Category Archives: Planet Ubuntu

Announcing LDM 2.2 and LTSP 5.2.5

Posted on 2010/12/06 by Stéphane Graber

Today, I’m pleased to announce the release of both LTSP 5.2.5 and LDM 2.2.

Quite a lot of changes went in over the past few months, 25 commits since the last ltsp release and 82 for ldm.
Here’s a quick overview of what’s new.

Big LDM refactoring and cleanup

Almost a year ago, my company got some funding from the NLNet foundation to work on a few LTSP and LTSP-Cluster related projects. One of them was to make LDM extensible, moving it to a plugin infrastructure and making it’s interface a bit more flexible.

I’m glad to announce that all of that work landed upstream almost two months ago and since then has been cleaned up and tested.
From a user experience point of view, the only noticeable change should be that the same login screen can now be used for Linux (ssh), Windows (rdp) login and for fat clients.

From a sysadmin/developer point of view, a lot changed:

  • Support for multiple backends. The old SSH backend as been ported to the plugin infrastructure and an RDP plugin has been written. A pam/libssh plugin should soon replace the current SSH plugin
  • Switched to using multiple windows and a window manager instead of our old fullscreen window. It should make it a lot easier to add more widgets to the login screen.
  • New logging functions with different logging levels and standardized logging output with syslog support

LDM 2.2

Remote apps support

It’s now been a few years since we have local applications supported in LTSP. It’s greatly improved over the years to get to what we currently have in LTSP.
The biggest issue of it was that if you start a software like firefox as a localapp and click on a .pdf/.odt/… document in it, it won’t be able to open them unless the required viewer is also a localapp.

That’s now been fixed thanks to the work done by Marc Gariépy and Gideon Romm during the last LTSP hackfest in Southwest Harbor, ME.
ltsp-remoteapps is a new command that can be assigned to mimetypes on the thin client and will open the viewer on the application server.

For the user, this means that if they click on a .odt document in their local firefox, it’ll now automatically open it in OpenOffice Writer on the application server.
Giving the desktop-like experience that was missing for local applications.

Other than these two big changes, we had our usual set of bug fixes, cleanup and translation updates.

Packages for Ubuntu Natty are already available and a backport for Ubuntu 10.10 (Maverick) is available in my PPA: https://launchpad.net/~stgraber/+archive/ppa

Posted in LTSP, Planet Revolution-Linux, Planet Ubuntu | 3 Comments

sandbox 0.2 released and packaged !

Posted on 2010/12/05 by Stéphane Graber

Yesterday, while enjoying the snow falling outside (finally!) I went through my TODO list for sandbox and implemented most of what was on it.

Ext4 support for the copy-on-write partition

You can now have the copy-on-write stored on disk instead of RAM memory (tmpfs).
The tmpfs support is still available as an option for these who have plenty of RAM or don’t have a separate /home (due to the aufs limitation).

Nautilus extension

sandbox now has a nautilus extension which lets you start any executable binary/script directly in a sandbox.
sandbox nautilus integration

Updated GUI

The GUI is no longer showing any option by default and just “does the right thing” (in most cases).
sandbox new gui

All the options being hidden behind “Show sandbox options”.
sandbox new gui advanced

Released and packaged it

Finally, I released sandbox 0.2 (0.1 wasn’t in a packagable state) and packaged it for Ubuntu Natty Narwhal.
It’s made of 3 different packages:

  • sandbox: The command line utility and the C part.
  • sandbox-gui: The python GUI and .desktop file (Applications -> System Tools -> sandbox)
  • sandbox-nautilus: The nautilus extension, you need to restart nautilus to have it to load

The packages (for natty) can be found in my experimental PPA: https://launchpad.net/~stgraber/+archive/experimental/
and code is still available at: https://code.launchpad.net/~stgraber/+junk/sandbox

sandbox running software

For now, everything is called “sandbox” which is more of a concept than an actual project name. As it’s becoming more and more of an actual project and I’m quite bad at finding good names, I’m open for suggestions of a better name for that thing.

Update: Release 0.2.1 which auto-detect separate /home partition and fall-back to tmpfs when necessary. Packages are available for Natty (Ubuntu 11.04) and Maverick (Ubuntu 10.10).

