBUS_SESSION_BUS_ADDRESS" >> /root/.vnc/xstartup RUN echo "#exec /etc/X11/xinit/xinitrc" >> /root/.vnc/xstartup RUN echo "/usr/bin/mate-session" >> /root/.vnc/xstartup RUN chmod +x /root/.vnc/xstartup EXPOSE 5900 CMD ["/usr/sbin/init"] # docker build --squash --rm --no-cache -t 'centos/mate‘ . #example of runs versions... # docker run --privileged --device=/dev/tun0:/dev/net/tun -p 24:22 -p 5901:5900 -d 'centos/mate' # docker run --rm -it --net=host --name docker-myimage -v /sys/fs/cgroup:/sys/fs/cgroup:ro -d 'centos7.4.1708/systemd' -p 5901:5901