EasyOS version 2.3.2, June 22, 2020

For talk and support relating specifically to Puppy derivatives
Message
Author
User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1036 Post by rufwoof »

belham2 wrote:I un-installed the chromium from Easy 0.9.6 PPM, restarted, then installed your chromium.pet and the apulse. Every thing works good. Still cannot get Chromium to work in a Container (for some reason, 'Easy Container Management' won't recognize chromium is installed, so that one could make a container for it and run it in that.

It's no biggie, though, I am using rufwoof's trick he mentioned, and I run the "Container Desk", then download your apulse.pet & chromium.pet, install them, and chromium runs great (with sound) while inside the 'Container Desk'. Hopefully that'll afford some protection if I come across something bad while browsing, since it'll be operating inside the container-desk.
Visualise a container as using the same base sfs, but having its own save area. When you install something in the main session then that's stored in the main sessions save area, which isn't visible by containers (that only see the base sfs + the containers own save area). If after installing into the main session you remastered a new base sfs, then containers would see the additional programs.

A problem is how can you install additional things into a container. That's easy in the desk container as its a full desktop setup, so you can run petget/PPM etc. inside that, but for other containers you'd have to manually copy files across.

Running chrome with --no-sandbox does remove much of Chrome's own internal security, but being in a container somewhat reinstates that security. Running a container as non-root should enable chrome to work as intended so you'd have both the internal chrome security and security of running inside a container. Barry however dropped being able to setup a container to run under a non-root userid, so AFAIK that isn't a current option.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

scsijon
Posts: 1596
Joined: Thu 24 May 2007, 03:59
Location: the australian mallee
Contact:

using qt5? /etc/profile

#1037 Post by scsijon »

i'm adding the link in case barry is not following the quirky thread anymore.
http://www.murga-linux.com/puppy/viewto ... 46#1006946

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1038 Post by BarryK »

rufwoof wrote:Running chrome with --no-sandbox does remove much of Chrome's own internal security, but being in a container somewhat reinstates that security. Running a container as non-root should enable chrome to work as intended so you'd have both the internal chrome security and security of running inside a container. Barry however dropped being able to setup a container to run under a non-root userid, so AFAIK that isn't a current option.
Note that the goal-posts will have shifted with the upcoming Easy 0.9.7, as have moved to using the 'pflask' utility to run containers.

It will have the option of running as user 'zeus' in a container, so hopefully will be able to run Chromium without needing that "--no-sandbox".

I think 0.9.7 should be ready in about a week from now, maybe sooner.
[url]https://bkhome.org/news/[/url]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1039 Post by rufwoof »

pflask looks like a interesting alternative to Fatdogs http://distro.ibiblio.org/fatdog/web/faqs/uml.html choice of UML
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1040 Post by BarryK »

[url]https://bkhome.org/news/[/url]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1041 Post by BarryK »

rufwoof wrote:pflask looks like a interesting alternative to Fatdogs http://distro.ibiblio.org/fatdog/web/faqs/uml.html choice of UML
James is working on the next FatDog, I think that is 800? I told him about 'pflask' (container security and chroot utility) that I am now using in Easy, and he plans to use it also.
[url]https://bkhome.org/news/[/url]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1042 Post by rufwoof »

BarryK wrote:
rufwoof wrote:pflask looks like a interesting alternative to Fatdogs http://distro.ibiblio.org/fatdog/web/faqs/uml.html choice of UML
James is working on the next FatDog, I think that is 800? I told him about 'pflask' (container security and chroot utility) that I am now using in Easy, and he plans to use it also.
Sounds good. Not sure that UML worked that well (I gave it a try some time back but from a cursory go it didn't work for me - but that was a very brief/quick trial).

Primarily I boot user running X, where chrome is pretty much my desktop (use it as a calculator, text editor, PDF viewer/creator, mp4 player, online email ...etc). Where user isn't in wheel (no su, gksu ... etc.) and is pretty well tied down. Chrome under OpenBSD is both pledged and unveiled ... so highly restricted both as to disk and memory access.

For root, I use just cli (tmux, mc). mc is also my primary file manager in X as well. I just have two windows, tmux and chrome running, both with their tabs and I alt-tab between those as user, ctrl-alt-F1 into root cli/tmux for root type actions. Normally both are maximised (unlike in the attached image). I use cwm as the window manager so no icons/taskbar etc. just a 1 pixel gap at the top of screen that right mouse shows a list of all windows, left mouse shows programs (lists). exec key and a couple of the letters of a program name is usually enough to filter down the exec list to the desired program to launch. Extremely minimalist, but highly functional. Works out to base OpenBSD + 83 additional libs/packages in total (most of which is chrome). Base OBSD includes a web server as well (that I have a ddns fixed domain name that directs to that).

