2021-03-26 18:03:50 +01:00
|
|
|
## Conty
|
|
|
|
|
|
|
|
This is an easy to use non-root container compressed into squashfs and packed
|
|
|
|
into a single executable that runs (or at least should run) on most Linux distros.
|
|
|
|
|
2021-03-26 18:29:43 +01:00
|
|
|
You can use it to run any applications, including games (Vulkan and OpenGL).
|
|
|
|
|
2021-03-26 18:03:50 +01:00
|
|
|
Besides, due to bubblewrap, Conty also supports true filesystem sandboxing, so you can even use it to sandbox
|
|
|
|
your applications.
|
|
|
|
|
2021-03-26 19:39:24 +01:00
|
|
|
In other words, it's a portable Arch Linux distro packed into a single executable that can be used to run any applications. Conty combines benefits of
|
|
|
|
flatpak and AppImage.
|
|
|
|
|
2021-03-26 18:03:50 +01:00
|
|
|
It uses two technologies:
|
2021-03-26 21:24:50 +01:00
|
|
|
* SuqashFS (using [squashfuse](https://github.com/vasi/squashfuse))
|
|
|
|
* Linux namespaces (using [bubblewrap](https://github.com/containers/bubblewrap))
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
## Benefits
|
|
|
|
|
2021-03-26 19:13:05 +01:00
|
|
|
* Single executable - download (or create) and run, nothing else it required.
|
2021-03-26 18:30:03 +01:00
|
|
|
* Root rights are **not required**.
|
2021-03-26 18:03:50 +01:00
|
|
|
* Compressed into squashfs, so it takes much less disk space than
|
|
|
|
unpacked containers.
|
2021-03-26 18:17:36 +01:00
|
|
|
* Contains many libraries and packages so it can run almost everything. And you don't
|
2021-03-26 19:08:07 +01:00
|
|
|
need to install anything on your main (host) system. **You can even run 32-bit applications
|
|
|
|
on pure 64-bit systems**.
|
2021-03-26 18:03:50 +01:00
|
|
|
* Based on Arch Linux, so it contains latest software, including latest
|
|
|
|
videodrivers.
|
2021-03-26 18:14:38 +01:00
|
|
|
* Almost completely seamless experience. All applcations that you run
|
2021-03-26 18:03:50 +01:00
|
|
|
with Conty store their configs in your HOME directory as if you wouldn't
|
|
|
|
use container at all.
|
2021-03-26 18:29:43 +01:00
|
|
|
* Supports filesystem sandboxing.
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
## Requirements
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
The only requirements are **bash**, **fuse2** and **tar**. And your /tmp directory
|
2021-03-26 18:03:50 +01:00
|
|
|
should allow binaries execution (which it does by default on most distros).
|
|
|
|
|
|
|
|
Also, your Linux kernel must support unprivileged user namespaces. On some
|
|
|
|
Linux distros this feature is disabled by default and can be enabled with sysfs:
|
|
|
|
|
|
|
|
```
|
|
|
|
sysctl kernel.unprivileged_userns_clone=1
|
|
|
|
```
|
|
|
|
or
|
|
|
|
```
|
|
|
|
echo 1 > /proc/sys/kernel/unprivileged_userns_clone
|
|
|
|
```
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
Either download ready-to-use executable from the [**releases**](https://github.com/Kron4ek/Conty/releases) page or create your
|
2021-03-26 18:03:50 +01:00
|
|
|
own (the instructions are below). Make it executable before run.
|
|
|
|
|
|
|
|
```
|
|
|
|
chmod +x conty.sh
|
|
|
|
./conty.sh command command_arguments
|
|
|
|
```
|
|
|
|
|
2021-03-27 10:07:44 +01:00
|
|
|
For example, if you want to run an application from your HOME or from somewhere on your storage run something like:
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
```
|
2021-03-27 10:07:44 +01:00
|
|
|
./conty.sh /full/path/to/a/binary
|
2021-03-26 18:03:50 +01:00
|
|
|
```
|
|
|
|
|
|
|
|
Conty also contains Steam, Lutris, Wine-Staging and much more.
|
|
|
|
|
|
|
|
```
|
|
|
|
./conty.sh steam
|
|
|
|
./conty.sh lutris
|
|
|
|
./conty.sh wine app.exe
|
|
|
|
```
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
Want to check if graphics acceleration works? Run glxinfo and glxgears:
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
```
|
|
|
|
./conty.sh glxinfo | grep direct
|
|
|
|
./conty.sh glxgears
|
|
|
|
```
|
|
|
|
|
|
|
|
List all built-in binaries with:
|
|
|
|
|
|
|
|
```
|
|
|
|
./conty.sh ls /usr/bin
|
|
|
|
```
|
|
|
|
|
|
|
|
## Sandbox
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
Conty uses bubblewrap and thus supports filesystem sandboxing. By default
|
2021-03-26 18:03:50 +01:00
|
|
|
it's disabled and all directories on your system are available for the container.
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
You can enable sandboxing with the **SANDBOX** environment variable. You can allow
|
|
|
|
access to directories you want with the **WHITELIST_DIRS** variable. And it's
|
2021-03-26 20:09:45 +01:00
|
|
|
also possible to disable network with the **DISABLE_NET**. For instance:
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
```
|
|
|
|
export DISABLE_NET=1
|
|
|
|
export SANDBOX=1
|
2021-03-26 20:09:45 +01:00
|
|
|
export WHITELIST_DIRS="/home/username/.steam /home/username/.local/share/Steam"
|
|
|
|
./conty.sh steam
|
2021-03-26 18:03:50 +01:00
|
|
|
```
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
## How to create your own Conty executables
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
If you want to create Arch-based container then use the **create-arch-bootstrap.sh** script. Root rights
|
2021-03-26 18:03:50 +01:00
|
|
|
are required for this step, because chrooting is used here.
|
|
|
|
|
|
|
|
```
|
|
|
|
./create-arch-bootstrap.sh
|
|
|
|
```
|
|
|
|
|
2021-03-26 21:24:50 +01:00
|
|
|
You can edit the script if you want to include different set of packages inside
|
2021-03-26 18:03:50 +01:00
|
|
|
the container.
|
|
|
|
|
2021-03-26 21:24:50 +01:00
|
|
|
If you want to use some other distro, then you need to manually obtain it from somewhere.
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
When distro bootsrap is obtained, use the **create-conty.sh** script to pack
|
2021-03-26 18:03:50 +01:00
|
|
|
everything into a single executable.
|
|
|
|
|
|
|
|
```
|
|
|
|
./create-conty.sh
|
|
|
|
```
|
|
|
|
|
|
|
|
Done!
|