Desktop App
-
@robi Cloudron blocks write access except for /app/data, /tmp, and I think a couple other dirs. but tghe big stuff like in /var, /etc, /lib - you cant write in post build.
I'd like to note that during the building of the app I can write to whatever directory I want. but once it's deployed though it's locked down.
Plus some stuff you can't do in docker unless the image(s) are ran in privileged mode, which cloudron does not allow either. Without privileged mode, a lot of stuff has to get worked around like x11, window manager, and even simple stuff like fuse works differently in docker than in regular linux.
-
@murgero sysbox allows for more things without using privileged mode.
It's likely a good time to map out the things that you need, vs the things cloudron allows and see what the delta is and how that maps to sysbox capabilities and any changes we might need to look into.
It's these kinds of things that prevent others from seeing an idea can work because of their own limits in knowledge or beliefs, so the immediate response is No, when it could be a YES.
-
@robi said in Desktop App:
@marcusquinn said in Desktop App:
ZorinOS Lite is based on that (XFCE 4.16) too if you wanna try?
Does it have a functional OS level dark mode?
Yes
-
@marcusquinn : I tried out out Kasm.
Generally a good system and an easy install (if you put on its own box not with other stuff).
However, even after increasing the cores and RAM that can be allocated to an app/image, I found it a little slow. Maybe it's the VPS I put it on, despite the VPS having 32Gb RAM and 8 cores.
My expectation level has been set at a middle level remote desktop Workspace from AWS. Although I am trying to get off AWS, I have to say that workspace performs well. Better than Kasm.
So very interested to see what performance a Cloudron Desktop App will be. When it's ready. -
Love the use case...reminds me of KASM : https://forum.cloudron.io/topic/3269/kasm-virtual-desktop-browser-isolation/2?_=1643939053102
-
@timconsidine Howdy! It's probably ready for testing tbh. But i worry about security - since I am not an export (though I know a lot) on Linux security - It'd be a good idea to test it, and maybe even have a 3rd party audit of it.
-
@murgero I'd be interested to test it if you need another set of eyes.
But I'm no expert, and certainly not on security. It's so broad these days. Lots of stuff on reddit/selfhosted on security. trying to absorb this : https://arvind.io/posts/using-fail2ban-to-protect-exposed-services/ -
@timconsidine maybe do this https://forum.cloudron.io/topic/6224/crowdsec-install-guide-for-cloudron-purposes instead of just fail2ban?
-
@necrevistonnezr good point
-
@necrevistonnezr That seems more for the host than installed in apps? Or am I misreading some of it?