site  contact  subhomenews

Easy Containers run as user zeus

October 09, 2018 — BarryK

In Easy, containers are run as "crippled root", which does seem pretty secure. However, for the paranoid, there is now a checkbox to run as user 'zeus' in a container:


Yesterday I speculated how to drop down to root in a container:

However, ended up doing it like this:

# pflask --mount=bind:/mnt/sdc2/home/shared:/shared-folder --keepenv --mount=bind:/tmp/.X11-unix/X0:/tmp/.X11-unix/X0 \
--no-ipcns --netif --mount=bind:/dev/snd:/dev/snd --caps=all,-sys_admin,-sys_boot,-sys_chroot,-sys_ptrace,-sys_time,\
-sys_nice,-sys_resource --no-userns --chroot=/mnt/sdc2/containers/sh0/container -- su zeus /ec-run sh0 sakura
...this is an example invocation. The "su zeus" is executed after the chroot.

There are some issues to sort out. The above example, running the 'sakura' terminal emulator, works, however, some other apps don't. For example, I can launch 'audacious' (music player) from the sakura terminal in container, however, trying to run it directly, get an error message "Required key not available". Even running audacious from sakura, there are warning messages, as it is trying to write to /root/.config -- so, things to sort out.

EDIT 2018-10-09
Ah, the "Required key not available" error was because I tried to run as user zeus in an already-existing audacious container. The 'user zeus' checkbox has to be ticked when first creating the container.
Now, audacious runs, but no sound -- so there are still issues! -- my guess would be /dev/snd permissions -- it is a slippery slope when we get into running non-root.

Tags: easy