Kasm - Virtual Desktop / Browser Isolation
-
@murgero I am aware
hence my comment.if you want to split the bounty on this one, I'll help with Sysbox.
-
wrote on Oct 11, 2020, 4:40 PM last edited by robi Oct 11, 2020, 4:41 PM
I would start with the outer part, which means helping the Cloudron team integrate Sysbox.
It would require a new base container image that runs with a new container runtime (sysbox) instead of the default. This is just an extra parameter in the docker run command.
$ docker run --runtime=sysbox-runc -it some-imageAll else stays the same.
In this container, you can now run Systemd, Docker, Kubernetes, etc., just like you would on a physical host or virtual machine. You can launch inner containers (and even inner privileged containers), knowing that the outer container is strongly isolated from the underlying host (via the Linux user-namespace). No more complex docker images or docker run commands, and no need for unsecure privileged containers.
-
I would start with the outer part, which means helping the Cloudron team integrate Sysbox.
It would require a new base container image that runs with a new container runtime (sysbox) instead of the default. This is just an extra parameter in the docker run command.
$ docker run --runtime=sysbox-runc -it some-imageAll else stays the same.
In this container, you can now run Systemd, Docker, Kubernetes, etc., just like you would on a physical host or virtual machine. You can launch inner containers (and even inner privileged containers), knowing that the outer container is strongly isolated from the underlying host (via the Linux user-namespace). No more complex docker images or docker run commands, and no need for unsecure privileged containers.
@robi It would be more ideal to get the Kasm devs to also give a build not reliant on docker - so we can dockerize it ourselfs, or at least I would think that way anyway.
Sysbox is pretty cool but I'm sure that would require a complete overhaul of current code?
-
wrote on Oct 11, 2020, 5:14 PM last edited by
I am going to disagree here. The docker solution is elegant and doesn't pollute the filesystem with lots of X libraries and other junk.
In fact the sysbox-runc is more secure than the current one, hence if Cloudron decided to use it, all it would take is a one parameter addition.
--runtime=sysbox-runcno overhaul required.
-
I am going to disagree here. The docker solution is elegant and doesn't pollute the filesystem with lots of X libraries and other junk.
In fact the sysbox-runc is more secure than the current one, hence if Cloudron decided to use it, all it would take is a one parameter addition.
--runtime=sysbox-runcno overhaul required.
-
@robi Oh wow - if that's the case then it definitely is at least worth more research and discussion.
-
P plusone-nick referenced this topic on Feb 4, 2022, 1:51 AM
-
wrote on Mar 4, 2023, 11:24 PM last edited by
any news on this, I just watched a tutorial video on KASM and it really looks very interesting
-
any news on this, I just watched a tutorial video on KASM and it really looks very interesting
@RazielKanos yep, it's nice.
I have KASM on a separate VPS and it's useful.
In my case, I don't use KASM enough to justify it using a whole VPS.
So it would sure be good to have it in Cloudron as an occasional resource, and get rid of the other VPS. -
I would start with the outer part, which means helping the Cloudron team integrate Sysbox.
It would require a new base container image that runs with a new container runtime (sysbox) instead of the default. This is just an extra parameter in the docker run command.
$ docker run --runtime=sysbox-runc -it some-imageAll else stays the same.
In this container, you can now run Systemd, Docker, Kubernetes, etc., just like you would on a physical host or virtual machine. You can launch inner containers (and even inner privileged containers), knowing that the outer container is strongly isolated from the underlying host (via the Linux user-namespace). No more complex docker images or docker run commands, and no need for unsecure privileged containers.
wrote on Mar 6, 2023, 11:13 AM last edited by@robi said in Kasm - Virtual Desktop / Browser Isolation:
I would start with the outer part, which means helping the Cloudron team integrate Sysbox.
It would require a new base container image that runs with a new container runtime (sysbox) instead of the default. This is just an extra parameter in the docker run command.
$ docker run --runtime=sysbox-runc -it some-imageAll else stays the same.
In this container, you can now run Systemd, Docker, Kubernetes, etc., just like you would on a physical host or virtual machine. You can launch inner containers (and even inner privileged containers), knowing that the outer container is strongly isolated from the underlying host (via the Linux user-namespace). No more complex docker images or docker run commands, and no need for unsecure privileged containers.
Thanks. Would this container need any modifications to enable it to run init daemons, like OpenRC, Dinit, s6, runit, SysVinit, and Upstart?
-
6 months later
-
wrote on Sep 1, 2023, 6:17 PM last edited by
Kasm could be a great asset to add to Cloudron for sure.
And, if it would be easier to integrate with Sysbox first on Cloudron, be it known as well that Docker has acquired Sysbox in May 2022. -
I have a VPS running Kasm.
Works very well. But I only use it occasionally so would be great to have it on Cloudron, and I can get rid of a VPS.
Slightly tricky install depending on what version of Ubuntu it runs on and whether it supports some library. But other than that, very nice. -
30 days later
-
wrote on Oct 1, 2023, 7:34 AM last edited by
yes, please do get it on cloudron! that would be great!
-
wrote on Oct 1, 2023, 2:06 PM last edited by DualOSWinWiz Oct 1, 2023, 2:10 PM
Yes its a good application but very resource intensive workspace so i hosted it separately but their was a proxy issue and was not working so for the timebeing i used nginx proxy manager but @girish released a patch in the last update 7.60. Now all is good and i am using it withing cloudron and also used cloudron ODIC integration it was long weekend night but well spent.
-
Yes its a good application but very resource intensive workspace so i hosted it separately but their was a proxy issue and was not working so for the timebeing i used nginx proxy manager but @girish released a patch in the last update 7.60. Now all is good and i am using it withing cloudron and also used cloudron ODIC integration it was long weekend night but well spent.
wrote on Oct 7, 2023, 8:19 PM last edited by@DualOSWinWiz have any specific docs that would save us some time that you could share?
-
@DualOSWinWiz have any specific docs that would save us some time that you could share?
wrote on Oct 7, 2023, 11:27 PM last edited by@plusone-nick What type of infrastructure you have? On site or in cloud?
-
wrote on Oct 8, 2023, 9:48 PM last edited by
come on discourse, improve your screen reader compatibility
-
@plusone-nick What type of infrastructure you have? On site or in cloud?
wrote on Oct 10, 2023, 12:54 AM last edited by@DualOSWinWiz both
-
@DualOSWinWiz both
@plusone-nick do you a repo for Kam on Cloudron that you can share ?
-
19 days later
-
@plusone-nick do you a repo for Kam on Cloudron that you can share ?
wrote on Oct 28, 2023, 10:16 PM last edited by@timconsidine nope sorry never dug into it too much
