Tag Archives: python

Busy week for Arkose

So last week I was in Dublin with my colleagues hacking on Oneiric. Most of the week has been spent either testing/fixing Ubuntu’s IPv6 support (more about that soon) or working on Arkose.

On Monday I released version 1.1 that was mostly bugfixes and introduced a new profile for Skype. Then after that I started working on the interesting stuff to end up releasing 1.2.1 on Thursday evening.

The new features are:

  • Filtered network support (one interface per container, routed/firewalled)
  • Video devices passthrough  (useful for Skype)
  • Support bind mount of files (thanks to Colin Watson)
  • Reworked UI for the wrapper

A lot of bugfixes also went in during the week. Now when Arkose crashes or raises an exception, it should deal with it properly, unmount everything and exit rather than leaving you with a lot of entries in your mount table.

The new Skype profile now lets you start Skype in an environment where it’ll only be able to see its configuration file, run on a separate isolated X server, access pulseaudio on a separate socket and only access the few video devices Arkose detected.

During the week I also spent some time talking to the Ubuntu Security team who also happen to be upstreams for Apparmor. In the future Arkose should start using Apparmor in cases where we don’t need an actual LXC container (depending on the profiles).

I also started working on a protocol-aware DBUS proxy based on the work from Alban Crequy so that Arkose should soon be able to filter what DBUS calls an app is allowed to do and prompt the user when accessing restricted information (keyring, contacts, …).
I’m hoping to have this merged into Arkose’s trunk branch this week.

After that I plan on spending some time implementing the network restrictions on top of the new “filtered network” support I introduced last week. Initially that should cover restricting an app to non-private (rfc1918) networks and eventually support fine grained filtering (destination and port).

Version 1.2.1 is available as tarballs on Launchpad or from the bzr branch or in current Ubuntu Oneiric. PPA builds are also available for Maverick and Natty.

Posted in Arkose, Canonical voices, Conferences, LXC, Planet Ubuntu | Tagged | Leave a comment

“App” containing on the modern Linux desktop

(Just released Arkose 1.0 that’s a full rewrite in python using LXC and introducing a nice GUI for fine grained app restriction. Read below for details.)

Those of you who read my blog know that I’ve been working on a pet-project of mine called Arkose.
This project is used as the base for WebLive‘s feature allowing users to easily test any package in the Ubuntu archive.

At the Ubuntu Developer Summit, last month in Hungary, I was leading a session on application containing and gathered ideas on how to improve the safety of our user’s desktop while still making it easy for app developers.

Today, I’d like to present you with the initial result, the new version of Arkose which I ended up releasing as 1.0 (as it’s a full rewrite).

The biggest new feature is the “wrapper” that can be used by packagers or upstreams to specify what the software will have access to, so Arkose will spawn a container that only has access to these resources.

Arkose wrapper for gedit

Current access controls include:
– Which user to run the software as (current user or root user)
– Network access (currently, all or nothing)
– X server access (either no access at all, an independent X server using xpra or direct X access)
– DBUS access (any combination of session bus, system bus or no dbus access at all)
– Pulseaudio access (enabled or not)

Then the app can specify a list of paths using one of these options:
– Direct filesystem access with read/write depending on user permissions
– Overlay filesystem access, similar to direct but all changes are dropped when the app exits
– Temporary empty directory. created and available to the app and dropped when the app exits

As an example, here’s the definition file for a completely isolated “xeyes”:

In this case, xeyes will appear almost as it’d in a regular environment. The only difference you’ll notice is that it won’t follow your mouse unless it’s in xeyes’ window. Also, if xeyes was to have some bug, it wouldn’t be able to eavesdrop on dbus, do any damage to the filesystem or even play a sound.

This 1.0 release is available for download at:
Development code is available on Launchpad at:
I have PPA builds for Maverick and Natty at:
The package also just got uploaded to Ubuntu Oneiric.

To start the gedit from the screenshot above, use:
arkose-wrapper-gui /usr/share/doc/arkose/examples/profiles/gedit.conf
Some other example profiles are available in:

Here’s an example of how to use the new python module:
import arkose
container.run_command("su stgraber -c xterm")

That will start an xterm as the user “stgraber” on an isolated X server and with pulseaudio and network support.

Next step for the project is to improve the GUI part, add all the new cool features to the old commands (arkose and arkose-gui), work on fine grained network access control and allow for translations. 1.1 should be released relatively soon with bug fixes and maybe some of these features.

