subuser-security / subuser Goto Github PK
View Code? Open in Web Editor NEWRun programs on linux with selectively restricted permissions.
Home Page: http://subuser.org
License: GNU Lesser General Public License v3.0
Run programs on linux with selectively restricted permissions.
Home Page: http://subuser.org
License: GNU Lesser General Public License v3.0
just tried something install firefox.
uninstall libx11
message is:
The program has been uninstalled but it's home directory remains:
/home/workerm/subuser/homes/libx11
BUT: there is no home directory for libX11
I wondered: is it allowed to have in the permission.json
for instance empty entries like
{
"description" : "The firefox web browser.\n Note: If you have a different version of firefox running already, you must launch firefox with the -new-instance command line argument."
,"executable" : ""
,"dependency" : ""
}
because in such a case it is not enough to check for the existence of a key but needs also a check for the value - e.g. dependency
for me this is quite unusual that this declaration is in-lined
def setupUserDirSymlinks(userDirs)
https://github.com/timthelion/subuser/blob/master/logic/subuserCommands/run#L102
I thought you should know my plans:
I'm still not sure if docker does what I hope for:
I will invest 1or 2 more days into subuser:
Plan to implement in subuser
here should be an "install-from-registry" command which installs all of the programs listed in installed-programs.json file. #23
save to disk and use them in the install proccess
ENHANCMENT: save compressed subuser images #50
and more uptodate: see explanation: 47e3647#commitcomment-5405340
I will remove the extra folder as you suggested and save the images in each: program folder/image subfolder
It should be possible to have the "programsThatCanBeInstalled" and the "bin" directory somewhere other than the subuser directory. The subuser directory should be able to be installed somewhere separate from the user data.
I think this would be wise if we also register in the installed-programs.json
the full docker image ID.
NAMES/TAGS are all useful things but the full IMAGE ID does not change: I can tag a image multiple time
subuser-firefox_peter 75e6247cc29b......
subuser-firefox_tim 75e6247cc29b......
but the image ID is stable
host ubuntu13:10 docker 0.8
installing with subuser/building with docker I get a lot of Red lines like
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (This frontend requires a controlling tty.)
debconf: falling back to frontend: Teletype
no bigger problem:
adding ENV TERM linux
at the beginning of the dockerfile removes the issue
FROM ubuntu
ENV TERM linux
RUN apt-get update
.....
update: just checked this: only export TERM=linux ' before using
subuser install ...` seems not to work
just a question: do you want to support also other host OS except of Linux?
Because than one would have to watch out for a lot of things: e.g. not sure if Windows could use your dockerside-scripts shell scripts.
Myself, I don't care about Windows or MAC OSX but others might?
Just a general question...
eventhough subuser is about running apps - sometimes I find myself in the need to inspect a container: e.g. to test some apt-get install updates ect..
till now one has to go through docker: e.g.
sudo docker run -i -t subuser-firefox_libx11_libubuntu_trusty /bin/bash
I suggest adding something similar to subuser run: e.g to a new logo to subuser program:
firefox_libx11_libubuntu_trusty container
$ subuser run firefox_libx11_libubuntu_trusty --container
keep common task in subuser interface
workerm@notebook:~$ subuser list available --short
emacs firefox firefox-java git irssi libreoffice libx11 vim xterm
workerm@notebook:~$
subuser install libx11libx11
subuser list installed
workerm@notebook:~$ subuser list installed
workerm@notebook:~$
I know it's just a library but should it not appear somewhere as installed - just a question
installing afterwards firefox: lists only firefox
workerm@notebook:~$ subuser list installed
firefox
workerm@notebook:~$
uninstalling firefox:
workerm@notebook:~$ subuser uninstall firefox
Untagged: 9febfd575a531f919e0cbdc7dca40b3a409919bba59e8da12124b32afcc97898
Deleted: 9febfd575a531f919e0cbdc7dca40b3a409919bba59e8da12124b32afcc97898
Deleted: 8e6c7c3d0512090d92b8a288096de125007aa523212d9737c4a15dc6beb6b83b
firefox uninstalled successfully.
uninstalling: libx11
workerm@notebook:~$ subuser uninstall libx11
Could not uninstall libx11 program is not installed.
