Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. App Wishlist
  3. Kasm - Virtual Desktop / Browser Isolation

Kasm - Virtual Desktop / Browser Isolation

Scheduled Pinned Locked Moved App Wishlist
38 Posts 14 Posters 6.9k Views 15 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • robiR robi

    @murgero is that just because of the various other containerized apps (browsers) it pulls in?

    that's just extra directives in the Dockerfile no?

    murgeroM Offline
    murgeroM Offline
    murgero
    App Dev
    wrote on last edited by
    #4

    @robi No, I can see how it can load desktops and such - it's the way the server backend is installed - using multiple different containers that one app can't use on it's own without Cloudron adding a new "addon"

    --
    https://urgero.org
    ~ Professional Nerd. Freelance Programmer. ~

    robiR 1 Reply Last reply
    0
    • murgeroM murgero

      @robi No, I can see how it can load desktops and such - it's the way the server backend is installed - using multiple different containers that one app can't use on it's own without Cloudron adding a new "addon"

      robiR Offline
      robiR Offline
      robi
      wrote on last edited by
      #5

      @murgero this sounds like a perfect use case for Sysbox.

      That way a full machine image can be installed with Kasm to have access and control over all the containers.

      Docker in docker, the outer one managed by Cloudron, the inner one by Kasm.

      Conscious tech

      murgeroM 1 Reply Last reply
      1
      • robiR robi

        @murgero this sounds like a perfect use case for Sysbox.

        That way a full machine image can be installed with Kasm to have access and control over all the containers.

        Docker in docker, the outer one managed by Cloudron, the inner one by Kasm.

        murgeroM Offline
        murgeroM Offline
        murgero
        App Dev
        wrote on last edited by
        #6

        @robi Kasm already supports full desktops in docker - or it at least gives the illusion of it. ❤

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~

        robiR 1 Reply Last reply
        1
        • murgeroM murgero

          @robi Kasm already supports full desktops in docker - or it at least gives the illusion of it. ❤

          robiR Offline
          robiR Offline
          robi
          wrote on last edited by
          #7

          @murgero I am aware 😉 hence my comment.

          if you want to split the bounty on this one, I'll help with Sysbox.

          Conscious tech

          murgeroM 1 Reply Last reply
          1
          • robiR robi

            @murgero I am aware 😉 hence my comment.

            if you want to split the bounty on this one, I'll help with Sysbox.

            murgeroM Offline
            murgeroM Offline
            murgero
            App Dev
            wrote on last edited by
            #8

            @robi I'd love to - I just don't know where to start tbh

            --
            https://urgero.org
            ~ Professional Nerd. Freelance Programmer. ~

            1 Reply Last reply
            1
            • robiR Offline
              robiR Offline
              robi
              wrote on last edited by robi
              #9

              I would start with the outer part, which means helping the Cloudron team integrate Sysbox.

              It would require a new base container image that runs with a new container runtime (sysbox) instead of the default. This is just an extra parameter in the docker run command.

              $ docker run --runtime=sysbox-runc -it some-image
              

              All else stays the same.

              In this container, you can now run Systemd, Docker, Kubernetes, etc., just like you would on a physical host or virtual machine. You can launch inner containers (and even inner privileged containers), knowing that the outer container is strongly isolated from the underlying host (via the Linux user-namespace). No more complex docker images or docker run commands, and no need for unsecure privileged containers.

              Conscious tech

              murgeroM L 2 Replies Last reply
              1
              • robiR robi

                I would start with the outer part, which means helping the Cloudron team integrate Sysbox.

                It would require a new base container image that runs with a new container runtime (sysbox) instead of the default. This is just an extra parameter in the docker run command.

                $ docker run --runtime=sysbox-runc -it some-image
                

                All else stays the same.

                In this container, you can now run Systemd, Docker, Kubernetes, etc., just like you would on a physical host or virtual machine. You can launch inner containers (and even inner privileged containers), knowing that the outer container is strongly isolated from the underlying host (via the Linux user-namespace). No more complex docker images or docker run commands, and no need for unsecure privileged containers.

                murgeroM Offline
                murgeroM Offline
                murgero
                App Dev
                wrote on last edited by
                #10

                @robi It would be more ideal to get the Kasm devs to also give a build not reliant on docker - so we can dockerize it ourselfs, or at least I would think that way anyway.

                Sysbox is pretty cool but I'm sure that would require a complete overhaul of current code?

                --
                https://urgero.org
                ~ Professional Nerd. Freelance Programmer. ~

                1 Reply Last reply
                0
                • robiR Offline
                  robiR Offline
                  robi
                  wrote on last edited by
                  #11

                  I am going to disagree here. The docker solution is elegant and doesn't pollute the filesystem with lots of X libraries and other junk.

                  In fact the sysbox-runc is more secure than the current one, hence if Cloudron decided to use it, all it would take is a one parameter addition.

                  --runtime=sysbox-runc
                  

                  no overhaul required.

                  Conscious tech

                  murgeroM 1 Reply Last reply
                  2
                  • robiR robi

                    I am going to disagree here. The docker solution is elegant and doesn't pollute the filesystem with lots of X libraries and other junk.

                    In fact the sysbox-runc is more secure than the current one, hence if Cloudron decided to use it, all it would take is a one parameter addition.

                    --runtime=sysbox-runc
                    

                    no overhaul required.

                    murgeroM Offline
                    murgeroM Offline
                    murgero
                    App Dev
                    wrote on last edited by
                    #12

                    @robi Oh wow - if that's the case then it definitely is at least worth more research and discussion.

