subuser-security / subuser Goto Github PK

just tried something install firefox.

uninstall libx11

message is:

The program has been uninstalled but it's home directory remains:
/home/workerm/subuser/homes/libx11

BUT: there is no home directory for libX11

I wondered: is it allowed to have in the permission.json for instance empty entries like

{
 "description"                : "The firefox web browser.\n Note: If you have a different version of firefox running already, you must launch firefox with the -new-instance command line argument."
 ,"executable"                : ""
 ,"dependency"                : ""
}

because in such a case it is not enough to check for the existence of a key but needs also a check for the value - e.g. dependency

for me this is quite unusual that this declaration is in-lined

def setupUserDirSymlinks(userDirs)  

https://github.com/timthelion/subuser/blob/master/logic/subuserCommands/run#L102

I thought you should know my plans:

I'm still not sure if docker does what I hope for:

• Basically have a very stable base host system without most apps: maybe only lightweight window-manager not sure yet
• have all the usual apps in containers
  • this requires sound, live video, skype, ect to work

I will invest 1or 2 more days into subuser:

• because I do not know if docker 'really' can be used as I plan (just seeing your problems with chrome, vim and other issues: 'don't know how to fix') I will invest today and maybe tomorrow to still work on subuser and after that get into testing docker
• if it works as expected I will migrate to docker-subuser else probably skip it and use docker (maybe subuser) for only selected things

Plan to implement in subuser

• here should be an "install-from-registry" command which installs all of the programs listed in installed-programs.json file. #23

• save to disk and use them in the install proccess
  ENHANCMENT: save compressed subuser images #50
  and more uptodate: see explanation: 47e3647#commitcomment-5405340

  I will remove the extra folder as you suggested and save the images in each: program folder/image subfolder

It should be possible to have the "programsThatCanBeInstalled" and the "bin" directory somewhere other than the subuser directory. The subuser directory should be able to be installed somewhere separate from the user data.

I think this would be wise if we also register in the installed-programs.json the full docker image ID.

NAMES/TAGS are all useful things but the full IMAGE ID does not change: I can tag a image multiple time

subuser-firefox_peter 75e6247cc29b......
subuser-firefox_tim 75e6247cc29b......

but the image ID is stable

host ubuntu13:10 docker 0.8

installing with subuser/building with docker I get a lot of Red lines like

debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (This frontend requires a controlling tty.)
debconf: falling back to frontend: Teletype

no bigger problem:

adding ENV TERM linux at the beginning of the dockerfile removes the issue

FROM ubuntu
ENV TERM linux
RUN apt-get update
.....

update: just checked this: only export TERM=linux ' before usingsubuser install ...` seems not to work

just a question: do you want to support also other host OS except of Linux?

Because than one would have to watch out for a lot of things: e.g. not sure if Windows could use your dockerside-scripts shell scripts.

Myself, I don't care about Windows or MAC OSX but others might?

Just a general question...

eventhough subuser is about running apps - sometimes I find myself in the need to inspect a container: e.g. to test some apt-get install updates ect..

till now one has to go through docker: e.g.

sudo docker run -i -t subuser-firefox_libx11_libubuntu_trusty /bin/bash

I suggest adding something similar to subuser run: e.g to a new logo to subuser program:
firefox_libx11_libubuntu_trusty container

$ subuser run firefox_libx11_libubuntu_trusty --container

keep common task in subuser interface

d230c69

1. user lists available programs

workerm@notebook:~$ subuser list available --short
emacs  firefox  firefox-java  git  irssi  libreoffice  libx11  vim  xterm
workerm@notebook:~$

subuser install libx11libx11

subuser list installed

workerm@notebook:~$ subuser list installed
workerm@notebook:~$ 

I know it's just a library but should it not appear somewhere as installed - just a question

installing afterwards firefox: lists only firefox

workerm@notebook:~$ subuser list installed
firefox
workerm@notebook:~$ 

uninstalling firefox:

workerm@notebook:~$ subuser uninstall firefox
Untagged: 9febfd575a531f919e0cbdc7dca40b3a409919bba59e8da12124b32afcc97898
Deleted: 9febfd575a531f919e0cbdc7dca40b3a409919bba59e8da12124b32afcc97898
Deleted: 8e6c7c3d0512090d92b8a288096de125007aa523212d9737c4a15dc6beb6b83b
firefox uninstalled successfully.