Issue the `subuser uninstall program-name` command to uninstall a program. NOTE: this operation does not remove that program's home directory.
workerm@notebook:~$
BUT clearly docker images shows it
workerm@notebook:~$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
subuser-libx11 latest 4b0536ddf4a9 8 minutes ago 275.8 MB
<none>
Just a question: but I think if something gets installed through subuser it should be possible to deinstalleit through subuser
e.g. current. vim
{
"description" : "A simple powerful text editor"
,"maintainer" : "Timothy Hobbs <timothyhobbs (at) seznam dot cz>"
,"last-update-time" : "2014-02-12-12:59"
,"executable" : "/usr/bin/vim"
,"x11" : false
,"inherit-working-directory" : true
,"allow-network-access" : false
}
After $ subuser mark-as-needing-update vim
{
"executable": "/usr/bin/vim",
"maintainer": "Timothy Hobbs <timothyhobbs (at) seznam dot cz>",
"description": "A simple powerful text editor",
"last-update-time": "2014-02-18-18:24",
"inherit-working-directory": true,
"x11": false,
"allow-network-access": false
}
keeping comma in the beginning at the end will make the changes less obvious and is more standard with how python json handles it The mark-as-needing-update command messes up the order of attributes in permissions.json #32
just something I noticed and a suggestion
First I did not think about it but there is a dependency install loop
https://github.com/timthelion/subuser/blob/master/logic/subuserCommands/install#L50 -
e.g using it with the MakeBaseImage one notices it which is not good.
my suggestion:
dependency tree generator
function (Did already)I will do that and send a pullrequest later
BTW: a simple dependency tree might be in any case nice: maybe even as a separate command (not sure) a bit similar to 'docker images --tree'
subuser dependency-tree firefox
firefox
libx11
libubuntu_lucid
installation would be from bottom up:
libubuntu_lucid
libx11
firefox
General test cases
Python2 vs 3 test cases
hi,
I read your: https://github.com/timthelion/subuser/blob/master/CONTRIBUTING.md
When using the FROM command, you must not build your docker-image
off a user uploaded image(even a verified one)
you can only build off the official docker images.
I do not like to rely on uploaded base images but prefer to have all locally build.
So here is a suggestion: maybe add one additional subfolder
e.g. makeBaseImages
there one could have subfolders with base image which do not build with a dockerfile but with an shell script similar to something like in: https://github.com/dotcloud/docker/tree/master/contrib mkimage-....
makeBaseImages
libscratch
mkimage-libscratch.sh
libubuntu13.10
mkimage-libubuntu13.10.sh
.....
script file convention maybe:
mkimage-libscratch.sh
mkimage-libubuntu13.10.sh
I would suggest to follow your TAG convention:
should result in TAG version subuser-libscratch:latest
resulting in TAG version subuser-libubuntu13.10:latest
such images should be also allowed to be used with the FROM command
just an suggestion though if you do not want something like that in your project is also fine.
P
what if a user executes 2 or more subuser install commands in different console? Would that be a problem if common containers are updated?
not urgent but just thought about it
just some code example if needed:
GET INSTALLEDDOCKER IMAGE ID BY subuser programName
dockerCommand = """(docker inspect subuser-%s | grep id | cut -d '"' -f 4)""" % programName
programDockerImageID = subprocess.check_output([dockerCommand], shell=True)
In similar method: GET INSTALLEDDOCKER IMAGE CREATION_DATE_TIME BY subuser programName
dockerCommand = """(docker inspect subuser-%s | grep created | cut -d '"' -f 4)""" % programName
programDockerImageCreationTime = subprocess.check_output([dockerCommand], shell=True)
maybe you can use something like that for your registry: the Image ID might be quite useful to have - and maybe replace the installed-programs.json Time with the true creation time: not sure about that?