                    --
                    https://urgero.org
                    ~ Professional Nerd. Freelance Programmer. ~

                    robiR 1 Reply Last reply
                    1
                    • murgeroM murgero

                      @robi Oh wow - if that's the case then it definitely is at least worth more research and discussion.

                      robiR Offline
                      robiR Offline
                      robi
                      wrote on last edited by
                      #13

                      @murgero 💯

                      Conscious tech

                      1 Reply Last reply
                      1
                      • P plusone-nick referenced this topic on
                      • RazielKanosR Offline
                        RazielKanosR Offline
                        RazielKanos
                        wrote on last edited by
                        #14

                        any news on this, I just watched a tutorial video on KASM and it really looks very interesting

                        timconsidineT 1 Reply Last reply
                        0
                        • RazielKanosR RazielKanos

                          any news on this, I just watched a tutorial video on KASM and it really looks very interesting

                          timconsidineT Offline
                          timconsidineT Offline
                          timconsidine
                          App Dev
                          wrote on last edited by
                          #15

                          @RazielKanos yep, it's nice.
                          I have KASM on a separate VPS and it's useful.
                          In my case, I don't use KASM enough to justify it using a whole VPS.
                          So it would sure be good to have it in Cloudron as an occasional resource, and get rid of the other VPS.

                          1 Reply Last reply
                          2
                          • robiR robi

                            I would start with the outer part, which means helping the Cloudron team integrate Sysbox.

                            It would require a new base container image that runs with a new container runtime (sysbox) instead of the default. This is just an extra parameter in the docker run command.

                            $ docker run --runtime=sysbox-runc -it some-image
                            

                            All else stays the same.

                            In this container, you can now run Systemd, Docker, Kubernetes, etc., just like you would on a physical host or virtual machine. You can launch inner containers (and even inner privileged containers), knowing that the outer container is strongly isolated from the underlying host (via the Linux user-namespace). No more complex docker images or docker run commands, and no need for unsecure privileged containers.

                            L Offline
                            L Offline
                            LoudLemur
                            wrote on last edited by
                            #16

                            @robi said in Kasm - Virtual Desktop / Browser Isolation:

                            I would start with the outer part, which means helping the Cloudron team integrate Sysbox.

                            It would require a new base container image that runs with a new container runtime (sysbox) instead of the default. This is just an extra parameter in the docker run command.

                            $ docker run --runtime=sysbox-runc -it some-image
                            

                            All else stays the same.

                            In this container, you can now run Systemd, Docker, Kubernetes, etc., just like you would on a physical host or virtual machine. You can launch inner containers (and even inner privileged containers), knowing that the outer container is strongly isolated from the underlying host (via the Linux user-namespace). No more complex docker images or docker run commands, and no need for unsecure privileged containers.

                            Thanks. Would this container need any modifications to enable it to run init daemons, like OpenRC, Dinit, s6, runit, SysVinit, and Upstart?

                            robiR 1 Reply Last reply
                            0
                            • micmcM Offline
                              micmcM Offline
                              micmc
                              wrote on last edited by
                              #17

                              Kasm could be a great asset to add to Cloudron for sure.
                              And, if it would be easier to integrate with Sysbox first on Cloudron, be it known as well that Docker has acquired Sysbox in May 2022.

                              Ignorance is not an excuse anymore!
                              https://AutomateKit.com

                              1 Reply Last reply
                              2
                              • timconsidineT Offline
                                timconsidineT Offline
                                timconsidine
                                App Dev
                                wrote on last edited by
                                #18

                                I have a VPS running Kasm.
                                Works very well. But I only use it occasionally so would be great to have it on Cloudron, and I can get rid of a VPS.
                                Slightly tricky install depending on what version of Ubuntu it runs on and whether it supports some library. But other than that, very nice.

                                1 Reply Last reply
                                4
                                • adisonA Offline
                                  adisonA Offline
                                  adison
                                  wrote on last edited by
                                  #19

                                  yes, please do get it on cloudron! that would be great!

                                  my website is not available right now

                                  1 Reply Last reply
                                  0
                                  • D Offline
                                    D Offline
                                    DualOSWinWiz
                                    wrote on last edited by DualOSWinWiz
                                    #20

                                    Yes its a good application but very resource intensive workspace so i hosted it separately but their was a proxy issue and was not working so for the timebeing i used nginx proxy manager but @girish released a patch in the last update 7.60. Now all is good and i am using it withing cloudron and also used cloudron ODIC integration it was long weekend night but well spent.

                                    P 1 Reply Last reply
                                    3
                                    • D DualOSWinWiz

                                      Yes its a good application but very resource intensive workspace so i hosted it separately but their was a proxy issue and was not working so for the timebeing i used nginx proxy manager but @girish released a patch in the last update 7.60. Now all is good and i am using it withing cloudron and also used cloudron ODIC integration it was long weekend night but well spent.

                                      P Offline
                                      P Offline
                                      plusone-nick
                                      wrote on last edited by
                                      #21

                                      @DualOSWinWiz have any specific docs that would save us some time that you could share? 😬

                                      ✌💙+1

                                      D 1 Reply Last reply
                                      1
                                      • P plusone-nick

                                        @DualOSWinWiz have any specific docs that would save us some time that you could share? 😬

                                        D Offline
                                        D Offline
                                        DualOSWinWiz
                                        wrote on last edited by
                                        #22

                                        @plusone-nick What type of infrastructure you have? On site or in cloud?

                                        P 1 Reply Last reply
                                        1
                                        • adisonA Offline
                                          adisonA Offline
                                          adison
                                          wrote on last edited by
                                          #23

                                          personally, i think @girish should implement kasm workspaces noticing there's a docker container for it.

                                          my website is not available right now

                                          1 Reply Last reply
                                          0
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                          • Login

                                          • Don't have an account? Register

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Bookmarks
                                          • Search