I really like the premise, and already use containers as ingredient in my isolation techniques, however, subuser development didn't seem particularly active, is it just because it's considered in a feature complete state?
Flatpak and snapd seem to have some similar goals but aren't mentioned in the related projects section?
I would have thought it would now be more performant to do something like this using Wayland and, if the app uses X11, multiple isolated xwayland instances somehow. That way you might be able to get GPU acceleration, which I don’t think is possible through xpra?
Windows based containers do exist. Docker for Windows can run both Linux (a VM) and Windows applications. If I'm not mistaken, both are implemented via HyperV.
More or less, though LXC (and LXD using the LXC backend) are focused on system containers rather than single services. Basically lightweight VMs with a full init and the usual set of set of system daemons.
The problem at hand is actually a pet peeve of mine and I really don't get why it's still the default to grant programs access to all our personal data. There is a lot wrong with mobile OSs, but in this regard they are actually ahead of the curve.
> The problem at hand is actually a pet peeve of mine and I really don't get why it's still the default to grant programs access to all our personal data.
That's because our data has become a commodity relatively recently, and desktop technology still hasn't fully caught up yet. Regardless, it seems in general it's companies that run web services that are a bigger problem than desktop applications.
Either way, I'm glad projects like these exist, including snapd, flatpak, and this. The likes of flatpak and snapd may not be perfect, but it's progress.
I've heard here on HN that the problem with Snap is that it doesn't enforce restrictions, and that most used programs on snap ask for all permissions, including access to all of your files.
I run into this daily with programs packaged as flatpaks. Almost all of them can access the entire home directory. This can be changed with the flatpak-override command or the graphical software Flatseal.
This seems really interesting. A somewhat related project is x11docker[0] which attempts to make it easier to run gui applications through docker.
It works pretty well with docker, though I've not used it since I switched to podman as there wasn't any support for it at the time. I've not tried recently.
It does seem this project is at a dead end based on the recent development activity in recent months.
Okay, but ... what is being gained here?
The ability to package programs so they run on a computer without you worrying about it?
That is an ability we had since the 1960s, that people gave up for "reasons" that are questionable at best.
Someday people will realize they don't have to make their computers orders of magnitude slower just in order to get back capabilities that used to come automatically.
Exactly, the same usage for cpu and astonishingly also for memory. It's no virtual machine but a contained program that doesn't access your host system. Even X11 forward is secure with Xpra X11 bridge.
All these containerization "solutions" are just the fever symptoms of the future shock from the extremely rapid rate of features and improvement in the underlying libraries (glibc, c++?, etc) used by programmers, and the programmer's tendency to use those fancy new features asap. It makes compiling, or even running, something written today on the dev environment of a 5 year old linux distro pretty darn difficult and worse with time.
They are a terrible idea for the desktop or academia. They're fine for server environments.
Their "subuser standard" has the following license [1]:
> Creative Commons Zero, public domain
> With the following exception:
> Only standards documents identical to those released by Timothy V Hobbs(timthelion) or another person or party whom he nominates may be presented as defining “the subuser standard”. In other words: you cannot edit this document and then claim that your new standard is the official one.
That's legally incoherent. You cannot have public domain with an exception. Either something is in the public domain (no copyright) or it is not (copyrighted). If it is copyrighted, then you can license it under "X with the following exception". Most commonly, those exceptions grant extra rights compared to the base license (e.g. Classpath exception), occasionally they aim to take away rights compared to the base license (e.g. the notorious "Commons Clause"). But you can only have an exception to a copyright license if there is a copyright to be licensed, and putting something in the public domain means there isn't.
CC0 is a bit of a hybrid in that it contains both a public domain dedication for those jurisdictions which recognise that, and a permissive fallback copyright license for those jurisdictions that don't (e.g. Germany). The author claiming to make an exception to CC0, it makes sense for the later but not for the former. Does this mean the exception is only legally binding in the jurisdictions in which the fallback license applies? Or does the attempt to impose an exception nullify the public domain dedication? I don't know, IANAL. (But I imagine many lawyers won't know the answer either.)
Now, what the author aims to do here could be achieved by trademark law – claiming (or registering) "subuser standard" as a trademark, and then saying that even though the copyright of the standard is relinquished to the public domain, the trademark is only licensed under certain conditions. But while that would legally make sense, it isn't what the author has actually done.
35 comments
[ 2.3 ms ] story [ 76.2 ms ] threadThe main repo is an image base for examples and base for developers to create their own images.
It has been updated in june 20, the main base file is debian buster.
All other image files are based on this one and a simple update does actually upgrade your tools from the older base image to the newer one -
It's like symlinked Dockerfiles.
I would have thought it would now be more performant to do something like this using Wayland and, if the app uses X11, multiple isolated xwayland instances somehow. That way you might be able to get GPU acceleration, which I don’t think is possible through xpra?
- Subuser - Securing the Linux desktop with Docker
- Flatpak - The Future of Apps on Linux
- snapd - Snap is a software packaging and deployment system developed by Canonical for the operating systems that use the Linux kernel.
Containers are good old userspace processes in comparison scheduled by the kernel you already run
Subuser looks interesting, nice work! I love to see progress in this space.
The problem at hand is actually a pet peeve of mine and I really don't get why it's still the default to grant programs access to all our personal data. There is a lot wrong with mobile OSs, but in this regard they are actually ahead of the curve.
That's because our data has become a commodity relatively recently, and desktop technology still hasn't fully caught up yet. Regardless, it seems in general it's companies that run web services that are a bigger problem than desktop applications.
Either way, I'm glad projects like these exist, including snapd, flatpak, and this. The likes of flatpak and snapd may not be perfect, but it's progress.
I think you can check it in the snap metadata.
I was about to just use a plain docker for firefox and slack with mounted X11 file. This project tought me about a more secure method for X11 forward.
It works pretty well with docker, though I've not used it since I switched to podman as there wasn't any support for it at the time. I've not tried recently.
It does seem this project is at a dead end based on the recent development activity in recent months.
[0] https://github.com/mviereck/x11docker/
Someday people will realize they don't have to make their computers orders of magnitude slower just in order to get back capabilities that used to come automatically.
But that day is not today, I guess.
Have we forgot about DLL hell and the myriad of security problems we've experienced since then?
This comment is pure snark.
They are a terrible idea for the desktop or academia. They're fine for server environments.
For older computers, virtual machines are too demanding.
As for escalation hacks: they happen also on virtual machines. Check virtualbox and vmware cve's.
> Creative Commons Zero, public domain
> With the following exception:
> Only standards documents identical to those released by Timothy V Hobbs(timthelion) or another person or party whom he nominates may be presented as defining “the subuser standard”. In other words: you cannot edit this document and then claim that your new standard is the official one.
That's legally incoherent. You cannot have public domain with an exception. Either something is in the public domain (no copyright) or it is not (copyrighted). If it is copyrighted, then you can license it under "X with the following exception". Most commonly, those exceptions grant extra rights compared to the base license (e.g. Classpath exception), occasionally they aim to take away rights compared to the base license (e.g. the notorious "Commons Clause"). But you can only have an exception to a copyright license if there is a copyright to be licensed, and putting something in the public domain means there isn't.
CC0 is a bit of a hybrid in that it contains both a public domain dedication for those jurisdictions which recognise that, and a permissive fallback copyright license for those jurisdictions that don't (e.g. Germany). The author claiming to make an exception to CC0, it makes sense for the later but not for the former. Does this mean the exception is only legally binding in the jurisdictions in which the fallback license applies? Or does the attempt to impose an exception nullify the public domain dedication? I don't know, IANAL. (But I imagine many lawyers won't know the answer either.)
Now, what the author aims to do here could be achieved by trademark law – claiming (or registering) "subuser standard" as a trademark, and then saying that even though the copyright of the standard is relinquished to the public domain, the trademark is only licensed under certain conditions. But while that would legally make sense, it isn't what the author has actually done.
https://subuser.org/subuser-standard/standard.html#subuser-s...
[0] https://github.com/whalebrew/whalebrew
It's not a new nor crazy idea...Jessie (jessfraz.com) talked about doing this[1] in their desktop environment back in 2015.
https://blog.jessfraz.com/post/docker-containers-on-the-desk...