site  contact  subhomenews

Some handy tricks with Easy Containers

April 23, 2022 — BarryK

A few days ago, I posted how you can change the containerized "www" desktop icon to run SeaMonkey instead of Firefox. By editing /usr/sbin/ec-chroot-www:

empty -f ec-chroot www seamonkey

What actually happens, is 'ec-chroot' performs a "secure chroot" into the "www" container. What it does then is look for an executable of the same name 'www'. If not found, it falls back to the last parameter, 'seamonkey' and executes that. So, it is like this:

ec-chroot <name of container>[ <optional fallback executable>]

A handy trick is that you can run any inbuilt app, without having to create a desktop icon. As long as you know the name of the executable. For example, open a terminal and type this:

# ec-chroot www swriter

...voila, LibreOffice Writer starts in a container!

The container is isolated from the main filesystem, so Writer cannot open or save files outside of the container -- except that /files/shared is a common shared path. Save to /files/shared, and you will see the file at the same location on the main filesystem.

However, there is another way to look at this. On the main filesystem, you are the "superuser", with unlimited access. Which is very useful to know. It means that you can access anything inside a container.

For example, say you are running 'swriter' app in the 'www' container. Go to /mnt/wkg/containers/www/container -- lo and behold, you can get at everything in the container. You could even copy files into there, for swriter to edit. And you can copy-out the saved files.

You are God as far as that container is concerned, looking into your realm from above.

There is a gotcha though. You will only see everything in /mnt/wkg/containers/www/container while the container is running. As soon as you quit 'swriter', that folder becomes empty.

However, another handy trick to know, is that even if a container is not running, you can still get at that file you saved from 'swriter'. Go to /mnt/wkg/containers/www/.session -- you will find the file in there.

The 'www' container is composed of a aufs layered filesystem, mounted at /mnt/wkg/containers/www/container. The layers, in the 'www' case, are the .session folder and on the bottom is easy.sfs. It is good to have this basic idea of how Easy Containers work.  

Tags: easy