-
Notifications
You must be signed in to change notification settings - Fork 430
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] Sandboxed mode #28
Comments
Sandboxed distrobox should not integrate with the host as tightly as the normal one
Sandboxed distrobox should not use Thinking of functionality:
|
Depends on #70 |
I think only implementing "fully sandboxed+unprivileged" and "fully integrated+privileged" modes are not the way to go, but rather adding options to configure it finer-grained like making only a specified set of devices available, only select sockets, mapping a custom selection of directories or other things possible for Flatpaks using Flatseal. Based on that you could then add presets for integrated vs. sandboxed. |
Well there is a big difference between distrobox and Flatpak, distrobox is not an application distribution method. I was thinking more on the lines of Sanbox mode: 1 - custom home And on that one can do a couple of profiles (low to high sandboxing) |
Adding to before
|
I had some ideas on sandboxing modes.
[*]: try to be smoothe, smoother than porous even. does not conflict with sovereign Host. but [guest view] may diverge from ground truth (host state) [*], [#]: > [?]: User would make a simple choice of mode and distrobox should make intelligent decisions in the backend. |
I was just thinking this, great to see it's already in the works! Another possible use case here is running graphical windows apps with wine or native old / experimental proprietary applications, or even experimental open source apps. There is overlap with x11docker (and flatpak) here, so not sure what makes sense for distrobox; this use case requires more work re fine grained controls like sound, webcam, nested X server vs host X server, gpu vs not. Maybe makes sense to start simple with "isolate". |
Yea starting with a "simpler" sandbox mode The target (at least generally speaking) is some sort of general isolation (not going to provide super-capillar controls like flatpak for example) |
Yes simple is good, I think that is what makes toolbox/distrobox so great! I think an interesting distinction with distrobox vs something like x11docker is mutability and persistence. x11docker and similar are designed to have an immutable core, that is changed by creating a new image, e.g. Dockerfile with new layers, and have mutable data exposed via volumes. Distrobox and toolbox on the other hand have a mutable core by default, you can just sudo dnf/apt/zypper etc as much as you want, so it's more like working in a standard chroot. I think both have their pros and cons. What excites me about distrobox+isolate is that it can provide a more chroot like workflow while still providing sandbox/isolation. I think LXC and systemd-nspawn are in this category as well, but so far only toolbox and distrobox hit the too simple not to use threshold (even easier than setting up schroot and debootstrap/pacstrap really). The cool thing is, with just isolate + the ability to bind mount specific files (pass directly to docker/podman -v?), a lot of more advanced use cases should be possible, e.g. mostly isolated but expose gpu for CUDA/ROCm/oneAPI development. They may not all be trivial with a specialized switch, but possible and still easier than doing it manually with podman. |
Yes the point of toolbox and distrobox is simplicity and well use the big number of well maintained container images on the vaiorus registries 😄
As you can see in the docs here:
Distrobox already supports a |
would leveraging sandbox tools like firejail work for the moment? |
Didn't think of this, we could use bwrap maybe as it does not require root to run, but probably worth experimenting |
Doesn't podman already isolate the container from the host? Wouldn't it be redundant to bwrap podman? |
Since the container only can see the home of the user running distrobox (but it sees it even when another home folder is specified for the container), isn't one solution that a sandbox-mode just creates another user without password (e.g. named distrobox) that runs distrobox-enter, so that when you run an exported program it will run something like: |
This tool might help achieve this or be inspiration: https://github.com/intgr/ego |
My 2 cents to the discussion: some services (like Bitbucket Pipelines Cloud) do not support To sum up: |
Signed-off-by: Luca Di Maio <luca.dimaio1@gmail.com>
Hi all Let me know how this works 👍 |
This seems great for porting to macOS, actually (#36). On macOS I don’t need to interact with the base system from inside the distrobox for my use case, but only access to dev tools (and the internet). So podman running in a VM shouldn’t be an issue for this mode. |
Signed-off-by: Luca Di Maio <luca.dimaio1@gmail.com>
Signed-off-by: Luca Di Maio <luca.dimaio1@gmail.com>
Signed-off-by: Luca Di Maio <luca.dimaio1@gmail.com>
This should ensure a basic unsharing between guest and hosts This is not a proper sandbox This allows to: -unshare-devsys: do not share host devices and sysfs dirs from host -unshare-ipc: do not share ipc namemspace with host -unshare-netns: do not share the net namespace with host -unshare-process: do not share process namemspace with host And an unshare-all to do all the above. This allows to have only the minimal requirements to: access user's HOME launch applications with GUI/GPU/Audio/Video Additional mountpoints can be declared with --volume Signed-off-by: Luca Di Maio <luca.dimaio1@gmail.com>
