A note about that. Script 'ec-chroot' is where you will see the action, unshare etc.rufwoof wrote:Browsing through the code I see that a container is created by faking root and chroot i.e. using unshare ... Obvious now! I'd missed that before however, lack of understanding and was blindly assuming just chroot.BarryK wrote:If you are running, say, Firefox, in a container, I don't know how the existence of a utility such as exit-chroot can be used
It is also able to run 'env -i' to clear the environment variables.
It has been mentioned, the convenience of running as 'root' in a container. The user can drag files from the host system into the container, and not have to worry about file ownership and permissions.
This has been one of the big things about Puppy, running as root, and I want to keep that convenience in containers.
I had in the back of my mind that the next step would be to utilize "Linux capabilities" to keep root in a container, but restrict it.
I have done some tests, and it is looking good. Using the 'capsh' utility. Now running containers, and able to selectively dis-empower the 'root' in the container.
Just a quick heads-up post, will post more details soon.
On holiday right now, have my baby laptop with me, external 1TB drive. Running Easy, however, frustrating with the Cherry Trail CPU. Even the 4.14.32 kernel does not work properly.
If I plugin the 1TB drive after bootup, it isn't recognized. If I plug it in before bootup, half the time the kernel crashes at bootup.
I have to buy another laptop! The Asus baby does have one thing in its favour, only 960gm, good for traveling.