2021-03-26 18:03:50 +01:00
|
|
|
## Conty
|
|
|
|
|
|
|
|
This is an easy to use non-root container compressed into squashfs and packed
|
|
|
|
into a single executable that runs (or at least should run) on most Linux distros.
|
|
|
|
|
2021-03-26 18:29:43 +01:00
|
|
|
You can use it to run any applications, including games (Vulkan and OpenGL).
|
|
|
|
|
2021-03-26 18:03:50 +01:00
|
|
|
Besides, due to bubblewrap, Conty also supports true filesystem sandboxing, so you can even use it to sandbox
|
|
|
|
your applications.
|
|
|
|
|
|
|
|
It uses two technologies:
|
2021-03-26 18:29:43 +01:00
|
|
|
* SuqashFS (using squashfuse)
|
2021-03-26 18:03:50 +01:00
|
|
|
* Linux namespaces (using bubblewrap)
|
|
|
|
|
|
|
|
## Benefits
|
|
|
|
|
2021-03-26 18:17:36 +01:00
|
|
|
* Single executable - download and run, nothing else it required.
|
2021-03-26 18:30:03 +01:00
|
|
|
* Root rights are **not required**.
|
2021-03-26 18:03:50 +01:00
|
|
|
* Compressed into squashfs, so it takes much less disk space than
|
|
|
|
unpacked containers.
|
2021-03-26 18:17:36 +01:00
|
|
|
* Contains many libraries and packages so it can run almost everything. And you don't
|
|
|
|
need to install anything on your main (host) system. You can even run 32-bit applications
|
2021-03-26 18:03:50 +01:00
|
|
|
on pure 64-bit systems.
|
|
|
|
* Based on Arch Linux, so it contains latest software, including latest
|
|
|
|
videodrivers.
|
2021-03-26 18:14:38 +01:00
|
|
|
* Almost completely seamless experience. All applcations that you run
|
2021-03-26 18:03:50 +01:00
|
|
|
with Conty store their configs in your HOME directory as if you wouldn't
|
|
|
|
use container at all.
|
2021-03-26 18:29:43 +01:00
|
|
|
* Supports filesystem sandboxing.
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
## Requirements
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
The only requirements are **bash**, **fuse2** and **tar**. And your /tmp directory
|
2021-03-26 18:03:50 +01:00
|
|
|
should allow binaries execution (which it does by default on most distros).
|
|
|
|
|
|
|
|
Also, your Linux kernel must support unprivileged user namespaces. On some
|
|
|
|
Linux distros this feature is disabled by default and can be enabled with sysfs:
|
|
|
|
|
|
|
|
```
|
|
|
|
sysctl kernel.unprivileged_userns_clone=1
|
|
|
|
```
|
|
|
|
or
|
|
|
|
```
|
|
|
|
echo 1 > /proc/sys/kernel/unprivileged_userns_clone
|
|
|
|
```
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
Either download ready-to-use executable from the [**releases**](https://github.com/Kron4ek/Conty/releases) page or create your
|
2021-03-26 18:03:50 +01:00
|
|
|
own (the instructions are below). Make it executable before run.
|
|
|
|
|
|
|
|
```
|
|
|
|
chmod +x conty.sh
|
|
|
|
./conty.sh command command_arguments
|
|
|
|
```
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
For example, if you want to run an application from your HOME directory run:
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
```
|
|
|
|
./conty.sh /home/username/App/application_binary
|
|
|
|
```
|
|
|
|
|
|
|
|
Conty also contains Steam, Lutris, Wine-Staging and much more.
|
|
|
|
|
|
|
|
```
|
|
|
|
./conty.sh steam
|
|
|
|
./conty.sh lutris
|
|
|
|
./conty.sh wine app.exe
|
|
|
|
```
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
Want to check if graphics acceleration works? Run glxinfo and glxgears:
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
```
|
|
|
|
./conty.sh glxinfo | grep direct
|
|
|
|
./conty.sh glxgears
|
|
|
|
```
|
|
|
|
|
|
|
|
List all built-in binaries with:
|
|
|
|
|
|
|
|
```
|
|
|
|
./conty.sh ls /usr/bin
|
|
|
|
```
|
|
|
|
|
|
|
|
## Sandbox
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
Conty uses bubblewrap and thus supports filesystem sandboxing. By default
|
2021-03-26 18:03:50 +01:00
|
|
|
it's disabled and all directories on your system are available for the container.
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
You can enable sandboxing with the **SANDBOX** environment variable. You can allow
|
|
|
|
access to directories you want with the **WHITELIST_DIRS** variable. And it's
|
|
|
|
also possible to disable network with the **DISABLE_NET**. For example:
|
2021-03-26 18:03:50 +01:00
|
|
|
|
|
|
|
```
|
|
|
|
export DISABLE_NET=1
|
|
|
|
export SANDBOX=1
|
|
|
|
export WHITELIST_DIRS="/home/username/.cache /opt /home/username/Downloads"
|
|
|
|
./conty.sh command
|
|
|
|
```
|
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
## How to create your own Conty executables
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
If you want to create Arch-based container then use the **create-arch-bootstrap.sh** script. Root rights
|
2021-03-26 18:03:50 +01:00
|
|
|
are required for this step, because chrooting is used here.
|
|
|
|
|
|
|
|
```
|
|
|
|
./create-arch-bootstrap.sh
|
|
|
|
```
|
|
|
|
|
|
|
|
You can edit the script, if you want to include different set of packages inside
|
|
|
|
the container.
|
|
|
|
|
2021-03-26 18:25:08 +01:00
|
|
|
If you want to use some other distro then you need to manually obtain it from somewhere.
|
2021-03-26 18:03:50 +01:00
|
|
|
|
2021-03-26 18:14:38 +01:00
|
|
|
When distro bootsrap is obtained, use the **create-conty.sh** script to pack
|
2021-03-26 18:03:50 +01:00
|
|
|
everything into a single executable.
|
|
|
|
|
|
|
|
```
|
|
|
|
./create-conty.sh
|
|
|
|
```
|
|
|
|
|
|
|
|
Done!
|