See #19
Just a general feedback: Contributing code to the repository:
1.
I like that you use descriptive variables and not only f, e, a
It is not so usual to see so long variable names: but it is very much similar as I do all my coding (even though I make usually more often use of underscore too)
๐
not using 80 collumn code formatting.
very similar to what I used to do in my coding - even though sometimes a split argument line is easier to read - so I would not be too strict
e.g.
my_dictionary = { "test" : 1,
"blabla" : 23,
"sound" : 245
}
in this case it might be better than one long line if there are many items but I do not like to be bound by a 80 char line. use it as it makes sense: and you are right about line wrapping.
๐
So I do not like it because the CONS are much more server than the PROS
I think a good middle way would be 2 spaces indention.
๐
https://github.com/timthelion/subuser/blob/master/logic/subuserCommands/install#L62
subuserlib.utils.subprocessCheckedCall(["chmod","+x",executablePath])
could be replaced with
import stat
...
...
#subuserlib.utils.subprocessCheckedCall(["chmod","+x",executablePath])
st = os.stat(executablePath)
os.chmod(executablePath, stat.S_IMODE(st.st_mode) | stat.S_IEXEC)
#OR which is less restrictive giving everyone execution rights
os.chmod(executablePath, stat.S_IMODE(st.st_mode) | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH)
If user A installs firefox through subuser then an image tagged subuser-firefox
is created.
If user B installs a different version of firefox through subuser, that new version will also be tagged subuser-firefox
thus both user A and B will have B's version of firefox.
Do I understand you correctly her:
# This command updated all of the installed subuser programs.
# It works in 4 phases:
# Create a dictionary of installed program-name booleans where the booleans represent whether the program needs updating
# Mark each program who's last-update-time has changed from it's installed last-update-time as needing to be updated
if a user specified: subuser update vim firefox xterm
but only the last-update-time has changed from it's installed last-update-time
for firefox
: ONLY firefox + dependency get updated??? and vim xterm are just skipped of any updated(because ther times did not change) ??
The contained X11 servers should be accessible to the main X11 server via xpra.org, VNC, or wayland.
I was wondering what you think:
would it make sense instead of all the subprocess calls to use a much simplified version of something like:
https://github.com/dotcloud/docker-py/blob/master/docker/client.py
I mean only the things what subuser needs:
CONS::
1. Not sure if that suports other HOST OS except of linux
2. Not sure if docker changes internally if one would need to adjust much
(but that might be also needed if using subcalls?)
3. maybe/depending more dependencies
PROS::
1. than all would be in pure python and not much subproccess calles.
2. probably nicer and better coding
played a bit with the above: https://github.com/dotcloud/docker-py/blob/master/docker
had to install: python-requests python-urllib3 python-websocket
for just a fast test quite nice:
build command did not work in the beginning though - probably mistake of mine
It should be easy to update your whole system of programs.
Running chromium doesn't work. More info: travis-ci/travis-ci#938
Even with the --no-sandbox
argument it doesn't work. A black box is displayed in place of web pages.
I would suggest we refactor getInstalledPrograms to a list like getAvailablePrograms.
