Category Archives: Conferences

Arkose 1.3.1 released

Posted on 2011/08/18 by Stéphane Graber

Last week I was in Austin, TX where a bunch of people with interest in getting containers working on Linux were meeting for the Oneiric Container Sprint.
We all had a very productive week with a lot of work being done on LXC, the kernel namespaces and Arkose.

Right before the Ubuntu Feature Freeze last Thursday, I released Arkose 1.3 brining most of the features I wanted for Ubuntu 11.10.

Here’s a brief list of the new stuff Arkose can do:

  • All the UIs and CLIs now support translation with an initial (rough) french translation already available.
  • DBUS filtering is now included in Arkose and available through the wrapper. The gedit example profile is using it.
  • It’s now possible to temporarily modify a wrapper profile before starting it.
  • Device support has been changed to no longer be limited to /dev/video* devices.

Some bugs have also been fixed, most of them in Arkose 1.3.1 (released yesterday):

  • Make the Global Menu integration (dbusmenu) work with Ubuntu Oneiric
  • Update the test suite
  • Fix arkose-cli’s help to be a lot more accurate
  • Restrict LXC’s configuration to the bare minimal
  • Use point-to-point network configuration in filtered mode (rather than a /30 per container)
  • Make sure everything in the container gets properly killed on exit
  • Fix Arkose to handle command line parameters properly (instead of just ignoring them)

That’s all available in current Ubuntu Oneiric as well as in the arkose stable PPA for Ubuntu 10.10 and Ubuntu 11.04.

Sadly one feature didn’t make it in time for Feature Freeze, that’s the advanced firewalling in filtered network mode. I’ll probably be working on it on the side and push it to a 1.4 branch that’ll be used for Oneiric+1.

I’ll now mostly be focusing on bugfixes for the remaining of the cycle and polishing some of the existing features. So please, test it and file bugs!

If you want to help with the translation effort, you can go translate Arkose on Launchpad or just send me a .po and I’ll do it for you.

For these who want to run the current upstream code, get the bzr branch:
bzr branch lp:arkose

Posted in Arkose, Canonical voices, Conferences, LXC, Planet Ubuntu | Leave a comment

State of IPv6 in Ubuntu Oneiric

Posted on 2011/07/26 by Stéphane Graber

One of my focus for the Oneiric development cycle is to make sure we get proper support of IPv6 both at install time and during regular use of the system.

To achieve this, I started working on the list of all possible scenarios I could think of with all possible combinations of IPv4 and IPv6. Then checked how well these were supported on Ubuntu.

Since Ubuntu 11.04, we now have a DHCPv6 aware DHCP client but that’s not working as well as it should because Network Manager didn’t do IPv6 by default back then and because the DHCP client configuration for IPv6 wasn’t too clear (dhclient wasn’t requesting any attribute).

Most of these issues are now fixed in Oneiric with Mathieu Trudel-Lapierre‘s great work on updating Network Manager in Oneiric to have IPv6 on by default and make sure people don’t have to wait for IPv6 to timeout to get their IPv4 connectivity.

The result is something like you can see below, on a network that has both DHCPv4 and stateless DHCPv6:

The use cases that are currently tested are:

  • Single stack: SLAAC IPv6-only network
  • Single stack: Stateful DHCPv6 IPv6-only network
  • Single stack: Stateless DHCPv6 IPv6-only network
  • Single stack: DHCPv4 IPv4-only network
  • Dual stack: SLAAC + DHCPv4 network
  • Dual stack: Stateful DHCPv6 + DHCPv4 network
  • Dual stack: Stateless DHCPv6 + DHCPv4 network

For these interested, you can look at the following files to get some example DHCPv4, DHCPv6 and RADVD configuration:

It’s worth noting that you have to start a separate dhcpd server for IPv6 (with the -6 flag) as dhcpd can’t answer both dhcpv4 and dhcpv6 at the same time. You need two separate daemons with two separate configuration files.

As you can see from the files above, I have a pretty complete IPv6 test setup, running on libvirt. I’m now working on automating all of this so we can get some easy regression testing of IPv6 support on Ubuntu.

During our sprint last month in Dublin, Colin Watson also got netcfg to support IPv6 thereby making debian-installer working with IPv6. The missing piece now is ifupdown support of DHCPv6 (so you can configure DHCPv6 in /etc/network/interfaces) and we should then have Ubuntu install on IPv6 from the alternate/server disks.

IPv6 support is starting to look really good for Oneiric and should be awesome for the next LTS.
If you’re already running Oneiric on an IPv6 capable network, please test the new Network Manager and if you encounter any problem, please file bugs or poke me so I can add some more tests to my list!