uninstalling: libx11

workerm@notebook:~$ subuser uninstall libx11
Could not uninstall libx11 program is not installed.
Issue the `subuser uninstall program-name` command to uninstall a program. NOTE: this operation does not remove that program's home directory.
workerm@notebook:~$ 

BUT clearly docker images shows it

workerm@notebook:~$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
subuser-libx11      latest              4b0536ddf4a9        8 minutes ago       275.8 MB
<none>  

Just a question: but I think if something gets installed through subuser it should be possible to deinstalleit through subuser

e.g. current. vim

{
 "description"                : "A simple powerful text editor"
 ,"maintainer"                : "Timothy Hobbs <timothyhobbs (at) seznam dot cz>"
 ,"last-update-time"          : "2014-02-12-12:59"
 ,"executable"                : "/usr/bin/vim"
 ,"x11"                       : false
 ,"inherit-working-directory" : true
 ,"allow-network-access"      : false
}

After $ subuser mark-as-needing-update vim

{
 "executable": "/usr/bin/vim",
 "maintainer": "Timothy Hobbs <timothyhobbs (at) seznam dot cz>",
 "description": "A simple powerful text editor",
 "last-update-time": "2014-02-18-18:24",
 "inherit-working-directory": true,
 "x11": false,
 "allow-network-access": false
}

keeping comma in the beginning at the end will make the changes less obvious and is more standard with how python json handles it The mark-as-needing-update command messes up the order of attributes in permissions.json #32

just something I noticed and a suggestion

First I did not think about it but there is a dependency install loop
https://github.com/timthelion/subuser/blob/master/logic/subuserCommands/install#L50 -

e.g using it with the MakeBaseImage one notices it which is not good.

my suggestion:

• implementing a simple dependency tree generator function (Did already)
• before installation of a subuser program generate the dependency tree and start installing from bottom->up.

I will do that and send a pullrequest later

BTW: a simple dependency tree might be in any case nice: maybe even as a separate command (not sure) a bit similar to 'docker images --tree'

subuser dependency-tree firefox
firefox
libx11
libubuntu_lucid

installation would be from bottom up:
libubuntu_lucid
libx11
firefox

General test cases

Python2 vs 3 test cases

hi,

I read your: https://github.com/timthelion/subuser/blob/master/CONTRIBUTING.md

When using the FROM command, you must not build your docker-image 
off a user uploaded image(even a verified one) 
you can only build off the official docker images.

I do not like to rely on uploaded base images but prefer to have all locally build.

So here is a suggestion: maybe add one additional subfolder
e.g. makeBaseImages

there one could have subfolders with base image which do not build with a dockerfile but with an shell script similar to something like in: https://github.com/dotcloud/docker/tree/master/contrib mkimage-....

makeBaseImages
    libscratch
            mkimage-libscratch.sh
    libubuntu13.10
            mkimage-libubuntu13.10.sh
    .....

script file convention maybe:
mkimage-libscratch.sh
mkimage-libubuntu13.10.sh

I would suggest to follow your TAG convention:
should result in TAG version subuser-libscratch:latest
resulting in TAG version subuser-libubuntu13.10:latest

such images should be also allowed to be used with the FROM command

just an suggestion though if you do not want something like that in your project is also fine.

P

what if a user executes 2 or more subuser install commands in different console? Would that be a problem if common containers are updated?

not urgent but just thought about it

just some code example if needed:

GET INSTALLEDDOCKER IMAGE ID BY subuser programName

dockerCommand = """(docker inspect subuser-%s | grep id | cut -d '"' -f 4)""" % programName
programDockerImageID = subprocess.check_output([dockerCommand], shell=True)

In similar method: GET INSTALLEDDOCKER IMAGE CREATION_DATE_TIME BY subuser programName

dockerCommand = """(docker inspect subuser-%s | grep created | cut -d '"' -f 4)""" % programName
programDockerImageCreationTime = subprocess.check_output([dockerCommand], shell=True)

maybe you can use something like that for your registry: the Image ID might be quite useful to have - and maybe replace the installed-programs.json Time with the true creation time: not sure about that?

