X11 forwarding of a GUI app running in docker

First off: I have read the answers to similar questions on SO, but none of them worked.

IMPORTANT NOTE: The answer below is still valid, but maybe jump to the end for an alternative.

The situation:

• App with GUI is running in a docker container (CentOS 7.1) under Arch Linux. (machine A)
• Machine A has a monitor connected to it.
• I want to access this GUI via X11 forwarding on my Arch Linux client machine. (machine B)

What works:

• GUI works locally on machine A (with /tmp/.X11-unix being mounted in the Docker container).
• X11 forwarding of any app running outside of docker (X11 forwarding is set up and running properly for non-docker usage).
• I can even switch the user while remotely logged in, copy the .Xauthority file to the other user and X11 forwarding works as well.

Some setup info:

• Docker networking is 'bridged'.
• Container can reach host (firewall is open).
• DISPLAY variable is set in container (to host-ip-addr:10.0 because of TCP port 6010 where sshd is listening).
• Packets to X forward port (6010) are reaching the host from the container (tcpdump checked).

What does not work:

• X11 forwarding of the Docker app
• Errors:

X11 connection rejected because of wrong authentication.

xterm: Xt error: Can't open display: host-ip-addr:10.0

Things i tried:

• starting client ssh with ssh -Y option on machine B
• putting "X11ForwardTrusted yes" in ssh_config on machine B
• xhost + (so allow any clients to connect) on machine B
• putting Host * in ssh_config on machine B
• putting X11UseLocalhost no in sshd_config on machine A (to allow non-localhost clients)
• Adding the X auth token in the container with xauth add from the login user on machine A
• Just copying over the .Xauthority file from a working user into the container
• Making shure .Xauthority file has correct permissions and owner

How can i just disable all the X security stuff and get this working?

Or even better: How can i get it working with security?

Is there at least a way to enable extensive debugging to see where exactly the problem is?

Alternative: The first answer below shows how to effectively resolve this issue. However: I would recommend you to look into a different approach all together, namely VNC. I personally switched to a tigerVNC setup that replaces the X11 forwarding and have not looked back. The performance is just leagues above what X11 forwarding delivered for me. There might be some instances where you cannot use VNC for whatever reason, but i would try it first.

The general setup is now as follows: -VNC server runs on machine A on the host (not inside a docker container). -Now you just have to figure out how to get a GUI for inside a docker container (which is a much more trivial undertaking). -If the docker container was started NOT from the VNC environment, the DISPLAY variable maybe needs ajdusting.