parke / lxroot Goto Github PK

View Code? Open in Web Editor NEW

97.0 8.0 9.0 192 KB

A lightweight, flexible, and safer alternative to chroot and/or Docker.

License: GNU General Public License v3.0

C++ 57.55% Makefile 1.46% Shell 39.48% C 1.51%

chroot-environment chroot linux namespace cli virtualization userland lightweight

lxroot's Introduction

Lxroot - a software virtualization tool

About Lxroot

lxroot is a lightweight and safe alternative to chroot, Docker, and other software virtualization tools.

lxroot allows a non-root user to easily and safely create a "chroot-style" virtual software environment (via Linux namespaces), and then run one or more programs inside that environment.

Project Status

As of September 2023, Lxroot is still under intermittent development. I seem to work on Lxroot several times per year. Typically, when I work on Lxroot, I spend several days either adding new features or refactoring existing features to make Lxroot easier to use.

I personally run software inside Lxroot every hour of every day, all year long. As time passes, I am increasing the quantity and variety of programs that I run inside of Lxroot.

To the best of my knowledge, I am the only person who uses Lxroot regularly. Therefore, I have been investing my energy in improving Lxroot, rather than documenting the improvements and publishing updates. Therefore, if you are interested in using Lxroot, please let me know so that I can provide you with the updated and improved source code.

Lxroot Worlds

As of September 2023, I now call an Lxroot-based chroot-style-environment a "world".

To manually create Apline Linux world named alpine, I could (for example), do the following:

$  mkdir  -p  alpine/newroot    #  this directory is required.
$  tar  xzf  alpine-minirootfs.tar.gz  -C alpine/newroot
$  mkdir  alpine/home           #  this directory is optional.
$  mkdir  alpine/tmp            #  this directory is optional.
$  lxroot  alpine               #  use Lxroot to enter the world.

When Lxroot runs, the following directories will be bind-mounted into alpine/newroot:

source           target
alpine/home  ->  alpine/newroot/home
alpine/tmp   ->  alpine/newroot/tmp

Then Lxroot will chroot into alpine/newroot.

Any of newroot, home, and tmp can be symbolic links. This allows directories to be shared across multiple worlds. (Lxroot can bind-mount any subdirectory into newroot, not just the two examples shown above.)

On a Linux kernel version 5.11 and later, Lxroot can also create and chroot into a kernel-level overlay filesystem. An Lxroot-world can simultaneously use both an overlay filesystem and one or more bind-mounted subdirectories.

I have written custom scripts that create Lxroot-worlds based on various Linux distributions. The below table summaries the types of Lxroot-worlds that I regularly create and/or use. The distros are ordered from most commonly used (by me) to least commonly used.

Base distro	Create world with	Install binary packages with	Can build packages?
Debian, Ubuntu, Mint	`mk-deb.sh`	`fakeroot` and `apt`	Probably?
Alpine	`mk-alpine.sh` (1)	`apk`	Probably?
Flatpak	`mk-alpine.sh` (1)	`flatpak`	Probably?
Arch	`mk-arch.sh` (1)	`pacman`	Probably?
Arch AUR	`mk-arch.sh` (1)	(n/a)	Probably?
Void	Create by hand? (2)	`xbps-install`? (2)	Probably?

Notes: (1) I have not yet published mk-alpine.sh and mk-arch.sh. (2) It has been a long time since I used Void Linux inside Lxroot, but there is a good chance that XBPS will "just work" inside Lxroot.

(Aside: Previously, I used a separate tool called vland to create and work with Lxroot environments. However, vland is now obsolete and unsupported. vland's functionality was either (a) moved into Lxroot itself, or (b) moved into smaller, stand-alone scripts.)

Videos

Lxroot presentation at PackagingCon 2021: abstract | slides | video

lxroot's People

Contributors

Stargazers

Watchers

Forkers

timb-machine-mirrors dorgeln giordano laplacekorea matthewpersico mybigman johanmabille nuc1eon mdferdousalam

lxroot's Issues

`sudo` fails to run inside Lxroot

First of all, let me say... this program works amazingly, and is great for running glibc programs (like discord) on a musl install, without the hassle or sudo requirements of chroot.

I have found that using lxroot -nx ./guest, sudo will fail to run.
error message:

sudo: /etc/sudo.conf is owned by uid 1000, should be 0
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

Project status

Hello. I saw your repository and I like the project and consider using your program for a project of mine (involving compiling stuff on an alpine environment).

I wonder what do you have in mind for the future?
Do you currently use it, or know any project that does?

Currently there is hardly any documentation. A man page could be great, or at least an up-to-date readme.

Makefile could use a little help. I like to add a little -Wextra to catch a few more things that could go wrong.

I skimmed the project, and I saw there is a lot of code. A big chunk of it is dead-code, commented.
I wonder what parts of your code are relevant to the core functionality, C++ really seems overkill.
Could a few lines of shell, or a makefile, do the trick?
1000+ lines of C++ calling ls, cp, mkdir, cd, bind, mount, umount… do seems like shell scripting anyway. Did I miss something?

Thanks for reading my comment/suggestion/encouragement/help/rant.

Build error: "g++: No such file or directory"

make build command gave me the following error

g++  -g   -fmax-errors=2  -Wall  -Wextra      unit.cpp  -o bin/lxroot-unit
make: g++: No such file or directory
make: *** [Makefile:46: bin/lxroot-unit] Error 127

my current os

Ubuntu 22.04.1 LTS

Compilation fails with Glibc 2.33

% make build 
mkdir  -p  bin
g++  -g   -fmax-errors=2  -Wall  -Werror  -Wextra  -Wno-unused-parameter  lxroot.cpp  -o bin/lxroot
lxroot.cpp: In static member function ‘static flags_t Syscall::st_to_ms(flags_t)’:
lxroot.cpp:731:42: error: comparison between ‘enum<unnamed>’ and ‘enum<unnamed>’ [-Werror=enum-compare]
  731 |     #define  if_equal(     a, b )  (   a == b                ? b : 0 )
      |                                          ^
lxroot.cpp:735:7: note: in expansion of macro ‘if_equal’
  735 |       if_equal         (  ST_RDONLY,       MS_RDONLY       )
      |       ^~~~~~~~
lxroot.cpp:731:42: error: comparison between types ‘<unnamed enum>’ and ‘<unnamed enum>’ [-Werror=sign-compare]
  731 |     #define  if_equal(     a, b )  (   a == b                ? b : 0 )
      |                                          ^
lxroot.cpp:735:7: note: in expansion of macro ‘if_equal’
  735 |       if_equal         (  ST_RDONLY,       MS_RDONLY       )
      |       ^~~~~~~~
compilation terminated due to -fmax-errors=2.
make: *** [Makefile:36: bin/lxroot] Error 1
% g++ --version
g++ (GCC) 11.1.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
% uname -r
5.10.76-1-lts
% /usr/lib64/libc.so.6 
GNU C Library (GNU libc) release release version 2.33.
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 11.1.0.
libc ABIs: UNIQUE IFUNC ABSOLUTE
For bug reporting instructions, please see:
<https://bugs.archlinux.org/>

Unit test fails with "error rdonly nr/ Operation not permitted" on Void Linux

Upon running make unit, the test fails with the following message.
I am running this on void linux.

-  test_no_home

--------

unit2.sh  test fail

  line     181

  expect   'foo'
  actual   'err  1  lxroot  error  rdonly  nr/
  Operation not permitted'

  cwd      /tmp/lxroot-unit
  env1     env -
  lxr1     ./lxr nr
  argv     -- echo foo
  cmd1
  command  env - ./lxr nr -- echo foo
  status   1

  stdout  lxroot  error  rdonly  nr/
  Operation not permitted

Demo3 fails with md5sum verification error

Looks like the iso has changed?

$ make demo3
make  demo3-base    #  This allows overrding of the demo3 recipe.
make[1]: Entering directory '/home/matthew/gits/github/matthewpersico/lxroot'
if  [ ! -f /tmp/lxroot-demo/dist/archlinux-2021.06.01-x86_64.iso ]  ;  then  \
  wget  --continue  -O  /tmp/lxroot-demo/dist/archlinux-2021.06.01-x86_64.iso  https://mirror.rackspace.com/archlinux/iso/2021.06.01/archlinux-2021.06.01-x86_64.iso  ;  fi

demo3  create userland1
bash  aux/demo.sh  demo1_extract  /tmp/lxroot-demo  /tmp/lxroot-demo/demo3
demo1_extract  already done
cp  /etc/resolv.conf  /tmp/lxroot-demo/demo3/etc/
mkdir  -p  /tmp/lxroot-demo/demo3/dist
ln  -f  /tmp/lxroot-demo/dist/archlinux-2021.06.01-x86_64.iso  /tmp/lxroot-demo/demo3/dist

cp  aux/demo.sh  /tmp/lxroot-demo/demo3/root/
bin/lxroot  -nw  /tmp/lxroot-demo/demo3  \
  --  /bin/ash  /root/demo.sh  demo3_u1_create_u2
demo3_u1_create_u2
+  apk add p7zip squashfs-tools
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
OK: 13 MiB in 22 packages
md5sum  /dist/archlinux-2021.06.01-x86_64.iso
verify    md5sum  /dist/archlinux-2021.06.01-x86_64.iso
  expect  1bf76d864651cc6454ab273fd3d2226a
  actual  d41d8cd98f00b204e9800998ecf8427e
verify  failed  exiting...
make[1]: *** [Makefile:100: demo3-base] Error 1
make[1]: Leaving directory '/home/matthew/gits/github/matthewpersico/lxroot'
make: *** [Makefile:119: demo3] Error 2

Here's the system I am running on:

$ uname -a
Linux MONOLITH 5.4.72-microsoft-standard-WSL2 #1 SMP Wed Oct 28 23:40:43 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Although I have to say, this is a lxroot running in an lxroot running in a WSL2 session running on Windows. It's %#$%@!@# amazing that it all works. Kudos to you!

Lxroot fails to detect insufficient Xorg display sharing permissions

the -x option maybe should automatically run xhost + local:?

Source

alacritty, firefox and discord won't launch without doing it on the host system first.
I am not aware of the implications of that command, so take this with a grain of salt.