it would seem to be more consistent and also is often used and we could avoid all the
installedPrograms = getInstalledPrograms()
for program in installedPrograms.keys():
to a simple for program in getInstalledPrograms():
for program in getInstalledPrograms():
I can do that when I start with again with the new installed-programs.json format
We still need to load the dictionary as we use it often so maybe have a function:
getInstalledRegistry
hi,
just some first time user feedback: host: ubuntu 13:10
$ subuser
gives this outputYou can use one of the following commands:
update
subuserlib
clean
current-utc-time
list
uninstall
run
install
workerm@notebook:~$ subuser list
Traceback (most recent call last):
File "/home/workerm/subuser/logic/subuserCommands/list", line 10, in <module>
if sys.argv[1] == "available":
IndexError: list index out of range
maybe it would make sense to add at least some requirements in the output: like:
subuser list [available/installed]
or something like that
maybe also:
for more info about each option use: subuser <option> -h
but for example: subuser run -h
gives an error
sometimes vim hard freezes - seems to be triggered by some key combination involving / or perhaps the search function
print program permissions at instalation time with a "do you want to continue [y/n] prompt
just a question: with time there might be many subuser programs/recipies in programsThatCanBeInstalled
do you think it would be wise to implement a better structure: like allowing subfolders
e.g.:
programsThatCanBeInstalled
EXAMPLES
bla bla
DebianWheezyBased
libdebian_wheezy
libx11_debian_wheezy
libmozilla_debian_wheezy
firefox_debian_wheezy
UbuntuLucidBase
libubuntu_lucid
bla bla
not sure if it would be better or worse - just a thought
hi I just checkout the last git version: a7815fc
you've got some errors into it
workerm@notebook:~$ subuser install firefox
Installing firefox
Traceback (most recent call last):
File "/home/workerm/subuser/logic/subuserCommands/install", line 90, in <module>
installProgram()
File "/home/workerm/subuser/logic/subuserCommands/install", line 36, in installProgram
permissions = subuserlib.permissions.getPermissions(programName)
UnboundLocalError: local variable 'subuserlib' referenced before assignment
workerm@notebook:~$
I installed subuser firefox and had some issues not running the subuser version.
I stopped the docker: sudo service docker stop
cause I had old docker stuff hanging around I deleted the whole docker folder: /var/lib/docker
because of issue moby/moby#2714 (comment)
restart docker: sudo service docker start
subuser is completely messed up (understandable as it has still the installed-programs.json ect)
maybe in the future subuser could self heal a brocken situation like this
"lib" programs, or programs which don't have executables may become unneded if their dependents are uninstalled. These unneeded "libs" should be cleaned out with a single command to save disk space.
the help as it is now prints all commands in logic/subuserCommands
which is very nice to add new things.
_but it should exclude: subuserlib as this is just a folder_
workerm@notebook:~$ subuser
You can use one of the following commands:
update
subuserlib
clean
current-utc-time
list
uninstall
run
install
for more info about each option use: subuser <option> -h
workerm@notebook:~$
I will post an update
timothy@timothy:~/configs/xmodmap.d/lenovo$ firefox
2014/02/17 12:36:44 dial unix /var/run/docker.sock: no such file or directory
Traceback (most recent call last):
File "/home/timothy/subuser/logic/subuserCommands/run", line 143, in
runProgram(programName)
File "/home/timothy/subuser/logic/subuserCommands/run", line 51, in runProgram
dockerImageName = subuserlib.dockerImages.getImageTagOfInstalledProgram(programName)
File "/home/timothy/subuser/logic/subuserCommands/subuserlib/dockerImages.py", line 21, in getImageTagOfInstalledProgram
roughImagesList = subprocess.check_output(["docker","images"])
File "/usr/lib/python2.7/subprocess.py", line 544, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['docker', 'images']' returned non-zero exit status 1
you write:
dependency: Any program may depend upon at most one other program to provide a base image for it to build off of.
Ex:
"dependency" : "some-program"
if it is not used: can a user still have the key just empty
"dependency" : ""
because than we have to check for such too: or is this not allowed
because I'm used more to python 3+ where
test = "JJJ"
print("ssss", test)
result:ssss JJJ
but int python 2.7
test = "JJJ"
print("ssss", test)
result:('ssss', 'JJJ')
maybe we should refactor print to + signs: like print("ssss "+test)
Should be fixed with #11
Before starting with subuser a couple of days ago I looked into saving compressed docker images to file.
Because I like to be as much as possible internet independent (or if one uses subuser with a slower connection on a mobile ect.. or download limit) I will add the option to save subuser program images to file.
build once transfer and install multiple times.
Despite running firefox based on the instructions from the dockerize your applications tutorial, sound does not work.
It should be able to prompt the user for their password if the user is not in the docker group, but at the same time tell them that they really should become a member of the docker group.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.