I have just now merged #818 As explained in the PR: THIS IS NOT A PROPER DATA SANDBOX This should ensure a basic unsharing between guest and hosts This allows to: -unshare-devsys: do not share host devices and sysfs dirs from host And an unshare-all to do all the above. This allows to have only the minimal requirements to: access user's HOME For now I'm not contemplating unsharing the home that would be a bit too much and denaturalise the purpose of distrobox itself. |
i guess my suggestion #969 would fall around this |
Is there a way to atleast deny the container access to a few paths such as the host's ~/.gnupg , ~/.password-store, ~/.ssh ? |
In my opinion, going a whitelist route is the most sensible, something like Flatpak does. Only share what needs to be shared. |
Hi, I agree that a data sandbox mode with whitelist would be awesome, and I have the feeling that it would be really close to attain with options like custom home for container. I think it would be really, really useful to a lot of people, myself included. |
The point of this would be a platform-independent implemention of something like firejail for programs not made for the given platform of with sandboxing in mind, like a snap or flatpak package, as far as I see. |
If you want to be as isolated as possible you can do this:
If you wish to run a GUI application you can just run the following inside a terminal where you aren't inside your distrobox I tried this with firefox and file:/// can just see the distrobox-user's home and not my regular home. And you can of course populate your distrobox user's home with whatever files you wish to share with it (using P.S. This message was written from the distrobox user using Fedora 39 with a host user called damiano using Arch. It just works. P.P.S. There is a way to make your distrobox programs to run as the distrobox user even when they are launched from the regular user. Unfortunately (or perhaps fortunately?) it's hard to run as another user without providing the password even when the password is set to nothing. This is a (hacky) way around it. Here is an example for firefox:
This switches user to distrobox and uses bash to set the DISPLAY-variable and run distrobox-enter and runs firefox (change my-distrobox to the name of your distrobox and firefox to whatever program you wish to launch).
but obviously change yourUserName to your actual username, for me it's damiano ALL = NOPASSWD: /bin/distrobox-firefox.
@89luca89 do you believe there is an easier way for this (switching user and running distrobox)? If so distrobox could perhaps have an option to create a new user when creating a sandboxed environment and run everything as that user? |
@damianoognissanti The problem with this is that there is no easy way to share files between the logged in user and the distrobox dedicated user. (Maybe ACL for the desired directories, but that involves a lot of work and the needed permissions.) Also, the user needs to have permission to use sudo. (But it can be scoped to only distrobox, so I guess you could make the appropriate configs as you want in sudoers.) |
There is no problem hether to isolate a container from the host nor to
share selected parts of the host with the container. But this should be
a design decision made from the start and willingness to sacrifice some
ease of use.
Here is my prototype that I did to see if it is possible to have
isolation and the ability to run desktop applications at the same time.
https://codeberg.org/AkhIL/tinkerbox
One day I would like to rewrite this tool in Python, add cli
autocompletion, a GUI, and maybe even adding entries for isolated apps
in to the host's menu.
|
Reporting here the same comment I did in #1413
All in all I think a dedicated tool is more indicated than bending this project on something it is not designed to do. |
better sandboxed mode would likely allow better user choice on what is allowed trough |
It is entirely up to the project maintainer if he does not want to implement stuff like this and let's be real, there already are several permission systems like ACL, capabilities etc., which allows separation. The problem is that it does not integrate with Distrobox and most people are not even aware how to use these and at the end of the day they should not be. I think that either there should be a new tool made, which makes it easier to separate Distrobox containers, as they are OCI containers or someone should present a PR for this, which can be considered as an example by @89luca89 . We should not expect him to go against what he thinks is best for this project. |
Thanks @IPlayZed exaclty this isolation is useful for functionalities (see netns for vpns, or procns for init) but this should not become a "let's implement all the flags to go back to a regular docker/podman" For GUIs flatpaks do a better job at being "integrated but sandboxed", distrobox can be a stopgap for missing stuff, but it's not a replacement And for sandboxed CLIs, regular docker/podman exists I'm closing this as I don't want to implement further |
Right now the distrobox's containers are created in privileged mode and share a lot of sensitive host's folder.
This is done because the aim is tight integration with the host, not sandboxing.
It would be nice to have an optional (see: disabled if not specified)
--unprivileged
or a--sandbox
flag indistrobox-create
to have a more isolated container to work with.The text was updated successfully, but these errors were encountered: