2021-03-26 18:03:50 +01:00
## Conty
This is an easy to use non-root container compressed into squashfs and packed
into a single executable that runs (or at least should run) on most Linux distros.
2021-03-26 18:29:43 +01:00
You can use it to run any applications, including games (Vulkan and OpenGL).
2021-03-26 18:03:50 +01:00
Besides, due to bubblewrap, Conty also supports true filesystem sandboxing, so you can even use it to sandbox
your applications.
2021-03-26 19:39:24 +01:00
In other words, it's a portable Arch Linux distro packed into a single executable that can be used to run any applications. Conty combines benefits of
flatpak and AppImage.
2021-03-26 18:03:50 +01:00
It uses two technologies:
2021-03-31 18:01:52 +02:00
* SquashFS (using [squashfuse ](https://github.com/vasi/squashfuse ))
2021-03-26 21:24:50 +01:00
* Linux namespaces (using [bubblewrap ](https://github.com/containers/bubblewrap ))
2021-03-26 18:03:50 +01:00
## Benefits
2021-03-26 19:13:05 +01:00
* Single executable - download (or create) and run, nothing else it required.
2021-03-26 18:30:03 +01:00
* Root rights are **not required** .
2021-03-26 18:03:50 +01:00
* Compressed into squashfs, so it takes much less disk space than
unpacked containers.
2021-03-26 18:17:36 +01:00
* Contains many libraries and packages so it can run almost everything. And you don't
2021-03-26 19:08:07 +01:00
need to install anything on your main (host) system. **You can even run 32-bit applications
on pure 64-bit systems**.
2021-03-26 18:03:50 +01:00
* Based on Arch Linux, so it contains latest software, including latest
videodrivers.
2021-03-26 18:14:38 +01:00
* Almost completely seamless experience. All applcations that you run
2021-03-26 18:03:50 +01:00
with Conty store their configs in your HOME directory as if you wouldn't
use container at all.
2021-03-26 18:29:43 +01:00
* Supports filesystem sandboxing.
2021-03-26 18:03:50 +01:00
## Requirements
2021-03-28 18:45:20 +02:00
The only requirements are **bash** , **fuse2** , **tar** and **coreutils** . And your /tmp directory
2021-03-26 18:03:50 +01:00
should allow binaries execution (which it does by default on most distros).
2021-04-01 16:52:43 +02:00
Besides, your Linux kernel should support unprivileged user namespaces. On some
2021-03-26 18:03:50 +01:00
Linux distros this feature is disabled by default and can be enabled with sysfs:
```
sysctl kernel.unprivileged_userns_clone=1
```
or
```
echo 1 > /proc/sys/kernel/unprivileged_userns_clone
```
2021-04-01 16:17:49 +02:00
Even if unprivileged user namespaces are not supported in your kernel, you can still use Conty if you have bwrap with SUID bit in your system, in this case just tell Conty to use system-wide bwrap and squashfuse instead of the builtin ones.
```
export USE_SYS_UTILS=1
./conty.sh command command_arguments
```
2021-03-26 18:03:50 +01:00
## Usage
2021-03-26 18:14:38 +01:00
Either download ready-to-use executable from the [**releases** ](https://github.com/Kron4ek/Conty/releases ) page or create your
2021-03-26 18:03:50 +01:00
own (the instructions are below). Make it executable before run.
```
chmod +x conty.sh
./conty.sh command command_arguments
```
2021-03-27 10:07:44 +01:00
For example, if you want to run an application from your HOME or from somewhere on your storage run something like:
2021-03-26 18:03:50 +01:00
```
2021-03-27 10:07:44 +01:00
./conty.sh /full/path/to/a/binary
2021-03-26 18:03:50 +01:00
```
2021-03-30 11:37:07 +02:00
Conty also contains Steam, Lutris, PlayOnLinux, Wine-Staging-TkG and many more.
2021-03-26 18:03:50 +01:00
```
./conty.sh steam
./conty.sh lutris
2021-03-30 11:37:07 +02:00
./conty.sh playonlinux
2021-03-26 18:03:50 +01:00
./conty.sh wine app.exe
```
2021-03-27 11:52:26 +01:00
It has a builtin file manager (pcmanfm):
```
./conty.sh pcmanfm
```
2021-03-27 11:53:39 +01:00
Want to check if graphics acceleration works? Run glxinfo, glxgears, vulkaninfo and vkcube:
2021-03-26 18:03:50 +01:00
```
./conty.sh glxinfo | grep direct
./conty.sh glxgears
2021-03-27 11:52:26 +01:00
./conty.sh vulkaninfo
2021-03-27 11:53:39 +01:00
./conty.sh vkcube
2021-03-26 18:03:50 +01:00
```
2021-03-27 11:52:26 +01:00
You can even use Conty for compilation:
```
./conty.sh gcc src.c
./conty.sh git clone https://something.git
cd something & & ./conty.sh ./configure
./conty.sh make
```
There are many more integrated programs. You can list all of them with:
2021-03-26 18:03:50 +01:00
```
./conty.sh ls /usr/bin
```
2021-03-27 11:53:39 +01:00
Let me know if you want something else to be included in the container.
2021-03-28 16:45:18 +02:00
There are some other features, see the internal help for more information.
```
./conty.sh --help
```
2021-03-26 18:03:50 +01:00
## Sandbox
2021-03-27 11:52:26 +01:00
2021-03-26 18:14:38 +01:00
Conty uses bubblewrap and thus supports filesystem sandboxing. By default
2021-03-26 18:03:50 +01:00
it's disabled and all directories on your system are available for the container.
2021-03-26 18:14:38 +01:00
You can enable sandboxing with the **SANDBOX** environment variable. You can allow
2021-03-27 11:33:17 +01:00
access to directories and/or files you want with the **BIND** variable. And it's
2021-03-28 16:45:18 +02:00
also possible to disable network with the **DISABLE_NET** . And you can set custom HOME directory
with the **HOME_DIR** variable. For instance:
2021-03-26 18:03:50 +01:00
```
export DISABLE_NET=1
export SANDBOX=1
2021-03-27 11:33:17 +01:00
export BIND="/home/username/.steam /home/username/.local/share/Steam"
2021-03-26 20:09:45 +01:00
./conty.sh steam
2021-03-26 18:03:50 +01:00
```
2021-03-28 16:45:18 +02:00
Or
```
export DISABLE_NET=1
export SANDBOX=1
export HOME_DIR="/home/username/custom_home_dir"
./conty.sh steam
```
2021-03-26 18:03:50 +01:00
2021-03-31 11:00:09 +02:00
If you just want a sandboxing functionality but don't need a container with a full-size Linux ditro inside (which is what Conty mainly is), i recommend to take a look directly at these projects: [bubblewrap ](https://github.com/containers/bubblewrap ) and [firejail ](https://github.com/netblue30/firejail ). Sandboxing is a good additional feature of Conty, but is not its main purpose.
2021-03-29 10:31:33 +02:00
## Known issues
Nvidia users will experience problems if their Nvidia kernel module version mismatches the version of the Nvidia libraries inside Conty.
2021-03-29 16:13:35 +02:00
For example, if the version of your Nvidia kernel module is 460.56 and the libraries inside the container are from 460.67 version, then graphics acceleration will not work.
2021-03-29 10:31:33 +02:00
2021-03-30 11:35:35 +02:00
There is an experimental solution for this problem in the latest Conty release that can be enabled with the **NVIDIA_FIX** variable. If you encounter this problem, please let me know if this feature does or doesn't fix it for you.
```
export NVIDIA_FIX=1
./conty.sh glxgears
```
2021-03-29 10:31:33 +02:00
2021-03-26 18:14:38 +01:00
## How to create your own Conty executables
2021-03-26 18:03:50 +01:00
2021-03-28 18:42:27 +02:00
If you want to create Arch-based container, then use the **create-arch-bootstrap.sh** script. Root rights
2021-03-26 18:03:50 +01:00
are required for this step, because chrooting is used here.
```
./create-arch-bootstrap.sh
```
2021-03-26 21:24:50 +01:00
You can edit the script if you want to include different set of packages inside
2021-03-26 18:03:50 +01:00
the container.
2021-03-26 21:24:50 +01:00
If you want to use some other distro, then you need to manually obtain it from somewhere.
2021-03-26 18:03:50 +01:00
2021-04-11 23:50:25 +02:00
For the sake of convenience, there are compiled binaries of bwrap and squashfuse and their dependencies (utils.tar) uploaded in this repo, you can use them or you can use your own binaries. Use the **create-utils.sh** script to easily compile your own bwrap and squashfuse. Just make sure to set the correct size of the **utils.tar** in the **conty-start.sh** .
2021-03-28 18:36:56 +02:00
```
./create-utils.sh
```
2021-03-28 14:46:15 +02:00
2021-03-28 18:41:28 +02:00
When distro bootsrap and utils.tar are obtained, use the **create-conty.sh** script to pack
2021-03-26 18:03:50 +01:00
everything into a single executable.
```
./create-conty.sh
```
Done!