pflask could make things similar to OpenBSD's pledged/unveiled chrome type lock-down, especially if it utilises its own X client/server. Will that be the case?
Attachments
s.jpg
(58.51 KiB) Downloaded 633 times
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

belham2
Posts: 1715
Joined: Mon 15 Aug 2016, 22:47

#1043 Post by belham2 »


Hi Barry,

Easy 0.9.7 installed via EasyDD onto USB stick.............................. (hey, I have to ask: did you know when one uses EasyDD from inside any running Easy OS version, that once you open EasyDD & choose the gz.file and pick the correct USB stick, and hit "Continue", that the EasyDD popup disappers with no dialog and/or install status box pops up, and you're left to wonder what is going on? g. No finish popup, no communication popup, nothing. Yet, EasyDD installs the .gz file IF you know enough to wait however long despite being in the dark what is going on. Perhaps a dialog box of what's going on and when EasyDD is finished would be nice :wink: )

Anyhow, put 0.9.7 on USB stick, it booted up and everything is running good. Biggest thing for me is your Firefox.pet from ibiblio now has sound---YIPPIE!!!---sound both in a Container and/or outside it. This is huge, as Seamonkey sort of drives me nuts.

I then installed your Chromium.pet you compiled, along with your apulse.pet, and once again, it is impossible to set Chromium up in Easy 0.9.7 in a Container. Easy Container Management does not recognize Chromium is installed. Why? It recognizes when you install Firefox, but with Chromium, it is like the install of Chromium never took place. Strange.....


Overall, thanks for this latest edition and especially getting it out so early (was thinking you'd get it out next weekend, but you been uber busy & I was surprised checking murga today!).

Once the Chromium in a Container problem is licked, and maybe a few dialog boxes are added for a few other additional EasyOS programs (there are actually other programs that also have no dialog boxes after you open them & hit run, because once you run them, they disappear on the desktop (while still running) and you're left to guess what is going on)..once these are licked, EasyOS looks pretty darn good to me.
Attachments
Easy-0.9.7.jpg
(113.61 KiB) Downloaded 599 times
Chromium-cannot-be-put-in-Container.jpg
(153.52 KiB) Downloaded 603 times

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1044 Post by BarryK »

belham2 wrote:Easy 0.9.7 installed via EasyDD onto USB stick.............................. (hey, I have to ask: did you know when one uses EasyDD from inside any running Easy OS version, that once you open EasyDD & choose the gz.file and pick the correct USB stick, and hit "Continue", that the EasyDD popup disappers with no dialog and/or install status box pops up, and you're left to wonder what is going on? g. No finish popup, no communication popup, nothing. Yet, EasyDD installs the .gz file IF you know enough to wait however long despite being in the dark what is going on. Perhaps a dialog box of what's going on and when EasyDD is finished would be nice :wink: )
OK, I will look into that. It has been awhile since I used the GUI capability of easydd.
[url]https://bkhome.org/news/[/url]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1045 Post by BarryK »

belham2 wrote:I then installed your Chromium.pet you compiled, along with your apulse.pet, and once again, it is impossible to set Chromium up in Easy 0.9.7 in a Container. Easy Container Management does not recognize Chromium is installed. Why? It recognizes when you install Firefox, but with Chromium, it is like the install of Chromium never took place. Strange.....
Do it within the "desk" container. That is, click on "desk" icon, then over in the containerized-desktop, run the PPM and install Chromium PET. Works great, no extra deps needed.

What you would have done, is install Chromium to the host system, then copy it into a container. It would seem that that process has left something behind.

Ah, I wonder... it may be that it is trying to run chromium in the container without the "--no-sandbox". In that case, there is a manual fix, edit /usr/sbin/ec-chroot-chromium, append onto this line:

Code: Select all

urxvt -name eclaunch -iconic -e ec-chroot chromium --no-sandbox
...just thinking this through hypothetically, haven't tried it.

Um, but that doesn't explain why it is not in the menu. If you go to /mnt/wkg/containers/chromium/.session, you will be able to see if the files got installed.

I had better check this out!

I am planning in the future to offer direct install to a container, but held off on implementing, as still thinking about some details.
[url]https://bkhome.org/news/[/url]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1046 Post by BarryK »

belham2 wrote: I un-installed the chromium from Easy 0.9.6 PPM, restarted, then installed your chromium.pet and the apulse. Every thing works good. Still cannot get Chromium to work in a Container (for some reason, 'Easy Container Management' won't recognize chromium is installed, so that one could make a container for it and run it in that.

It's no biggie, though, I am using rufwoof's trick he mentioned, and I run the "Container Desk", then download your apulse.pet & chromium.pet, install them, and chromium runs great (with sound) while inside the 'Container Desk'. Hopefully that'll afford some protection if I come across something bad while browsing, since it'll be operating inside the container-desk.
Right, getting the full picture now. Yes, "Filesystem --> Easy Container Management" has to be run to move an app into a container.

Checked for myself. Installed Chromium in host system, ran Easy Container Management, right, "chromium" isn't in the list.

So, the fix that I mentioned in previous post, won't apply.
Last edited by BarryK on Mon 15 Oct 2018, 01:12, edited 1 time in total.
[url]https://bkhome.org/news/[/url]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1047 Post by BarryK »

Note, 0.9.7 already has 'apulse'.
[url]https://bkhome.org/news/[/url]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1048 Post by BarryK »

Regarding Chromium, got it sorted, see blog post:

http://bkhome.org/news/201810/chromium- ... roved.html

@belham2
Uninstall the PET, and install the new one, then it should be ok to "containerize'.
[url]https://bkhome.org/news/[/url]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1049 Post by rufwoof »

BarryK wrote:Regarding Chromium, got it sorted, see blog post:

http://bkhome.org/news/201810/chromium- ... roved.html

@belham2
Uninstall the PET, and install the new one, then it should be ok to "containerize'.
Conceptually wouldn't best-practice be to keep the main session as a not-used-for-internet (admin only) session i.e. can access HDD, moves files, admin the system/network etc. Boot, run through first-run-setup and then immediately make a snapshot of the desk container and use that desk container as your general daily session (browsing, playing video's etc.). In which case installing Chromium inside the desk container is the more appropriate choice anyway. i.e. start a 'clean' desk snapshot version, PPM (install) the chromium into that, close the desk container and create a new 'clean' snapshot (that also includes chromium). With data on HDD, booting (separate) system from USB and desk container having no access to the HDD (or main system), you're pretty immune from the likes of ransomware/other nasties that might come in over the net. And snapshots/rollbacks enable you to quickly/easily load up a clean desktop/browser (desk container) as often as you like.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

belham2
Posts: 1715
Joined: Mon 15 Aug 2016, 22:47

#1050 Post by belham2 »

BarryK wrote:Regarding Chromium, got it sorted, see blog post:

http://bkhome.org/news/201810/chromium- ... roved.html

@belham2
Uninstall the PET, and install the new one, then it should be ok to "containerize'.

Thank you, Barry. Did as you said, and Chromium popped up inside "Easy Container Management" ready to be put into a Container---which I did. Runs great.

Only thing I changed is when the Container of Chromium was made, the icon that popped up on the desktop was the 16x16, with no purple-lock designating as a container item. Could barely see it, haha.

No problem, though, just grabbed a 48x48.png of
chromium, and then grabbed the ec-overlay48.png, opened them in Gimp, merged the layers, and voila, just like the rest of the desktop container items now.

With Seamonkey, Firefox and Chromium all in containers, plus the desktop and sakura, takes care of any/all website rendering and/or how I want to download something or if I want just one container of a browser reserved for special (i.e. fin'l things) items.

Thanks again!
Attachments
chromium-now-in-container.jpg
(124.99 KiB) Downloaded 413 times

User avatar
Reneetje
Posts: 18
Joined: Mon 22 Apr 2013, 16:06
Location: The Netherlands, Fryslan - Foar de kofje net eamelje
Contact:

#1051 Post by Reneetje »

http://bkhome.org/news/201810/chromium- ... roved.html

Works also fine in Quirky Beaver64 8.7.1

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1052 Post by rufwoof »

easyos.org/forum seems down at present, so reporting here ... 0.9.7 if you change the main desktops wallpaper, choice icons, remove the console and www containers, add some icons, remove others ... the changes don't always get preserved across reboots.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1053 Post by BarryK »

BarryK wrote:Regarding Chromium, got it sorted, see blog post:

http://bkhome.org/news/201810/chromium- ... roved.html

@belham2
Uninstall the PET, and install the new one, then it should be ok to "containerize'.
It gets better, that annoying message at top of browser window is now removed, see the "bk3" PET:

http://bkhome.org/news/201810/chromium- ... roved.html
[url]https://bkhome.org/news/[/url]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1054 Post by BarryK »

belham2 wrote:Only thing I changed is when the Container of Chromium was made, the icon that popped up on the desktop was the 16x16, with no purple-lock designating as a container item. Could barely see it, haha.
Thanks for reporting that. I have fixed the 'easy-containers' script so that it creates a correct icon on the desktop.
[url]https://bkhome.org/news/[/url]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1055 Post by rufwoof »

rufwoof wrote:easyos.org/forum seems down at present, so reporting here ... 0.9.7 if you change the main desktops wallpaper, choice icons, remove the console and www containers, add some icons, remove others ... the changes don't always get preserved across reboots.
I think that may be due to how Puppy's implement jwm, rox pinboard backup's etc. and how in some cases pinboard changes can 'revert' apparently by itself.

Nice to have menus that update for changes, personally however I've tended to use jwm in a manually managed manner and encode everything into just the single .jwmrc file ... including startup commands etc.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

Post Reply