Using Arkose for development and packaging

Since I last reinstalled my laptop, I try to keep my usually insanely long list of installed packages to a bare minimum. I’d usually have hundreds if not thousands of libraries and development packages as these are required by a bunch of packages I maintain or code I work on.

To achieve this and still be as productive as before (if not more), I’m using arkose quite a lot to generate temporary dev/build environment that are wiped as soon as I close the shell.
This helps maintain the number of extra libraries to a minimum, avoiding situations where something mysteriously works fine on my laptop but not on another machine and avoids the maintenance needed when dealing with chroots.

Arkose used to install libdbus-1-dev

An example of this is when I’m working on ubiquity (the Ubuntu graphical installer).
Ubiquity depends on quite a few libraries and development packages that are required even if you just want to build its source package.

So having arkose installed on my system, I usually start working on a bug with:

sudo arkose -n -h -c "cd $PWD; $SHELL"

You can make that an alias if you use it quite often. At this point, you’ll see your shell showing a different hostname, like “arkose-tmpaF9yqa”, that’s how you know you’re in a container.
The command above creates a new container using copy-on-write for all the file system but your home directory and lets the container access the network without any restriction.

I then install all the packages I’ll need to work

sudo apt-get build-dep ubiquity

Then work as usual in that container, run debuild, dput, … everything should work as usual as it has direct access to my home directory.

Once I’m done and I don’t need all these packages anymore, I just exit that shell and all the changes done outside of /home will be lost.

About Stéphane Graber

Project leader of Linux Containers, Linux hacker, Ubuntu core developer, conference organizer and speaker.
This entry was posted in Arkose, Canonical voices, LXC, Planet Ubuntu and tagged . Bookmark the permalink.

17 Responses to Using Arkose for development and packaging

  1. Have you explored doing something with screen and arkose, if you needed to keep a sandbox around for more than a few days/hours?

    1. Starting screen from arkose won’t work because the sandbox gets destroyed as soon as the parent process exits.

      The current problem I have is that I can’t move a sandbox into the background and spawn new processes in it. This is actually a kernel limitation that’s being fixed with the lxc-attach patches that are currently up for review on LKML.
      These should then allow me to spawn new processes in an existing container that should allow users to keep running sandboxes in the background (but will need quite substantial code changes for that).

      In the mean time, my usual recommendation for long running sandboxes is to directly use LXC and run a full LXC container that you can ssh into.

      1. James Gifford says:

        Thanks for that suggestion, I’ll take a look at it.

  2. bob marley says:

    how could one use this to sandbox one’s interweb browser (mozilla flavor)?

    1. Create a file called firefox.conf (for example) containing:
      [container]
      cmd="firefox -no-remote"
      runas=user
      network=true
      xserver=direct
      dbus=session
      pulseaudio=true
      video=true
      root=/
      mount_bind=/sys
      mount_cow=
      mount_restrict=
      mount_bind=/tmp/orbit-$USER
      mount_cow=
      mount_restrict=

      Then do: arkose-wrapper-gui firefox.conf

      That will show you an overview of the profile, prompt for your password and then start firefox in the container.

  3. Tuph says:

    Hi Stéphane Graber!
    I question whether arkose can be wrapped the child process created by the parent process?
    for example:
    A process wrapping by sandbox, boot process A process B, so process B is wrapped?

    1. Not sure I understand the question, but I’ll try to answer based on my interpretation:
      “arkose blah”

      If blah then forks and spawns sub-procesesses, all of them will still be in the container, as long as “blah” runs as root, there’s no way for one of its children to exit the container.
      And we’re working on making this reliable even when “blah” runs as root (though the work on LXC).

      1. Tuph says:

        I’m using Ubuntu 11.10, and this is my demo.
        Console 1:
        —————————
        root@tuph-virtual-machine:/home/tuph# arkose
        To run a command as administrator (user “root”), use “sudo “.
        See “man sudo_root” for details.

        tuph@arkose-tmpkvsuRj:~$ mkdir /home/tuph/arkose
        tuph@arkose-tmpkvsuRj:~$ ls /home/tuph
        arkose
        tuph@arkose-tmpkvsuRj:~$ gnome-terminal
        _IceTransSocketUNIXConnect: Cannot connect to non-local host tuph-virtual-machine
        _IceTransSocketUNIXConnect: Cannot connect to non-local host tuph-virtual-machine

        ** (gnome-terminal:11): WARNING **: Failed to connect to the session manager: Could not open network socket

        tuph@arkose-tmpkvsuRj:~$
        ————————————-
        “New terminal window is appear, i set it console 2”
        Console 2:
        ————————————-
        tuph@tuph-virtual-machine:~$ ls /home/tuph
        ;;;;;
        Some thing wrong ??? Console 2 is out of container of arkose ?? From console 2, i can’t see folder arkose from console 1 created.
        Process A bot process B, then process B is out container ???

        1. Looking at what you pasted, my guess is that gnome-terminal isn’t actually running in the container.

          The fact that it returned immediately points toward it using dbus to talk to a gnome-terminal outside of the container which then spawned your new window.

          Try calling xterm instead, I’m pretty sure you’ll get the right result then.

  4. Tuph says:

    Thank you…
    Why xterm and not gnome-terminal?

    1. Because gnome-terminal uses dbus to talk to existing gnome-terminal instances and launch the new window from the existing instance.

      xterm is a standard app so it doesn’t do any crazy dbus stuff and just starts the process from where it’s called.

      Running “gnome-terminal –disable-factory” might work from Arkose though, according to it’s –help this bypasses the use of existing gnome-terminals.

  5. Tuph says:

    Ohh ! I’m understand.
    I try use command firefox or arkose-wrapper-gui firefox.conf but the Firefox is crash[Quit/Restart]. After click restart Firefox, the windows firefox is appear. This is BUG?

  6. Gordon says:

    # arkose-wrapper-gui firefox.conf
    Traceback (most recent call last):
    File “/usr/bin/arkose-wrapper-gui”, line 91, in
    refresh_config()
    File “/usr/bin/arkose-wrapper-gui”, line 42, in refresh_config
    config=configobj.ConfigObj(StringIO.StringIO(running_config))
    File “/usr/lib/python2.7/dist-packages/configobj.py”, line 1230, in __init__
    self._load(infile, configspec)
    File “/usr/lib/python2.7/dist-packages/configobj.py”, line 1320, in _load
    raise error
    configobj.ConfigObjError: Parsing failed with several errors.
    First error at line 13.

    I’m probably doing something wrong 🙂

    1. What version of arkose is that exactly and what’s in your firefox.conf file?

      The error indicates a syntax errror on line 13 of firefox.conf, not sure what’s wrong there though.

      1. Francesco says:

        Exact same error. The file in firefox.conf is the one you provided (some comments earlier), only I changed “user” with my user name, and the arkose version is 1.5.1-0ubuntu1.

  7. Dave says:

    Hello

    I have a question about using the -h home directory command from the command line, I need to use it in order to keep my settings e.g. plugins, general settings or I end up with a default config Firefox each time I run it. My question is, is there a way of copying my normal non Arkose firefox profile settings to memory with all my settings, without using the -h. Or is it the case that using the -h still goes protection on the home directory anyway. Sorry a bit of a newbie.

    Thanks for your time.

    Dave

  8. Esokra says:

    How to get the global menu working for applications like Google Chrome? It does not matter which options I pass to the applications, global menu does not work. Is this because root applications (which arkose is) can not use the global menu?
    I thought you had implemented global menu support?
    I would be very thankful for an answer!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.