Posted in Canonical voices, Conferences, IPv6, Planet Ubuntu | 20 Comments

Busy week for Arkose

Posted on 2011/07/05 by Stéphane Graber

So last week I was in Dublin with my colleagues hacking on Oneiric. Most of the week has been spent either testing/fixing Ubuntu’s IPv6 support (more about that soon) or working on Arkose.

On Monday I released version 1.1 that was mostly bugfixes and introduced a new profile for Skype. Then after that I started working on the interesting stuff to end up releasing 1.2.1 on Thursday evening.

The new features are:

  • Filtered network support (one interface per container, routed/firewalled)
  • Video devices passthrough  (useful for Skype)
  • Support bind mount of files (thanks to Colin Watson)
  • Reworked UI for the wrapper

A lot of bugfixes also went in during the week. Now when Arkose crashes or raises an exception, it should deal with it properly, unmount everything and exit rather than leaving you with a lot of entries in your mount table.

The new Skype profile now lets you start Skype in an environment where it’ll only be able to see its configuration file, run on a separate isolated X server, access pulseaudio on a separate socket and only access the few video devices Arkose detected.

During the week I also spent some time talking to the Ubuntu Security team who also happen to be upstreams for Apparmor. In the future Arkose should start using Apparmor in cases where we don’t need an actual LXC container (depending on the profiles).

I also started working on a protocol-aware DBUS proxy based on the work from Alban Crequy so that Arkose should soon be able to filter what DBUS calls an app is allowed to do and prompt the user when accessing restricted information (keyring, contacts, …).
I’m hoping to have this merged into Arkose’s trunk branch this week.

After that I plan on spending some time implementing the network restrictions on top of the new “filtered network” support I introduced last week. Initially that should cover restricting an app to non-private (rfc1918) networks and eventually support fine grained filtering (destination and port).

Version 1.2.1 is available as tarballs on Launchpad or from the bzr branch or in current Ubuntu Oneiric. PPA builds are also available for Maverick and Natty.

Posted in Arkose, Canonical voices, Conferences, LXC, Planet Ubuntu | Tagged | Leave a comment

A week in Orlando (Ubuntu Developer Summit – Natty Narwhal)

Posted on 2010/10/30 by Stéphane Graber

Currently flying from Orlando, FL where I had an awesome Ubuntu Developer Summit I wanted to quickly share what happened this week.

Ubuntu and Linaro banners

I had the chance of being able to participate in plenty of very different and interesting sessions over the week.

Here’s a quick overview of my interests for the Natty development cycle.

Edubuntu
I received a LOT of feedback regarding Edubuntu. There was a lot interest for Edubuntu WebLive.
I gave a plenary on Tuesday about what’s Edubuntu, why we are doing it and what are our plans for Natty as well as announce the availability of daily Edubuntu builds on WebLive.
For Natty we mostly plan on growing our user community and getting more feedback from. Our installation process should be a lot faster and let the user choose what kind of education software he wants.
We also reviewed around 20 new applications, most of them are already available in Edubuntu in Natty, two will need to be packaged.

Containers
For this UDS, we were lucky to have Daniel Lezcano from LXC attending.
So we had a few very interesting sessions on what needs to be done to get LXC to the point where it can be used as a replacement of OpenVZ.
We also discussed how we could use containers and similar technologies on ARM and on a regular desktop as a way to sandbox applications.

Desktop in the cloud
Following my demo of Edubuntu WebLive during Tuesday’s plenary, we had two cloud track related to it.
One on how to let users test Ubuntu (awstrial) and another on the Desktop in the Cloud image. We discussed the various technologies available for remote desktop and will try to get an official desktop in the cloud image for Natty.

Community
Being an Application Review Board member, I attended the 3 sessions on the topic. We discussed the application review process as well as the technical implementation and the current limitations the ARB noticed. We should soon have a clear process for reviewing new applications and will be able to start getting new applications in Ubuntu 10.10’s extra repository.

It was really great seeing everyone, discussing and working together this week. I’m now flying to Bangor, ME for the yearly LTSP by the sea meeting, then driving back to Sherbrooke, QC to start implementing everything we discussed!

See you all in Budapest next year!

Posted in Conferences, Edubuntu, LXC, Planet Revolution-Linux, Planet Ubuntu | 1 Comment

Going to Linux Symposium 2009 in Montreal

Posted on 2009/07/11 by Stéphane Graber

Linux symposium logo

I’ll be leaving tomorrow to Montreal for a week-full of conference at the Linux Symposium 2009.

Revolution Linux will be giving two “project updates” one from Julien Desfossez about processus tracing in kernel space with his kernel module Kolumbo and another by Benoit des Ligneris and myself about what’s going on with LTSP and LTSP-Cluster.

Other than that I’ll be around at the conference all week so if you want to talk feel free to catch me or poke me on irc/mail.

Posted in Conferences, Planet Ubuntu | Leave a comment