xpra icon
Bug tracker and wiki

Changes between Version 1 and Version 2 of Usage/Docker


Ignore:
Timestamp:
08/30/14 10:47:51 (6 years ago)
Author:
Antoine Martin
Comment:

remove opinion piece

Legend:

Unmodified
Added
Removed
Modified
  • Usage/Docker

    v1 v2  
    1 When Unix' security systems were invented, the most important concern was to separate users from each other. That made a lot of sense for the use case at that time (mainframes), but not so terribly much for the Linux desktop. Every application I start has accesss to everything my unix user has access to -- but why should my browser need access to my locally cached email? Given that in particular the web is a huge collection of technologies that can each have their own vulnerabilities, it would make sense to constrain web browsers to the resources they really need. Or think of Skype, do you trust its vendors to give them technically access to all your data?
     1= [[Image(http://xpra.org/icons/docker.png)]] Xpra + Docker =
    22
    3 A good solution to this would actually requiring fundamental changes to the way we build operating systems today (so don't expect this any time soon). Existing approaches like selinux or AppArmor tend to focus on segregating system processes and not so much on a user's applications.
     3The information below has not been verified by xpra.org, use at your own risk.
    44
    5 A new technology might unintendedly fill the gap: Docker (http://docker.io/) is a system for running separate virtual subsystems under the same linux kernel, and while intended for the cloud, it runs on many modern desktop linuxes as well. A docker container might run a firefox instance, completely or partially separated from the rest of the system (from the perspective of non-root users!). Xpra can be used to make the firefox instance's window(s) accessible to a user.
     5{{{#!div class="box"
     6= Rationale =
    67
    7 === Resources ===
     8Xpra and docker can be used to isolate applications from unix user accounts.
    89
    9 * http://docker.io/
    10 * https://github.com/rogaha/docker-desktop is a working showcase for combining docker and Xpra for the desktop
    11 * Subuser https://github.com/subuser-security/subuser tries to wrap the solution to make it more easily accessible
     10Regular unix applications have full access to '''all the files''' in the user's home directory.
    1211
    13 === Notes ===
    14 * Be careful not to compromise your system security by enhancing an application's separation https://github.com/subuser-security/subuser/issues/131
     12For example, it can be used to constrain a web browser (or a proprietary application like Skype) to the resource it really needs to run and no more.
     13The applications segregated in this way have a very restricted view of the system they run on.
     14}}}
     15
     16{{{#!div class="box"
     17== Resources ==
     18
     19* [http://docker.io/]
     20* [https://github.com/rogaha/docker-desktop] is a working showcase for combining docker and Xpra for the desktop
     21* Subuser [https://github.com/subuser-security/subuser] tries to wrap the solution to make it more easily accessible
     22}}}
     23
     24
     25{{{#!div class="box"
     26== Notes ==
     27* Be careful not to compromise your system security by enhancing an application's separation [https://github.com/subuser-security/subuser/issues/131]
    1528* Reportedly, Docker+Xpra can be made to work with local connections. By mounting a host's directory as the containers ~/.xpra directory, the connection socket file is exposed to the host. Symlinking from the host's ~/.xpra/HostsHostname-DisplayNumber makes the clients session available transparently to the host.
    1629* Also, reportedly, this even works with a mmap file (dramatically improving performance). The Xpra protocol dictates that the mmap file's path is sent from the client to the server. The client creates this file in the system's tmp directory, which can be overridden with the TMPDIR environment variable. Mounting a host's path at the right location in the docker volume enables the Xpra server to find it.
     30}}}