Video: What is subuser?

As free software developers we like to share. We surf the web and discover new code. We are eager to try it out. We live out an orgy of love and trust, unafraid that some code we cloned from git might be faulty or malicious. We live in the 60s, carefree hippies.

This is utopia.

But sharing code isn't safe. Every time we try out some strangers script we put ourselves at risk. Despite the ocational claim that linux is a secure operating system, haphazardly sharing programs is NOT secure.

Docker promises to solve this problem. Docker is not yet in a stable release, but with the help of subuser, we can already use it to make our computers more secure.

Right now I'm editing this file in vim. vim is not installed on my computer though. It is installed in a docker container. However, in order to edit this file, all I had to do was type:

$ vim README.md

Subuser turns a docker container into a normal program. But this program is not fully privilaged. It can only access the directory from which it was called, not my entire home dir. The end goal of the project is to assign each application on your system a specific set of permissions, just like in Android.

Subuser is meant to be easilly installed and in and of itself technically insignificant. It is just a wrapper around docker, nothing more.

Subuser launches docker containers with volumes shared between the host and the child container. That's all.

System Requirements

• Docker(The latest version)

• Python >= 2.7

Instalation

1. Install docker. Then add yourself to the docker group.

2. Download this repository to your home directory:

$ cd
$ git clone https://github.com/subuser-security/subuser

3. Add ~/subuser/bin to your path by adding the line PATH=$HOME/subuser/bin:$PATH to the end of your .bashrc file.

• Note: Doing this will give subuser programs precedence over "normal" programs. If you don't want this, you can add the ~/subuser/bin directory to the END of your $PATH like so: PATH=$PATH:$HOME/subuser/bin. Then, in order to run programs that are already installed on your computer with subuser you will have to use the subuser run command.

4. Log out and then back in again.

5. Done!

Installation video:

Video:

You can see a list of instalable programs by doing:

$ subuser list available

You can install one of these programs with:

$ subuser install vim

Run the program by typing it's name at the command line.

$ vim SomeTextFileToEdit

Add a new installation directory for your program to the programsThatCanBeInstalled directory.

$ cd ~/subuser/programsThatCanBeInstalled
$ mkdir executable-name
$ cd executable-name
$ mkdir docker-image

Create an permissions.json file. Here is an example:

{
  "description"                : "Simple universal text editor."
  ,"maintainer"                : "Timothy Hobbs <timothyhobbs (at) seznam dot cz>"
  // Path to executable within the docker image.
  ,"executable"                : "/usr/bin/vim"
  // Optionally create the program by basing it on another subuser-<program>.
  ,"dependency"                : "firefox"    // Default: ""
  // A list of directories the program should have Read/Write access to.
  // Paths are relative to your home. Ex: "Downloads" will access "$HOME/Downloads".
  ,"user-dirs"                 : [ 'Downloads', 'Documents' ]  // Default: []
  // A list of directories the program should have read only access to.  Absolute paths: Ex: "/usr"
  ,"system-dirs"               : [ '/sys' ]  // Default: []
  // Allowed the program to display x11 windows.
  ,"x11"                       : true        // Default: false
  // Allow the program access to your sound playing and recording.
  ,"sound-card"                : true        // Default: false
  // Allow the program access to Read/Write access to the directory from which it was initialized.
  ,"inherit-working-directory" : true        // Default: false
  // Allow the program access to the internet.
  ,"allow-network-access"      : true        // Default: false
}

Note: Listing every permission is not necessary.

You can find a full specification for the permissions.json file format here.

Now create a directory called docker-image and add a Dockerfile to that directory. For information on creating a Dockerfile, please see the builder documentation for docker.

To mark the program ready for installation, run the command:

subuser mark-as-needing-update <program-name>

You can update your subuser programs with:

$ cd ~/subuser
$ git pull
$ subuser update all

Or, if you happen to know that a program is out of date(say you've installed it through git in your dockerfile...)

$ subuser update vim-git

To uninstall the docker images and remove vim from your PATH run:

$ subuser uninstall vim

To remove any settings and configuration files:

$ rm -r ~/subuser/homes/vim

You can contact us on the subuser mailing list.

• Application startup time is significantly slowed

• Certain things involving sharing of data between applications, like the clipboard in vim, just won't work.

• The security advantages of running x11 apps in docker is very iffy at best.

• DBUS/gsettings don't work

• Inheriting the $PWD is a generally shitty idea. If I run vim in my home dir, it can see and edit all of my files. The only security advantage is if I run vim in some subdirectory.

• I hope this will be fixed by something more sophisticated like giving access only to paths specified in the command line arguments.

• Disk usage is several times greater when installing one container per application due to the reduced ability to share dependencies

• This can be aleviated by stacking docker images or using shared read only volumes.

• Qubes OS

• Java Web Start

• The sub-identity toolkit

• AppArmor

• SELinux

• Android permissions

• Jails