GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → subuser-security → Subuser

subuser-security / Subuser

Licence: lgpl-3.0
Run programs on linux with selectively restricted permissions.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

dockersecuritycontainers

Projects that are alternatives of or similar to Subuser

Deis
Deis v1, the CoreOS and Docker PaaS: Your PaaS. Your Rules.
Stars: ✭ 6,107 (+625.3%)
Mutual labels:  containers
Udocker
A basic user tool to execute simple docker containers in batch or interactive systems without root privileges
Stars: ✭ 802 (-4.75%)
Mutual labels:  containers
Pavlos
A light-weight container runtime for Linux with NVIDIA gpu support, allows developers to quicky setup development environments for dev and test. Pavlos can emulate any Linux rootfs image as a container.
Stars: ✭ 22 (-97.39%)
Mutual labels:  containers
Docker Bind
Dockerize BIND DNS server with webmin for DNS administration
Stars: ✭ 769 (-8.67%)
Mutual labels:  containers
Che
The Kubernetes-Native IDE for Developer Teams
Stars: ✭ 6,572 (+680.52%)
Mutual labels:  containers
Aks Engine
AKS Engine: Units of Kubernetes on Azure!
Stars: ✭ 833 (-1.07%)
Mutual labels:  containers
Distribution
The toolkit to pack, ship, store, and deliver container content
Stars: ✭ 6,445 (+665.44%)
Mutual labels:  containers
Kitura On Kubernetes
Develop a Full-Stack Swift application with a native iOS app and Kitura on Kubernetes
Stars: ✭ 24 (-97.15%)
Mutual labels:  containers
Spec
Container Storage Interface (CSI) Specification.
Stars: ✭ 799 (-5.11%)
Mutual labels:  containers
Bane
Custom & better AppArmor profile generator for Docker containers.
Stars: ✭ 902 (+7.13%)
Mutual labels:  containers
Sysdig Inspect
Sysdig Inspect - A powerful opensource interface for container troubleshooting and security investigation
Stars: ✭ 775 (-7.96%)
Mutual labels:  containers
Runv
Hypervisor-based Runtime for OCI
Stars: ✭ 798 (-5.23%)
Mutual labels:  containers
Sen
Terminal User Interface for docker engine
Stars: ✭ 835 (-0.83%)
Mutual labels:  containers
Kompose
Go from Docker Compose to Kubernetes
Stars: ✭ 7,348 (+772.68%)
Mutual labels:  containers
Cdk Gitlab Runner
Create Gitlab Runner via AWS CDK.
Stars: ✭ 23 (-97.27%)
Mutual labels:  containers
Toast
Containerize your development and continuous integration environments. 🥂
Stars: ✭ 748 (-11.16%)
Mutual labels:  containers
Kismatic
Kismatic Enterprise Toolkit: Fully-Automated, Production-Grade Kubernetes Operations
Stars: ✭ 819 (-2.73%)
Mutual labels:  containers
Containers From Scratch
Writing a container in a few lines of Go code, as seen at DockerCon 2017 and on O'Reilly Safari
Stars: ✭ 839 (-0.36%)
Mutual labels:  containers
Csp
The Cyber Security Platform MeliCERTes is part of the European Strategy for Cyber Security. MeliCERTes is a network for establishing confidence and trust among the national Computer Security Incident Response Teams (CSIRTs) of the Member States and for promoting swift and effective operational cooperation.
Stars: ✭ 23 (-97.27%)
Mutual labels:  containers
Secretscanner
Find secrets and passwords in container images and file systems
Stars: ✭ 895 (+6.29%)
Mutual labels:  containers
View All Similar Projects ➔

Subuser - Securing the Linux desktop with Docker

.. image:: https://avatars0.githubusercontent.com/u/6707097?s=200&v=4 :target: https://subuser.org

Visit us at subuser.org <http://subuser.org>_

.. image:: https://github.com/subuser-security/subuser/workflows/ci/badge.svg?branch=master :target: https://github.com/subuser-security/subuser/actions?query=workflow%3Aci+branch%3Amaster

As free software developers we like to share. We surf the web and discover new code. We are eager to try it out. We live out an orgy of love and trust, unafraid that some code we cloned from Git might be faulty or malicious. We live in the 60s, carefree hippies.

This is utopia.

But sharing code isn't safe. Every time we try out some stranger's script, we put ourselves at risk. Despite the occasional claim that Linux is a secure operating system, haphazardly sharing programs is NOT secure.

Furthermore, the fragmentation of the Linux desktop means that packaging work is needlessly repeated. Programs that build and run on Fedora must be repackaged for Ubuntu.

Subuser with Docker attacks both problems simultaneously. Docker provides an isolated and consistent environment for your programs to run in. Subuser gives your desktop programs access to the resources they need in order to function normally.

Subuser turns Docker containers into normal Linux programs:

Right now I'm editing this file in vim. vim is not installed on my computer though. It is installed in a docker container. However, in order to edit this file, all I had to do was type::

$ vim README.md

Subuser turns a docker container into a normal program. But this program is not fully privileged. It can only access the directory from which it was called, not my entire home dir <https://xkcd.com/1200/>_. Each subuser is assigned a specific set of permissions, just like in Android. You can see an example permissions.json file bellow.

::

{
  "description"                : "A web browser."
  ,"maintainer"                : "Timothy Hobbs <timothyhobbs (at) seznam dot cz>"
  ,"executable"                : "/usr/bin/firefox"
  ,"user-dirs"                 : [ "Downloads"]
  ,"gui"                       : {"clipboard":true,"cursors":true}
  ,"sound-card"                : true
  ,"allow-network-access"      : true
}

For a list of all permissions supported by subuser, please see the subuser standard <http://subuser.org/subuser-standard/permissions-dot-json-file-format.html>_.

Installation

System Requirements

  • Docker <http://www.docker.io/gettingstarted/#h_installation>_ 1.3 or higher

  • Python >= 3

  • Git

  • X11 and the xauth utility (You almost certainly have this)

  • sudo (if you don't want to become a member of the docker group)

OS Requirements

  • Linux: Everything supported

  • OSX with docker for desktop: Limited support

    • inherit-timezone is ignored
    • xpra (graphical apps) doesnt work
    • Probaly other issues

Install with pip3: Stable version

  1. Add yourself to the sudo group (or the docker group).

::

$ sudo nano /etc/group

Find sudo and add your username to the end of the line.

  1. Install subuser from pip3.

$ sudo pip3 install subuser

  1. Add ~/.subuser/bin to your path by adding the line PATH=$HOME/.subuser/bin:$PATH to the end of your .bashrc file.

  2. Log out and then back in again.

  3. Done!

Install from git: Development version

  1. Add yourself to the sudo group (this is not necesary if you are already a member of the docker group).

  2. Download the subuser repository

::

$ cd $ git clone https://github.com/subuser-security/subuser

  1. Add subuser/logic and ~/.subuser/bin to your path by adding the line PATH=$HOME/subuser/logic:$HOME/.subuser/bin:$PATH to the end of your .bashrc file.

.. note:: You will need to change the path to subuser/logic to refer to the location to which you downloaded subuser.

  1. Log out and then back in again.

  2. Done!

To learn more and read the full manual please visit subuser.org <http://subuser.org>_

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].