See #19

Just a general feedback: Contributing code to the repository:
1.
I like that you use descriptive variables and not only f, e, a
It is not so usual to see so long variable names: but it is very much similar as I do all my coding (even though I make usually more often use of underscore too)

👍

not using 80 collumn code formatting.

very similar to what I used to do in my coding - even though sometimes a split argument line is easier to read - so I would not be too strict
e.g.

my_dictionary = { "test" : 1,
                             "blabla" : 23,
                             "sound" : 245
                             }

in this case it might be better than one long line if there are many items but I do not like to be bound by a 80 char line. use it as it makes sense: and you are right about line wrapping.

👍

• Indent each block by a single space.
  PROS: it helps to keep the space if there are more nested statements
  CONS: Personally I think it reduces the readability a lot: one of the main features of python is making use of 'indention' and one space does not give that easy recognition (in my opinion)

So I do not like it because the CONS are much more server than the PROS
I think a good middle way would be 2 spaces indention.
👎

https://github.com/timthelion/subuser/blob/master/logic/subuserCommands/install#L62

subuserlib.utils.subprocessCheckedCall(["chmod","+x",executablePath])

could be replaced with

import stat

...


...
 #subuserlib.utils.subprocessCheckedCall(["chmod","+x",executablePath])
  st = os.stat(executablePath)
  os.chmod(executablePath, stat.S_IMODE(st.st_mode) | stat.S_IEXEC)
#OR which is less restrictive giving everyone execution rights
os.chmod(executablePath, stat.S_IMODE(st.st_mode) | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH)

If user A installs firefox through subuser then an image tagged subuser-firefox is created.

If user B installs a different version of firefox through subuser, that new version will also be tagged subuser-firefox thus both user A and B will have B's version of firefox.

Do I understand you correctly her:

# This command updated all of the installed subuser programs.
# It works in 4 phases:
#  Create a dictionary of installed program-name booleans where the booleans represent whether the program needs updating
#  Mark each program who's last-update-time has changed from it's installed last-update-time as needing to be updated

if a user specified: subuser update vim firefox xterm
but only the last-update-time has changed from it's installed last-update-time for firefox: ONLY firefox + dependency get updated??? and vim xterm are just skipped of any updated(because ther times did not change) ??

The contained X11 servers should be accessible to the main X11 server via xpra.org, VNC, or wayland.

I was wondering what you think:

would it make sense instead of all the subprocess calls to use a much simplified version of something like:

https://github.com/dotcloud/docker-py/blob/master/docker/client.py
I mean only the things what subuser needs:

CONS::

 1. Not sure if that suports other HOST OS except of linux

 2. Not sure if docker changes internally if one would need to adjust much
   (but that might be also needed if using subcalls?)

3. maybe/depending more dependencies

PROS::

1. than all would be in pure python and  not much subproccess calles.

2. probably nicer and better coding

played a bit with the above: https://github.com/dotcloud/docker-py/blob/master/docker

had to install: python-requests python-urllib3 python-websocket

for just a fast test quite nice:
build command did not work in the beginning though - probably mistake of mine

It should be easy to update your whole system of programs.

Running chromium doesn't work. More info: travis-ci/travis-ci#938

Even with the --no-sandbox argument it doesn't work. A black box is displayed in place of web pages.

I would suggest we refactor getInstalledPrograms to a list like getAvailablePrograms.

it would seem to be more consistent and also is often used and we could avoid all the

 installedPrograms = getInstalledPrograms()
 for program in installedPrograms.keys():

to a simple for program in getInstalledPrograms():

 for program in  getInstalledPrograms():

I can do that when I start with again with the new installed-programs.json format