Posted in LXC, Planet Revolution-Linux, Planet Ubuntu, Sandbox | Tagged , | Leave a comment

Sandbox gets a GUI

Posted on 2010/11/28 by Stéphane Graber

Last Friday at work enjoying the fact that most of the US weren’t working, I spent a few hours working on my current pet project, sandbox.

Most of the code has now been moved from the C code to a shell script, keeping only what’s really needed in C.
I also added the possibility of directly starting a command in a container (once the command ends, the container is destroyed).

On top of that, I played a bit with Glade and pygtk to implement a basic GUI on top of Sandbox as shown below:
Sandbox GUI screenshot

This is still very basic but should be a lot more user friendly than having to start the tool from the command line.

Next on the TODO list is support for saving/restoring containers and some kind of nautilus integration (Right-Click => “Run in a container” would be sweet).

As always, the code can be found in a bzr branch:
bzr get lp:~stgraber/+junk/sandbox
Or from: https://code.launchpad.net/~stgraber/+junk/sandbox

Posted in Planet Revolution-Linux, Planet Ubuntu, Sandbox | Tagged , | Leave a comment

Update on desktop application sandboxing

Posted on 2010/11/23 by Stéphane Graber

So on Saturday I blogged about a piece of code I wrote to easily create containers on a recent Linux desktop. I have now spent a few more hours improving the code a bit with two main new features:

  • Support for turning on/off network access
  • Support for mounting /home as aufs too

sandbox help

The on/off switch for network access is done by putting (or not) the spawned shell in another network namespace. This means that if network is disabled for the container, the software running in the container will only see a loopback device. This loopback device itself is separate from the one available outside the container, so a contained software won’t be able to access anything that listens on the loopback interface outside of the container.

I also switched to creating a “mount” directory that’s a tmpfs and which in turn contains the various mount points for the container. This workarounds the fact that you can’t mount an aufs filesystem in a sub-directory of its base filesystem (or it’d create a loop).

I updated the README in the branch accordingly and added basic getopt support for the two options.

Code can be found in a bzr branch: bzr get lp:~stgraber/+junk/sandbox
Or from: https://code.launchpad.net/~stgraber/+junk/sandbox

Posted in Planet Revolution-Linux, Planet Ubuntu, Sandbox | Tagged | Leave a comment

Desktop application sandboxing with containers

Posted on 2010/11/20 by Stéphane Graber

Last weekend, I spent a bit of time improving a set of scripts I developed while at the Ubuntu Developer Summit in Orlando.

This script, now a small C program, is a proof of concept of desktop application container/sandbox using the same kernel features as LXC (a set of tools to manage containers on Linux) uses.
It basically does the following:

  • Mount your / in a copy-on-write directory using aufs.
  • Mount-bind your /home inside the copy-on-write environment.
  • Switch to another UTS, “””PID” ” ” , IPC and NS context (keeping current network namespace)
  • Mount a new /proc in the copy-on-write environment
  • Chroot to the copy-on-write environment and switch user to your current user

At this point, the user will be in what looks like their home directory, though “ps” will only show a single process making it impossible to list or trace any process running outside this environment. Any change happening on the file system (outside of /home) will be recorded in a “cow” directory and be lost whenever the user exists the chroot.

Sandbox screenshot

This can be used to install an untrusted application in the chroot, test it, see exactly what it’s modifying on the filesystem without much risk for your actual system.

Current (known) limitations are:

  • A GUI application will still be able to listen to events from any other X client (including key strokes)
  • Change within /home aren’t stored in the copy-on-write as it’s bind-mounted.
  • aufs doesn’t let you mount / in copy-on-write mode inside a directory that’s itself on / (to avoid loops), that’s why the current code requires a separate /home which will be bind-mounted (looking forward to btrfs for this).
  • Running something as root in the container isn’t perfectly secure as access to /proc and /sys aren’t filtered. Though, it’s still a big improvement vs running the software directly on your system.
  • The code is a proof of concept so it’s not meant for any serious usage, feel free to look at it, improve and propose patches 🙂

You can grab the code with bzr: bzr get lp:~stgraber/+junk/sandbox
or directly on Launchpad: https://code.launchpad.net/~stgraber/+junk/sandbox

Posted in Planet Revolution-Linux, Planet Ubuntu, Sandbox | Tagged | 6 Comments