I appreciate any comment or bug report. Comments can be left on this blog and bug reports on Launchpad: https://launchpad.net/arkose/+filebug

Posted in Arkose, Canonical voices, LXC, Planet Ubuntu | Tagged | 12 Comments

Introducing the WebLive API

After working on it for the last two weeks, I’m proud to finally announce the WebLive API.
As a reminder, WebLive is the name used for the daemon, Drupal plugin and scripts used to run http://www.edubuntu.org/weblive
Since last week, all the code is now available here: https://launchpad.net/weblive

The API is exported over JSON and example code is available in the branch called ltsp-cluster-agent-vmmanager in the client directory. When interfacing with python, it’s recommended to use the “weblive.py” module as it’ll be updated should the JSON API change or be extended in the near future.

Exported functions are:

  • create_user(serverid, username, fullname, password, session)
  • list_everything()
  • list_locales(serverid)
  • list_packages(serverid)
  • list_servers()

The following functions are exported over authenticated XML-RPC (for management):

  • delete_user(serverid, username)
  • set_disabled(serverid,status)
  • list_users(serverid,all=False)

The main weblive instance is available at https://weblive.stgraber.org/weblive/json and is the one used by Edubuntu.

The drupal-weblive branch contains the Drupal module which is now just a client to the JSON API.

The first use of that API after the Drupal module is Natty’s software-center which since last week ships with code to connect to WebLive.
If you use up to date Natty, you’ll need to install “qtnx” from universe and then start: software-center –with-weblive

All the packages available in WebLive will then have a “Test drive” button you can click to test that app remotely from a WebLive server.

WebLive integration in software-center

The software-center integration is experimental and will hopefully be improved by the time Natty is released. As Ubuntu doesn’t ship qtnx by default, WebLive won’t be visible in the default Ubuntu install, though it’ll be for Edubuntu.

Note: It can take up to a minute to connect to a server. There’s currently no user feedback during the connection process unless you watch the terminal from which you started the software center.

The current code requires your username and hostname to be ascii lowercase alpha characters only. I posted instructions as a comment to get the development branch that doesn’t have this restriction.

Posted in Edubuntu, LTSP, Planet Revolution-Linux, Planet Ubuntu, WebLive | Tagged | 12 Comments

Edubuntu’s installer ready for 11.04

After spending the last day or so working on it, I’m proud to announce that Edubuntu finally has its long awaited fine-grained package selection in Ubiquity.

Here’s a screenshot of what will be available in Natty:

Ubiquity fine-grained package selection

With it, users can easily opt out of some of our meta-packages or individual packages.
In the future you will also be able to install extra packages this way (that aren’t installed in the live environment but are present on the DVD).

Other than this installer change, Edubuntu has also been updated to ship with a classic gnome interface by default but offer Unity as an installation option. Unity-2d will also ship by default and we’ll try to have it as fall-back of Unity for these who choose to use Unity as their desktop interface.

Enjoy !

Posted in Edubuntu, Planet Revolution-Linux, Planet Ubuntu | Tagged , | 13 Comments

Pastebinit 1.2 released !

So, 10 months after the last release, I’m proud to announce that release 1.2 of the command line pastebin client is out !

For these who just want to grab the branch or tarballs, that’s on Launchpad: https://launchpad.net/pastebinit

For Natty users, you’ll just have to wait for pastebinit to hit Debian and then be synced, shouldn’t take long.

Here’s a quick overview of the new features:

  • Size limit support
  • Distro-specific default pastebin
  • Pastebinit now respects the FHS
  • Quick a few more supported pastebins (see list below)
  • A LOT of bugfix (over 20 bugs fixed, remaining bugs are mostly wishlist)
  • Updated manpage
  • Test scripts to quickly check that all pastebins work
  • Updated translations (28 supported locales)

Here’s the list of currently supported pastebins:

stgraber@castiana:~/data/code/pastebinit$ ./pastebinit -l
Supported pastebins:
- sprunge.us
- pastie.org
- paste.ubuntu.org.cn
- fpaste.org
- pb.daviey.com
- slexy.org
- paste.ubuntu.com
- paste.kde.org
- stikked.com
- p.defau.lt
- paste.debian.net
- cxg.de
- paste2.org
- yourpaste.net
- pastebin.com

Pastebinit automatic testing
Yay for automated testing !

Thanks to everyone who helped with this release:

  • Dave Walker
  • Jan Urbanski
  • Nitesh Mistry
  • Rolf Leggewie
  • Soren Hansen
Posted in pastebinit, Planet Revolution-Linux, Planet Ubuntu | Tagged | 5 Comments