Knowasiak
Uncover HN: GUI Capabilities in Podman on Wayland

Uncover HN: GUI Capabilities in Podman on Wayland

  • limit scope of file system win admission to
  • inch any utility with out root privileges
  • creates usable “Desktop applications” to combine into your unprecedented workflow
  • prick community win admission to for applications that work with confidential stuff to forestall accidental leakage
  • position MEM and CPU boundaries to your applications (disclaimer: cpu limits no longer conducted but)
  • easy rollback with model pinning
  • works on wayland

capps.py [-h] [-a app1 app2 ... [app1 app2 ... ...]] [-c /path/to/config.yaml] [-b] [-r] [-i] [-v] [-s] [-d] [-l]

Beginning podman container apps.

choices:
  -h, --again            show this again message and exit
  -a app1 app2 ... [app1 app2 ... ...], --utility-checklist app1 app2 ... [app1 app2 ... ...]
                        Checklist of applications to inch as defined in config file
  -c /path/to/config.yaml, --config /path/to/config.yaml
                        Course to config file (defaults to config.yaml)
  -b, --plot           (re)plot checklist of supplied apps
  -r, --inch             inch containers of all supplied apps (default)
  -i, --install         install as desktop utility
  -v, --verbose         enable verbose log output
  -s, --stats           enable stats output
  -d, --debug           enable debug log output
  -l, --checklist            print accessible container

podman inch --rm -d --hostname firefox 
--title firefox-$RANDOM 
--cap-fall=ALL 
--read-supreme=real 
--read-supreme-tmpfs=faux 
--systemd=faux 
--userns=own-identification 
--security-decide=no-new-privileges 
--memory=2048mb 
--cap-add cap_sys_chroot 
--quantity $HOME/Downloads/:/dwelling/firefox/Downloads:rw 
--quantity /inch/consumer/$UID/pulse/native:/inch/consumer/$UID/pulse/native:ro 
--quantity $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:/tmp/$WAYLAND_DISPLAY:ro 
localhost/firefox

default_permissions: &default_permissions
  cap-fall: ALL
  read-supreme: real
  read-supreme-tmpfs: real
  systemd: faux
  userns: own-identification
  security-decide: "no-new-privileges"
volumes:
  - &sound "/inch/consumer/$UID/pulse/native:/inch/consumer/$UID/pulse/native:ro"
  - &wayland "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:/tmp/$WAYLAND_DISPLAY:ro"
  - &x11 /tmp/.X11-unix:/tmp/.X11-unix:ro
container:
  firefox:
    versioncmd: "firefox --model | awk "'"{print \$3}"'""
    repo: "localhost"
    file: "firefox.dockerfile"
    path: "./container/firefox/"
    icon: "firefox.png"
    permissions:
      memory: 2048mb
   

Read More

About the author: Charlie
Fill your life with experiences so you always have a great story to tell

Get involved!

Get Connected!
One of the Biggest Social Platform for Entrepreneurs, College Students and all. Come and join our community. Expand your network and get to know new people!

Discussion(s)

No comments yet
Knowasiak We would like to show you notifications so you don't miss chats & status updates.
Dismiss
Allow Notifications