We still need to load the dictionary as we use it often so maybe have a function:
getInstalledRegistry

hi,
just some first time user feedback: host: ubuntu 13:10

1. running $ subuser gives this output

You can use one of the following commands:
update
subuserlib
clean
current-utc-time
list
uninstall
run
install
workerm@notebook:~$ subuser list
Traceback (most recent call last):
  File "/home/workerm/subuser/logic/subuserCommands/list", line 10, in <module>
    if sys.argv[1] == "available":
IndexError: list index out of range

maybe it would make sense to add at least some requirements in the output: like:
subuser list [available/installed] or something like that

maybe also:
for more info about each option use: subuser <option> -h

but for example: subuser run -h gives an error

sometimes vim hard freezes - seems to be triggered by some key combination involving / or perhaps the search function
print program permissions at instalation time with a "do you want to continue [y/n] prompt

just a question: with time there might be many subuser programs/recipies in programsThatCanBeInstalled

do you think it would be wise to implement a better structure: like allowing subfolders

e.g.:

programsThatCanBeInstalled
    EXAMPLES
        bla bla
    DebianWheezyBased
        libdebian_wheezy
        libx11_debian_wheezy
        libmozilla_debian_wheezy
        firefox_debian_wheezy
    UbuntuLucidBase
        libubuntu_lucid
        bla bla

not sure if it would be better or worse - just a thought

hi I just checkout the last git version: a7815fc

you've got some errors into it

workerm@notebook:~$ subuser install firefox
Installing firefox
Traceback (most recent call last):
  File "/home/workerm/subuser/logic/subuserCommands/install", line 90, in <module>
    installProgram()
  File "/home/workerm/subuser/logic/subuserCommands/install", line 36, in installProgram
    permissions = subuserlib.permissions.getPermissions(programName)
UnboundLocalError: local variable 'subuserlib' referenced before assignment
workerm@notebook:~$ 

I installed subuser firefox and had some issues not running the subuser version.
I stopped the docker: sudo service docker stop

cause I had old docker stuff hanging around I deleted the whole docker folder: /var/lib/docker because of issue moby/moby#2714 (comment)

restart docker: sudo service docker start

subuser is completely messed up (understandable as it has still the installed-programs.json ect)

maybe in the future subuser could self heal a brocken situation like this

"lib" programs, or programs which don't have executables may become unneded if their dependents are uninstalled. These unneeded "libs" should be cleaned out with a single command to save disk space.

the help as it is now prints all commands in logic/subuserCommands which is very nice to add new things.

_but it should exclude: subuserlib as this is just a folder_

workerm@notebook:~$ subuser
You can use one of the following commands:
update
subuserlib
clean
current-utc-time
list
uninstall
run
install
for more info about each option use: subuser <option> -h
workerm@notebook:~$

I will post an update

timothy@timothy:~/configs/xmodmap.d/lenovo$ firefox
2014/02/17 12:36:44 dial unix /var/run/docker.sock: no such file or directory
Traceback (most recent call last):
File "/home/timothy/subuser/logic/subuserCommands/run", line 143, in
runProgram(programName)
File "/home/timothy/subuser/logic/subuserCommands/run", line 51, in runProgram
dockerImageName = subuserlib.dockerImages.getImageTagOfInstalledProgram(programName)
File "/home/timothy/subuser/logic/subuserCommands/subuserlib/dockerImages.py", line 21, in getImageTagOfInstalledProgram
roughImagesList = subprocess.check_output(["docker","images"])
File "/usr/lib/python2.7/subprocess.py", line 544, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['docker', 'images']' returned non-zero exit status 1

you write:

dependency: Any program may depend upon at most one other program to provide a base image for it to build off of.

Ex:

"dependency" : "some-program"

if it is not used: can a user still have the key just empty

"dependency" : ""

because than we have to check for such too: or is this not allowed

because I'm used more to python 3+ where

test = "JJJ"
print("ssss", test) 

result:ssss JJJ

but int python 2.7

test = "JJJ"
print("ssss", test) 

result:('ssss', 'JJJ')

maybe we should refactor print to + signs: like print("ssss "+test)

Should be fixed with #11

Before starting with subuser a couple of days ago I looked into saving compressed docker images to file.

Because I like to be as much as possible internet independent (or if one uses subuser with a slower connection on a mobile ect.. or download limit) I will add the option to save subuser program images to file.

build once transfer and install multiple times.

Despite running firefox based on the instructions from the dockerize your applications tutorial, sound does not work.

It should be able to prompt the user for their password if the user is not in the docker group, but at the same time tell them that they really should become a member of the docker group.