Flatpak a technical walk-through. Alexander Larsson, Red Hat
|
|
- Bruce Jackson
- 5 years ago
- Views:
Transcription
1 Flatpak a technical walk-through Alexander Larsson, Red Hat
2 What is Flatpak?
3 apps for the Linux Desktop
4 Distribute your app
5 Run it anywhere
6 Build in anywhere
7 Run it sandboxed
8 How is this different from containers?
9 Non-privileged user Must not require root permissions Must not grant root permissions No root-only features
10 Desktop integration Icon shows up in desktop Automatic setup of X11/Wayland/Pulseaudio DBus integration OpenGL / DRI support Uses freedesktop specs Interactive permissions system
11 OSTree Bubblewrap Building blocks
12 OSTree its like git for operating systems
13 Repo layout app bin hello.sh README $ cat app/readme This is some example content
14 Repo layout app bin hello.sh README $ cat app/readme This is some example content $ ostree --repo=repo init $ ostree --repo=repo commit \ --subject="foobar" \ --branch=master app 8528ed0cee $ ostree --repo=repo show master commit 8528ed0cee Date: :18: Foobar
15 Repo layout app bin hello.sh README repo/ config objects 94/b60b8c7a.dirtree f2/13a94e40.dirtree 30/d1d158ec.file 80/04dd449f.file 85/28ed0cee.commit d9/f4b64256.dirmeta refs/heads/master $ cat app/readme This is some example content $ cat repo/refs/heads/master 8528ed0cee $ cat repo/objects/80/04dd449f.file This is some example content
16 Repo layout app bin hello.sh README repo/ config objects 94/b60b8c7a.dirtree f2/13a94e40.dirtree 30/d1d158ec.file 80/04dd449f.file 85/28ed0cee.commit d9/f4b64256.dirmeta refs/heads/master $ cat app/readme This is some example content $ cat repo/refs/heads/master 8528ed0cee $ cat repo/objects/80/04dd449f.file This is some example content $ echo -n "..." >> app/readme $ ostree --repo=repo commit \ --subject= Changed stuff --branch=master app 2e9472ca3f
17 Repo layout app bin hello.sh README repo/ config objects 94/b60b8c7a.dirtree c6/171320dd.dirtree f2/13a94e40.dirtree 30/d1d158ec.file 80/04dd449f.file 67/a1a77c36.file 85/28ed0cee.commit 2e/9472ca3f.commit d9/f4b64256.dirmeta refs/heads/master $ cat app/readme This is some example content $ cat repo/refs/heads/master 2e9472ca3f $ cat repo/objects/80/04dd449f.file This is some example content $ cat repo/objects/67/a1a77c36.file This is some example content...
18 Checkout repo/ config objects 94/b60b8c7a.dirtree c6/171320dd.dirtree f2/13a94e40.dirtree 30/d1d158ec.file 80/04dd449f.file 67/a1a77c36.file 85/28ed0cee.commit 2e/9472ca3f.commit d9/f4b64256.dirmeta refs/heads/master
19 Checkout repo/ config objects 94/b60b8c7a.dirtree c6/171320dd.dirtree f2/13a94e40.dirtree 30/d1d158ec.file 80/04dd449f.file 67/a1a77c36.file 85/28ed0cee.commit 2e/9472ca3f.commit d9/f4b64256.dirmeta refs/heads/master $ ostree --repo=repo checkout \ master new
20 Checkout repo/ config objects 94/b60b8c7a.dirtree c6/171320dd.dirtree f2/13a94e40.dirtree 30/d1d158ec.file 80/04dd449f.file 67/a1a77c36.file 85/28ed0cee.commit 2e/9472ca3f.commit d9/f4b64256.dirmeta refs/heads/master new bin hello.sh README $ ls -lr new new: drwxr-xr-x. 2 alex alex 60 bin -rw-r--r--. 2 alex alex 19 README new/bin: -rw-r--r--. 2 alex alex 38 hello.sh $ cat app/readme This is some example content...
21 Checkout repo/ config objects 94/b60b8c7a.dirtree c6/171320dd.dirtree f2/13a94e40.dirtree 30/d1d158ec.file 80/04dd449f.file 67/a1a77c36.file 85/28ed0cee.commit 2e/9472ca3f.commit d9/f4b64256.dirmeta refs/heads/master new bin hello.sh README $ ls -lr new new: drwxr-xr-x. 2 alex alex 60 bin -rw-r--r--. 2 alex alex 19 README new/bin: -rw-r--r--. 2 alex alex 38 hello.sh $ cat new/readme This is some example content... $ stat new/readme grep Inode Device: 2fh/47d Inode: Links: 2 $ stat repo/objects/67/a1a77c36.file \ grep Inode Device: 2fh/47d Inode: Links: 2
22 Repo mode archive-z2 config objects 35/b2a1ffa5.dirtree 67/a1a77c36.filez 80/04dd449f.filez c6/171320dd.dirtree d9/f4b64256.dirmeta db/92a318a1.commit db/92a318a1.commitmeta refs/heads/master summary.sig summary Host on HTTP server GPG sign commits Static deltas Hosting a repo
23 OSTree advantages Automatic deduplication Disk RAM Efficient updates Atomic updates No privileges needed No kernel requirements
24 bubblewrap unprivileged chroot on steroids
25 The virtual filesystem A a1 a1 B FS Root Mount point A / / a2 b1 a2 a3 b1 b2 c c1 C B / /a1 C / /a1/b1 C /c1 /a1/b2 a3 c1 c2 foo b3 foo b2 c3 c2 c3 foo b3
26 chroot A a1 B FS Root Mount point b1 a2 a3 b1 b2 c c1 C A / / B / /a1 C / /a1/b1 C /c1 /a1/b2 c1 c2 foo b3 c2 c3 foo Process root /a1 b2 foo c3 b3
27 namespaces A a1 B FS Root Mount point b1 a2 a3 b1 b2 c c1 C A / / B / /a1 C / /a1/b1 C /c1 /a1/b2 c1 c2 foo b3 c2 c3 foo Process root /a1 Process mount table b2 foo c3 b3
28 What is wrong with chroot? Must be root Why?
29 Unprivileged user namespaces prctl(pr_set_no_new_privs) User mappings
30 bubblewrap Simple tool to use user namespaces Starts with / as empty tmpfs Add bindmounts and dirs/files/symlinks $ bwrap --dir /tmp --ro-bind /usr /usr --symlink usr/lib64 /lib64 /usr/bin/ls / lib64 tmp usr
31 Other features Namspaces: net, ipc, pid, uts, cgroup Filesystems: tmpfs, proc, dev Pid 1 handler seccomp
32 Setuid version For distros that disable user namespaces
33 Flatpak feet view Each installation has an OSTree repo Apps and runtimes are branches app/org.gnome.gedit/x86_64/stable runtime/org.gnome.platform/x86_64/3.28 Checked out (deployed) next to repo Run with bubblewrap bwrap --ro-bind $app /app --ro-bind $runtime /usr...
34 Deployed app $ cd /var/lib/flatpak $ ls -l app/org.gnome.gedit/x86_64/stable drwxr-xr-x. 4 alex wheel ce9102a... lrwxrwxrwx. 1 alex wheel 64 active -> 849ce9102a.. $ ls -l app/org.gnome.gedit/x86_64/stable/active/ -rw-r--r--. 2 alex alex 966 metadata drwxr-xr-x. 6 alex alex 89 files drwxr-xr-x. 4 alex alex 30 export -rw-r--r--. 1 alex alex 134 deploy $ ls -la app/org.gnome.gedit/x86_64/stable/active/files/ drwxr-xr-x. 2 alex alex 56 bin drwxr-xr-x. 7 alex alex 4096 lib drwxr-xr-x. 17 alex alex 238 share -rw-r--r--. 1 alex alex 0.ref
35 flatpak install flathub org.gnome.gedit ostree pull flathub $REF COMMIT=$(ostree rev-parse flathub:$ref) ostree checkout --branch $REF $REF/$COMMIT create $REF/$COMMIT/{deploy, files/.ref} syncfs() ln -sf $COMMIT $REF/active process $REF/$COMMIT/export into exports/
36 flatpak update org.gnome.gedit Same, but after: mv $REF/$OLDCOMMIT.removed for D in.removed/*; do if flock --exclusive --nonblock $D/.ref; then rm -rf $D; fi done
37 Flatpak sandbox Namespaces: user, fs, pid, Optional namespaces: net, ipc Seccomp Disable weird network types no ptrace, perf, personality, multiarch, keyring, weird syscalls No recursive namespaces Per-app /tmp Runs in transient systemd --user scope Filtering DBus proxy Writable per-app storage in ~/.var/app/$appid
38 Questions Links: Reaching us #flatpak on freenode
Flatpak. Apps on the Linux desktop. Alexander Larsson Red Hat
Flatpak Apps on the Linux desktop Alexander Larsson Red Hat Flatpak Major Goals Cross-distro deployment and distribution Sandboxing applications Shorter distance between developers and users Using Flatpak
More informationContain your Desktop Applications with Flatpak
Contain your Desktop Applications with Flatpak Lili Cosic Github: lilic Twitter: LiliCosic Berlin-based software company building foundational Linux technologies Find out more about us Blog: kinvolk.io/blog
More informationThe Future of Linux Application Distribution
Richard Hughes Mario Sánchez Prada Samsung Research UK. Staines, 2017 March 16th About Mario Computer Science Engineer by the University of Coruña Open Source
More informationHow to make your application into a Flatpak
How to make your application into a Flatpak Owen Taylor Red Hat Flock 2017 August 29, 2017 The Flatpak Model Init System OS Display Server Kernel Libraries Init System OS Display Server Kernel Applications
More informationFlatpak workshop. flatpak.org
Flatpak workshop flatpak.org Carlos Soriano Sanchez - GNOME Developer csoriano csoriano@gnome.org Felipe Borges - GNOME Developer feborges felipeborges@gnome.org Overview Flatpak introduction What is Flatpak
More informationFlatpak Documentation
Flatpak Documentation Release Flatpak Team May 01, 2018 Contents 1 Contents 3 1.1 Introduction to Flatpak.......................................... 3 1.2 Getting Started..............................................
More informationDocker A FRAMEWORK FOR DATA INTENSIVE COMPUTING
Docker A FRAMEWORK FOR DATA INTENSIVE COMPUTING Agenda Intro / Prep Environments Day 1: Docker Deep Dive Day 2: Kubernetes Deep Dive Day 3: Advanced Kubernetes: Concepts, Management, Middleware Day 4:
More informationThe landscape. File hierarchy overview. A tree structure of directories The directory tree is standardized. But varies slightly among distributions
The landscape David Morgan File hierarchy overview A tree structure of directories The directory tree is standardized But varies slightly among distributions portions can spread across different partitions
More informationNamespaces and Capabilities Overview and Recent Developments
Namespaces and Capabilities Overview and Recent Developments Linux Security Summit Europe Edinburgh, Scotland Christian Brauner christian@brauner.io christian.brauner@ubuntu.com @brau_ner https://brauner.github.io/
More information3/26/2014. Contents. Concepts (1) Disk: Device that stores information (files) Many files x many users: OS management
2013-2014 Contents 1. Concepts about the file system 2. The The disk user structure view 3. 2. Files The disk in disk structure The ext2 FS 4. 3. The Files Virtual in disk File The System ext2 FS 4. The
More informationUnix File System. Class Meeting 2. * Notes adapted by Joy Mukherjee from previous work by other members of the CS faculty at Virginia Tech
Unix File System Class Meeting 2 * Notes adapted by Joy Mukherjee from previous work by other members of the CS faculty at Virginia Tech Unix File System The file system is your interface to: physical
More informationLecture 2: The file system
Lecture 2: The file system Hands-on Unix System Administration DeCal 2012-01-30 1 / 19 Basic programs Basic commands 2 / 19 Basic programs Basic programs Basic commands pwd cd ls cp, mv less, vi 3 / 19
More information2 Initialize a git repository on your machine, add a README file, commit and push
BioHPC Git Training Demo Script First, ensure that git is installed on your machine, and you have configured an ssh key. See the main slides for instructions. To follow this demo script open a terminal
More informationFilesystem Hierarchy and Permissions
and Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Multiuser and Server Operating System Linux systems are commonly used as a multi-user system E.g.
More informationUnix Filesystem. January 26 th, 2004 Class Meeting 2
Unix Filesystem January 26 th, 2004 Class Meeting 2 * Notes adapted by Christian Allgood from previous work by other members of the CS faculty at Virginia Tech Unix Filesystem! The filesystem is your interface
More informationChapter Two. Lesson A. Objectives. Exploring the UNIX File System and File Security. Understanding Files and Directories
Chapter Two Exploring the UNIX File System and File Security Lesson A Understanding Files and Directories 2 Objectives Discuss and explain the UNIX file system Define a UNIX file system partition Use the
More informationFlatpak Documentation. Flatpak Team
Flatpak Team 09.09.2018 Inhaltsverzeichnis 1 Inhalt 3 1.1 Einführung in Flatpak.......................................... 3 1.2 Getting Started.............................................. 4 1.3 Building.................................................
More informationLinux Essentials. Programming and Data Structures Lab M Tech CS First Year, First Semester
Linux Essentials Programming and Data Structures Lab M Tech CS First Year, First Semester Adapted from PDS Lab 2014 and 2015 Login, Logout, Password $ ssh mtc16xx@192.168.---.--- $ ssh X mtc16xx@192.168.---.---
More informationWelcome to getting started with Ubuntu Server. This System Administrator Manual. guide to be simple to follow, with step by step instructions
Welcome to getting started with Ubuntu 12.04 Server. This System Administrator Manual guide to be simple to follow, with step by step instructions with screenshots INDEX 1.Installation of Ubuntu 12.04
More informationIntroduction of Linux
Introduction of Linux 阳 oslab2018_class1@163.com 寅 oslab2018_class2@163.com PART I Brief Introduction Basic Conceptions & Environment Install & Configure a Virtual Machine Basic Commands PART II Shell
More informationDocker Security. Mika Vatanen
Docker Security Mika Vatanen 13.6.2017 About me Mika Vatanen, Solution Architect @ Digia 18 years at the industry, 6 months at Digia Established ii2 a Finnish MySpace, top-5 most used web service in Finland
More informationFilesystem Hierarchy and Permissions
2 and Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1 Multiuser and Server Operating System systems are commonly used as a multi-user system E.g. multiple
More informationOS Containers. Michal Sekletár November 06, 2016
OS Containers Michal Sekletár msekleta@redhat.com November 06, 2016 whoami Senior Software Engineer @ Red Hat systemd and udev maintainer Free/Open Source Software contributor Michal Sekletár msekleta@redhat.com
More informationFile System. yihshih
File System yihshih Files % ls l d rwx--x--x 7 wutzh gcs 1024 Sep 22 17:25 public_html File type File access mode # of links File user owner File group owner File size File last modify time 2 File name
More informationHow to build and run OCI containers
How to build and run OCI containers A shallow dive on the OCI container configuration and an overview of the available tools whoami Spyros Trigazis Computing Engineer at CERN s cloud team Project Team
More informationThe UNIX File System
The UNIX File System Magnus Johansson May 9, 2007 1 UNIX file system A file system is created with mkfs. It defines a number of parameters for the system, such as: bootblock - contains a primary boot program
More informationUNIX File Hierarchy: Structure and Commands
UNIX File Hierarchy: Structure and Commands The UNIX operating system organizes files into a tree structure with a root named by the character /. An example of the directory tree is shown below. / bin
More informationFiles
http://www.cs.fsu.edu/~langley/cop3353-2013-1/reveal.js-2013-02-11/02.html?print-pdf 02/11/2013 10:55 AM Files A normal "flat" file is a collection of information. It's usually stored somewhere reasonably
More informationAgenda. Several projects are using GIT Developer(s) Junio Hamano, Linus Torvalds. Qt Stable release (January 31, 2011)
Basic Agenda 1 Project information Who is ussing 2 14 Oct 2011 3 Basic Data Transport Work ow 4 Con gure 5 Basic Project information Who is ussing Project information Who is ussing Project information
More informationPerl and R Scripting for Biologists
Perl and R Scripting for Biologists Lukas Mueller PLBR 4092 Course overview Linux basics (today) Linux advanced (Aure, next week) Why Linux? Free open source operating system based on UNIX specifications
More informationIntroduction to Containers
Introduction to Containers Shawfeng Dong Principal Cyberinfrastructure Engineer University of California, Santa Cruz What are Containers? Containerization, aka operating-system-level virtualization, refers
More informationContainers and isolation as implemented in the Linux kernel
Containers and isolation as implemented in the Linux kernel Technical Deep Dive Session Hannes Frederic Sowa Senior Software Engineer 13. September 2016 Outline Containers and isolation
More informationIntroduction to GIT. Jordi Blasco 14 Oct 2011
Jordi Blasco (jblasco@xrqtc.com) 14 Oct 2011 Agenda 1 Project information Who is ussing GIT 2 Branch Tag Data Transport Workow 3 Congure 4 Working with remotes 5 Project information Who is ussing GIT Project
More informationTravis Cardwell Technical Meeting
.. Introduction to Docker Travis Cardwell Tokyo Linux Users Group 2014-01-18 Technical Meeting Presentation Motivation OS-level virtualization is becoming accessible Docker makes it very easy to experiment
More informationScratchbox Remote Shell
Scratchbox Remote Shell Timo Savola tsavola@movial.fi Scratchbox Remote Shell by Timo Savola Copyright 2004, 2005 Nokia Revision history Version: Author: Description: 2005-02-08 Savola Based on Device
More informationOS Security III: Sandbox and SFI
1 OS Security III: Sandbox and SFI Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 VMs on lab machine Extension? 3 Users and processes FACT: although ACLs use users as subject, the OS
More informationGNU/Linux 101. Casey McLaughlin. Research Computing Center Spring Workshop Series 2018
GNU/Linux 101 Casey McLaughlin Research Computing Center Spring Workshop Series 2018 rccworkshop IC;3df4mu bash-2.1~# man workshop Linux101 RCC Workshop L101 OBJECTIVES - Operating system concepts - Linux
More informationContainer Isolation at Scale (... and introducing gvisor) Dawn Chen and Zhengyu He
Container Isolation at Scale (... and introducing gvisor) Dawn Chen and Zhengyu He Containers are amazing! Year 2013: Docker Inc. released its container engine Million downloads and about 8,000 docker
More informationRunning Classic Applications in a Confined Ecosystem. Larry Price
Running Classic Applications in a Confined Ecosystem Larry Price Classic Applications? Confined Ecosystem? Convergence Classic Applications Definition: An application installed via a traditional package
More informationHow we added software updates to AGL
How we added software updates to AGL Phil Wise 2017 ATS Advanced Telematic Systems GmbH ATS Advanced Telematic Systems. Open source and open standard for connected mobility. Page 2 AGL Automotive Grade
More informationSource Code Management wih git
Source Code Management wih git Matthieu Herrb December 22 http://homepages.laas.fr/matthieu/cours/git.pdf Licence This work is licensed under a Creative Commons Attribution-ShareAlike 3. Unported License.
More informationUnix System Architecture, File System, and Shell Commands
Unix System Architecture, File System, and Shell Commands Prof. (Dr.) K.R. Chowdhary, Director COE Email: kr.chowdhary@iitj.ac.in webpage: http://www.krchowdhary.com JIET College of Engineering August
More informationPulp OSTree Documentation
Pulp OSTree Documentation Release 1.0.0 Pulp Team November 06, 2015 Contents 1 Glossary 3 2 Concepts 5 3 User Guide 7 3.1 Installation................................................ 7 3.2 Configuration...............................................
More informationThe UNIX File System
The UNIX File System Magnus Johansson (May 2007) 1 UNIX file system A file system is created with mkfs. It defines a number of parameters for the system as depicted in figure 1. These paremeters include
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: Dan Boneh What Happens if you can t drop privilege? In what example scenarios does this happen? A service loop E.g., ssh Solution?
More informationContainers. Pablo F. Ordóñez. October 18, 2018
Containers Pablo F. Ordóñez October 18, 2018 1 Welcome Song: Sola vaya Interpreter: La Sonora Ponceña 2 Goals Containers!= ( Moby-Dick ) Containers are part of the Linux Kernel Make your own container
More informationStudent Remote Login Procedure (see picture below): 1. Start SSH Secure Shell 2. Click the computer icon (4 th on the toolbar) 3.
Student Remote Login Procedure (see picture below): 1. Start SSH Secure Shell 2. Click the computer icon (4 th on the toolbar) 3. Enter stargate.ncc.edu in the text field labeled Host Name: 4. Enter the
More informationIntroduction to the UNIX command line
Introduction to the UNIX command line Steven Abreu Introduction to Computer Science (ICS) Tutorial Jacobs University s.abreu@jacobs-university.de September 19, 2017 Overview What is UNIX? UNIX Shell Commands
More informationFiles. Computer Center, CS, NCTU. % ls l. d rwx--x--x 7 liuyh gcs 1024 Sep 22 17:25 public_html. File type. File access mode.
File System Files % ls l d rwx--x--x 7 liuyh gcs 1024 Sep 22 17:25 public_html File type File access mode # of inodes File user owner File group owner File size File last modify time 2 File name Outline
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY A Deeper Dive 2 WHAT ARE CONTAINERS? It depends on who you ask... INFRASTRUCTURE APPLICATIONS Sandboxed application processes on a shared Linux OS kernel Simpler, lighter,
More informationACS Unix (Winter Term, ) Page 92
ACS-294-001 Unix (Winter Term, 2016-2017) Page 92 The Idea of a Link When Unix creates a file, it does two things: 1. Set space on a disk to store data in the file. 2. Create a structure called an inode
More informationGit & Github Fundamental by Rajesh Kumar.
Git & Github Fundamental by Rajesh Kumar About me Rajesh Kumar DevOps Architect @RajeshKumarIN www.rajeshkumar.xyz www.scmgalaxy.com 2 What is git Manage your source code versions Who should use Git Anyone
More informationFundamentals of Git 1
Fundamentals of Git 1 Outline History of Git Distributed V.S Centralized Version Control Getting started Branching and Merging Working with remote Summary 2 A Brief History of Git Linus uses BitKeeper
More informationGetting your department account
02/11/2013 11:35 AM Getting your department account The instructions are at Creating a CS account 02/11/2013 11:36 AM Getting help Vijay Adusumalli will be in the CS majors lab in the basement of the Love
More informationTHE ROUTE TO ROOTLESS
THE ROUTE TO ROOTLESS THE ROUTE TO ROOTLESS BILL AND TED'S ROOTLESS ADVENTURE THE ROUTE TO ROOTLESS WHAT SECURITY PROBLEM IS GARDEN SOLVING IN CLOUD FOUNDRY? THE PROBLEM IN CLOUD FOUNDRY Public Multi-Tenant
More informationUnix Handouts. Shantanu N Kulkarni
Unix Handouts Shantanu N Kulkarni Abstract These handouts are meant to be used as a study aid during my class. They are neither complete nor sincerely accurate. The idea is that the participants should
More informationManage Directories and Files in Linux. Objectives. Understand the Filesystem Hierarchy Standard (FHS)
Manage Directories and Files in Linux Objectives Understand the Filesystem Hierarchy Standard (FHS) Identify File Types in the Linux System Change Directories and List Directory Contents Create and View
More informationVersion Control. 1 Version Control Systems. Ken Bloom. Linux User Group of Davis March 1, 2005
Version Control Ken Bloom Linux User Group of Davis March 1, 2005 You ve probably heard of version control systems like CVS being used to develop software. Real briefly, a version control system is generally
More informationRootless Containers with runc. Aleksa Sarai Software Engineer
Rootless Containers with runc Aleksa Sarai Software Engineer asarai@suse.de Who am I? Software Engineer at SUSE. Student at University of Sydney. Physics and Computer Science. Maintainer of runc. Long-time
More informationLecture 3: The UNIX Style
CS2042 - UNIX Tools October 3, 2008 Lecture Outline 1 2 Windows Structure Highest-level directory is Desktop Uses C:, D:, etc. to represent different disks/volumes User programs in Program Files, Windows
More informationLinux Containers Roadmap Red Hat Enterprise Linux 7 RC. Bhavna Sarathy Senior Technology Product Manager, Red Hat
Linux Containers Roadmap Red Hat Enterprise Linux 7 RC Bhavna Sarathy Senior Technology Product Manager, Red Hat Linda Wang Senior Eng. Manager, Red Hat Bob Kozdemba Principal Soln. Architect, Red Hat
More informationOutline. Cgroup hierarchies
Outline 15 Cgroups 15-1 15.1 Introduction to cgroups v1 and v2 15-3 15.2 Cgroups v1: hierarchies and controllers 15-17 15.3 Cgroups v1: populating a cgroup 15-24 15.4 Cgroups v1: a survey of the controllers
More informationMore on file systems, Booting Todd Kelley CST8177 Todd Kelley 1
More on file systems, Booting Todd Kelley kelleyt@algonquincollege.com CST8177 Todd Kelley 1 bind mounts quotas Booting process and SysVinit Installation Disk rescue mode 2 A bind mount is used to mount
More informationGetting Started with Linux
Getting Started with Linux For those with experience using Microsoft Windows there will be many familiar ways of operating in a Linux environment. There are also a few key differences. The main differences
More informationEECS Software Tools. Lab 2 Tutorial: Introduction to UNIX/Linux. Tilemachos Pechlivanoglou
EECS 2031 - Software Tools Lab 2 Tutorial: Introduction to UNIX/Linux Tilemachos Pechlivanoglou (tipech@eecs.yorku.ca) Sep 22 & 25, 2017 Material marked with will be in your exams Sep 22 & 25, 2017 Introduction
More informationSingularity: Containers for High-Performance Computing. Grigory Shamov Nov 21, 2017
Singularity: Containers for High-Performance Computing Grigory Shamov Nov 21, 2017 Outline Software and High Performance Computing: Installation/Maintenance of the HPC Software stack Why containers and
More informationWhy and How I Switched to Flatpak for App Distribution and Development in Sandbox
Why and How I Switched to Flatpak for App Distribution and Development in Sandbox Jiří Janoušek @fenryxo CC-BY-SA 3.0 Part One What's Flatpak? What is its mission? What's Flatpak? Flatpak is a next-generation
More informationSandboxing. CS-576 Systems Security Instructor: Georgios Portokalidis Spring 2018
Sandboxing CS-576 Systems Security Instructor: Georgios Portokalidis Sandboxing Means Isolation Why? Software has bugs Defenses slip Untrusted code Compartmentalization limits interference and damage!
More informationTangeloHub Documentation
TangeloHub Documentation Release None Kitware, Inc. September 21, 2015 Contents 1 User s Guide 3 1.1 Managing Data.............................................. 3 1.2 Running an Analysis...........................................
More informationLandlock LSM: toward unprivileged sandboxing
Landlock LSM: toward unprivileged sandboxing Mickaël Salaün ANSSI September 14, 2017 1 / 21 Secure user-space software How to harden an application? secure development follow the least privilege principle
More informationFilesystem Sharing. Velocity Software Inc. 196-D Castro Street Mountain View CA
Filesystem Sharing Velocity Software Inc. 196-D Castro Street Mountain View CA 94041 650-964-8867 Velocity Software GmbH Max-Joseph-Str. 5 D-68167 Mannheim Germany +49 (0)621 373844 Rick Troth Velocity
More informationSingularity CRI User Documentation
Singularity CRI User Documentation Release 1.0 Sylabs Apr 02, 2019 CONTENTS 1 Installation 1 1.1 Overview................................................. 1 1.2 Before you begin.............................................
More informationFiles and Directories
CSCI 2132: Software Development Files and Directories Norbert Zeh Faculty of Computer Science Dalhousie University Winter 2019 Files and Directories Much of the operation of Unix and programs running on
More informationIntroduction to Linux
Introduction to Linux M Tech CS I 2015-16 Arijit Bishnu Debapriyo Majumdar Sourav Sengupta Mandar Mitra Login, Logout, Change password $ ssh, ssh X secure shell $ ssh www.isical.ac.in $ ssh 192.168 $ logout,
More informationFormatting 1. Commands starting with $ are Linux console commands on the host PC:
Custom Kernel Guide by Arrvindh Shriraman Last update: April 1, 2016 This document guides the user through: 1. Downloading and compiling the Linux kernel's source code. 2. Running a custom kernel inside
More informationFilesystem and common commands
Filesystem and common commands Unix computing basics Campus-Booster ID : **XXXXX www.supinfo.com Copyright SUPINFO. All rights reserved Filesystem and common commands Your trainer Presenter s Name Title:
More informationSecure and Simple Sandboxing in SELinux
Secure and Simple Sandboxing in SELinux James Morris jmorris@namei.org FOSS.my 2009 Kuala Lumpur, Malaysia Overview Sandboxing SELinux Sandbox design and implementation Use examples Status and future directions
More informationPlease choose the best answer. More than one answer might be true, but choose the one that is best.
Introduction to Linux and Unix - endterm Please choose the best answer. More than one answer might be true, but choose the one that is best. SYSTEM STARTUP 1. A hard disk master boot record is located:
More informationDAVE LIDDAMENT INTRODUCTION TO BASH
DAVE LIDDAMENT INTRODUCTION TO BASH @daveliddament FORMAT Short lectures Practical exercises (help each other) Write scripts LEARNING OBJECTIVES What is Bash When should you use Bash Basic concepts of
More informationLinux. An introduction. Aurélien Villani 01/2018
Linux An introduction Aurélien Villani 01/2018 Linux? 2 References Somewhere on the baie-lgf, are some Linux books. 3 Linux? A kernel... 1991: released by Linus Torvalds, for fun 1993: 100 developers working
More informationCSCI 2132 Software Development. Lecture 4: Files and Directories
CSCI 2132 Software Development Lecture 4: Files and Directories Instructor: Vlado Keselj Faculty of Computer Science Dalhousie University 12-Sep-2018 (4) CSCI 2132 1 Previous Lecture Some hardware concepts
More informationOutline. Cgroup hierarchies
Outline 4 Cgroups 4-1 4.1 Introduction 4-3 4.2 Cgroups v1: hierarchies and controllers 4-16 4.3 Cgroups v1: populating a cgroup 4-24 4.4 Cgroups v1: a survey of the controllers 4-38 4.5 Cgroups /proc files
More information(a) About Unix. History
Part 1: The Unix Operating System (a) About Unix History First roots in the Bell Laboratories, early 60s Kernel rewrite in C by Ritchie / Thompson in the early 70s Source code licenses for Universities
More informationRevision control Advanced git
Revision control Advanced git Waterford Institute of Technology April 30, 2016 John Fitzgerald Waterford Institute of Technology, Revision controladvanced git 1/35 Presentation outline Estimated duration
More informationWelcome to Linux. Lecture 1.1
Welcome to Linux Lecture 1.1 Some history 1969 - the Unix operating system by Ken Thompson and Dennis Ritchie Unix became widely adopted by academics and businesses 1977 - the Berkeley Software Distribution
More informationDisks, Filesystems 1
Disks, Filesystems 1 sudo and PATH (environment) disks partitioning formatting file systems: mkfs command checking file system integrity: fsck command /etc/fstab mounting file systems: mount command unmounting
More informationThe bigger picture. File systems. User space operations. What s a file. A file system is the user space implementation of persistent storage.
The bigger picture File systems Johan Montelius KTH 2017 A file system is the user space implementation of persistent storage. a file is persistent i.e. it survives the termination of a process a file
More informationDisks, Filesystems, Booting Todd Kelley CST8177 Todd Kelley 1
Disks, Filesystems, Booting Todd Kelley kelleyt@algonquincollege.com CST8177 Todd Kelley 1 sudo and PATH (environment) disks partitioning formatting file systems: mkfs command checking file system integrity:
More informationLPI LPI Level Junior Level Linux Certification Part 1 of 2. Download Full Version :
LPI 101-400 LPI Level 1 101 Junior Level Linux Certification Part 1 of 2 Download Full Version : http://killexams.com/pass4sure/exam-detail/101-400 Answer: B QUESTION: 102 How many fields are in a syntactically
More informationRead-only rootfs. Theory and practice. Chris Simmonds. Embedded Linux Conference Europe Read-only rootfs 1 Copyright , 2net Ltd
Read-only rootfs Theory and practice Chris Simmonds Embedded Linux Conference Europe 2016 Read-only rootfs 1 Copyright 2011-2016, 2net Ltd License These slides are available under a Creative Commons Attribution-ShareAlike
More informationCS197U: A Hands on Introduction to Unix
CS197U: A Hands on Introduction to Unix Lecture 11: WWW and Wrap up Tian Guo University of Massachusetts Amherst CICS 1 Reminders Assignment 4 was graded and scores on Moodle Assignment 5 was due and you
More informationCENG 334 Computer Networks. Laboratory I Linux Tutorial
CENG 334 Computer Networks Laboratory I Linux Tutorial Contents 1. Logging In and Starting Session 2. Using Commands 1. Basic Commands 2. Working With Files and Directories 3. Permission Bits 3. Introduction
More informationFiles (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1
Files (review) and Regular Expressions Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 midterms (Feb 11 and April 1) Files and Permissions Regular Expressions 2 Sobel, Chapter 6 160_pathnames.html
More informationGit. all meaningful operations can be expressed in terms of the rebase command. -Linus Torvalds, 2015
Git all meaningful operations can be expressed in terms of the rebase command -Linus Torvalds, 2015 a talk by alum Ross Schlaikjer for the GNU/Linux Users Group Sound familiar? add commit diff init clone
More informationSeccomp, network and namespaces. Francesco Tornieri <francesco.tornieri AT kiratech.it>
Seccomp, network and namespaces Francesco Tornieri VM vs Container 2 Namespaces ecc 3 Namespaces ecc man namespaces: A namespaces wraps a global system resource in a
More informationFile access-control per container with Landlock
File access-control per container with Landlock Mickaël Salaün ANSSI February 4, 2018 1 / 20 Secure user-space software How to harden an application? secure development follow the least privilege principle
More informationu-root: / with the convenience of scripting and the performance of compilation
u-root: / with the convenience of scripting and the performance of compilation Ron Minnich Google Andrey Mirtchovski Cisco Outline What u-root is Why we re doing it How it all works Try it! sudo docker
More informationIntroduction to Linux. Roman Cheplyaka
Introduction to Linux Roman Cheplyaka Generic commands, files, directories What am I running? ngsuser@ubuntu:~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu
More informationDiskless Linux Clusters
Diskless Linux Clusters Ciro Cattuto ciro.cattuto@pg.infn.it Outline: Why diskless operation? Issues with diskless nodes Our choices Configuring the Linux kernel The boot sequence Pros and cons 1 Cost
More informationUnderstanding user namespaces
Understanding user namespaces Understanding user namespaces Michael Kerrisk, man7.org c 2018 mtk@man7.org 31 January 2018, San Jose, CA, USA Outline 1 Introduction 3 2 Some background: capabilities 6 3
More information