lxcify

package module

v0.0.0-...-b873640 Latest Latest Go to latest Published: Mar 20, 2015 License: GPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cmars/lxcify

Links

Open Source Insights

README ¶

lxcify

lxcify installs desktop applications into unprivileged LXC containers. Access to host devices is allowed but only as mapped in an application's configuration file. Host devices can also be replaced with surrogate devices for interesting results.

This isn't perfect security, but lxcify can be a useful tool for improving security, privacy and optionality. Especially when faced with using software in which you don't have much of a choice (work requires it, etc.)

Possible uses of lxcify:

Limited sandboxing of non-free software

Non-free software can be given access to host devices for the duration of their execution. While non-free software could be using these devices for devious purposes, you can be sure that they are not using them when the container is not running! lxcify also prevents non-free software from modifying your host system. This means no cleanup files, potentially installed background processes, access to normal files and services running on the host.

Poorly-packaged software

Poorly packaged software which tends to muck up a host can be safely run in a container. No more worrying about fragments and files left behind when trying to "uninstall" it. Just lxc-destroy when you're done.

Multiple contexts

Isolating your "usage contexts" into separate browsers can improve privacy and security. For example, it can be quite sensible to run separate browsers for:

Work
Entertainment (Flash-enabled)
Banking
Online purchasing
Facebook

Why should your personal browsing reveal your spending habits, or potentially compromise your bank account?

Credits

lxcify is inspired by, and based on Stéphane Graber's blog post, LXC 1.0: GUI in containers. lxcify uses go-lxc for creating and manipulating LXC containers.

Documentation ¶

Index ¶

Variables
type App
type Container
- func NewContainer(name string, options ...Option) (*Container, error)
type DesktopLauncher
type Mount
- func PassthruMount(path string, isDir bool) Mount
type Option

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	MountDRI    = PassthruMount("/dev/dri", true)
	MountSnd    = PassthruMount("/dev/snd", true)
	MountX11    = PassthruMount("/tmp/.X11-unix", true)
	MountVideo0 = PassthruMount("/dev/video0", false)
)

Functions ¶

This section is empty.

Types ¶

type App ¶

type App struct {
	InstallScript   string
	LaunchCommand   string
	DesktopLauncher *DesktopLauncher
}

type Container ¶

type Container struct {
	*lxc.Container
	// contains filtered or unexported fields
}

func NewContainer ¶

func NewContainer(name string, options ...Option) (*Container, error)

func (*Container) Create ¶

func (c *Container) Create() error

func (*Container) Install ¶

func (c *Container) Install(app *App) error

func (*Container) Start ¶

func (c *Container) Start() error

type DesktopLauncher ¶

type DesktopLauncher struct {
	Name     string
	Comment  string
	IconPath string
}

type Mount ¶

type Mount struct {
	Host, Container string
	IsDir           bool
}

func PassthruMount ¶

func PassthruMount(path string, isDir bool) Mount

type Option ¶

type Option func(*Container) error

func ConfigPath ¶

func ConfigPath(lxcpath string) Option

func Mounts ¶

func Mounts(mounts ...Mount) Option

func PulseAudio ¶

func PulseAudio(enable bool) Option

func Target ¶

func Target(distro, release, arch string) Option

func Template ¶

func Template(template string) Option

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
lxcify command
template

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL