It happens from time to time that I want to use some application that I do not consider trustworthy. If the app is using only a console as its interface this is easy – create new disposable Docker container and that’s it. However for apps using Xorg this is not so easy. In such cases the quickest solution is to have either dedicated virtual machine, or separate PC exactly for this use case. However none of these 2 solutions is easy to use, nor is fast enough, especially for resource-hungry applications. To have smoothest experience, Docker still sounds like the best solution. Exactly for this purpose I created a template that should allow running any application closed in docker jail and even with possibility to cut it from internet access.
The repo is available, as usual, on Github. As a demo, I installed xterm in there. To see how it runs you have to simply:
- Type
make buildto prepare the image. - Type
make run DESTDIR=/some/dir/on/hostto run it, whereDESTDIRmust point to directory that you would like to share with your container. It will then be visible inside as /home/admin/workspace. - Type
make attachto attach another console to you container.
Later to adapt it, you application of choice has to be installed from Dockerfile (I recommend to replace the command, where I install xterm to have all layers above reusable between apps/containers), then few variables in Makefile could be adapted:
DESTDIRto avoid having to specify it on each runCMDto specify which command to run with make runNAMEto specify unique name for your container and image
And basically that’s it. Happy hacking your own containers!