Multi-user containerized desktop with Ubuntu Mate - any ideas?

aytvill · 18 May 2024 10:07

I want to use Mate desktop with certain level of isolation. In past times, I thought about having different users to achieve good level of isolation already on start. But my knowledge of X-based graphic systems and desktop components is next to none, so I didn't risk to try even.

Now, when I read about LXC vs LXD vs Podman topics, I think it's possible to have one user(?) on system but containers assigned from different namespaces(?).

I can be clumsy with definitions, but I know what I want to have - desktop where different processes are either run by different users (but still have chance for IPC e.g. by belonging to same user group). Or to have harder isolation, with necessity to configure it with more effort, and keep them e.g. in different workspaces.

I also know what I do not want - to switch between users via login system.

The reason/purpose is somewhat simple - I want to have separate spaces for professional and private activities. And within those could be more than one project or long-term activity. Yet those should be backup/restore -enabled at least.

Any hints or thoughts where I could start?

Any possible impediments in Mate desktop design/architecture, current or forthcoming?

Bombilla · 18 May 2024 10:39

Welcome @aytvill to the community!

ugnvs · 18 May 2024 14:38

I am afraid that your definition of "certain level of isolation" may seem somewhat vague and its purpose is not quite deciphered.

The first question to ask is a mode of usage:

single user (with GUI desktop) who can login under different accounts for different activities
single user (with GUI desktop) who can launch processes under other account's privileges
multiple users who can use the same desktop computer by turns
multiple users with simultaneous GUI desktop sessions

The first option.
Isolation and access control are in the very heart of Linux/Unix. One can safely create several accounts and disable mutual access to their home folders for them all. At the same time user can launch a command (process, program) in the name of other account (see su command). Is that what you do mean?

Another option is to create several virtual machines (using containers or VirtualBox software) and enjoy ultimately isolated environments for different users and/or activities. All access and interprocess communications can be accomplished via TCP/IP. Is that good enough for your purposes?

By the way, VirtualBox supports Remote Desktop Protocol and its virtual machines can be accessed by RDP as locally, as remotely. See Chapter 7. Remote Virtual Machines

tkn · 18 May 2024 14:54

Hi Aytvill, welcome

What you want is not really an option in Ubuntu-MATE.
I can be done theoretically ( because Linux=Lego) but is a hell of a lot of work and far from simple. Practically it is a no go.

However, there is a Linux/Xen distro that is exactly designed for the use case you described.
It is not as easy as Ubuntu-MATE, but it is a hell of alot easier than customizing Ubuntu-MATE to do what you want:

You won't have the MATE desktop, but their XFCE desktop is just as good in a setup like this.

As a consequence of its architecture, Qubes is also the most simple to operate virtual machine manager ever.

Janey_Frau · 18 May 2024 23:15

Create folders with subfolders with their own different colors than those in the system or your own files.
I do that too. For me, the private folder and its subfolders are stored on the desk.

aytvill · 19 May 2024 08:02

Yes, that's the method when one deals with passive info storage (files). I do that too for decades, it solves many problems, but not those I face in more multi-faceted reality I live. Thank you for supporting and trying to help

aytvill · 19 May 2024 08:46

thank you, you're very right - in the beginning of solving any larger challenge/problem I try to stay less defined for certain period of time, to have opportunity of open mind and look without prejudice.

For about decade, I see my communities I belong to (and they are few) being hit by malware more and more, mostly on their phones and Win PCs. Often times they don't realize it until it gets into rampant phishing spamming. While main channel of infection is phishing and they are non-IT folks, I realize one day it might hit me too. I'm not invincible, I'm also prone for mistakes.

So it makes sense to get my clutter in order, before something strikes my PC through browser or messenger. Effectively it's submarine design approach - it's split in sections, and sections are isolated, so one section knocked out doesn't mean whole thing is in trouble.

I tried to make simple approach - separated few browser profiles (as main channel of spreading malware comes through browser). And soon found out that if real breakout happens, all filesystem is not split into sections. Also I've seen how messenger (i.e. not browser) happens to be malware hit. And it wasn't Win but Mac, so it was 'second bell' that relying on "I'm on Linux so I'm safe" is stupid.

Also through my work I see how accelerated geopolitics impacts creation of new cyberwarfare. And how malware is mushrooming just in my face. E.g. we have here right now unfolding national case for education system in largest city became target of hack attack. And one of my company customers is affected, I see real life signals in my inbox.

So previously, once files and browser separation became obviously ineffective, I made separate users on my laptop and my family and personal stuff goes in one user A. And community-xyz stuff goes in another user B. And professional activities go in third user C. Only to bump into switching between users and need to pass info. Passing info (as files) I solved via groups, yet it didn't help. Switching between users is pain, and also affects efficiency of multi-tasking. I realized it's too complicated and so came, as you well noticed, vague perception of next iteration.

So what I want is to have single host OS. And processes running in something like LXC containers, most likely as more than one user. But X window family has historically own security domain. Ever tried to run sudo/gksudo with different user launching X app in graphical system running as 'current' user (after login)? So main barrier for now is how to 'marry' lxc (or lxd but not docker) containers. My search for several weeks shows: many tried to run whole graphics subsystem in single container but nobody tried my case to have multiple containers 'plugged' into graphics system. While X architecture in principle allows it. How to switch from principle to practice is current problem.

And no, I had worked with RDP and RDP-alike systems in past and perceive it as rabbit hole on it's own which I would never go into. It has own plethora of issues I'd rather to avoid as plague.

But thank you for pinging me to formulate my own needs

aytvill · 19 May 2024 08:58

thank you for trying to help.

it seems not like my case. I don't think my case is about hypervisor running separate OSes (no windows or mac in my house for last... ca 20 years). I can live with single host OS pretty fine. What I do need is containers being plugged into graphical (X window) systems, so if one process gets hit by malware, it's only that process, only in that jail and only files under it are affected.

also I had few years of moving away from Gnome (getting creative beyond acceptable) and I tried both LXDE and XFCE and left them behind too. Mate Desktop as in 'Gnome but not current insane Gnome', is currently my choice for many years. And I even shell few coins monthly to support it being developed and maintained. That's why I came here to ask - maybe someone faced same challenge (see other comments).

tkn · 19 May 2024 10:11

Usually, in Ubuntu, Docker is used for that:

You also need this:

ugnvs · 19 May 2024 10:24

Ok, I see, I think. Well, being a bit paranoid about security is a healthy habit!

What are you looking for is called sandboxing potentially unsafe applications. E.g.

IMHO building one's own sandboxing solution on the base of containers, policies and ACLs is a hard and error-prone approach. I believe that the most comfortable and reliable solution is running several (VirtualBox) virtual machines side by side in separate windows. More than that, it takes the least effort and expertise to deploy and manage them. The only drawback is that one's host computer has to have proper amount of RAM, HDD and CPU power to run all these VMs smoothly.

Good luck!

tkn · 19 May 2024 10:37

Sorry, I missed the part that you did NOT want Docker.
Well, there is this:

And this:

Also, I have to recommend Qubes again. Not for its capability of running different operatingsystems on a hypervisor but for its capability to seperate concerns by isolation through template based lightweight VM's . It is more secure than containers and saves a lot of manual setup labour.

tkn · 19 May 2024 10:49

Quote from the linked article:

The X11 application in the container uses directly the X server of the host (by having access to the X Unix socket or X port). It is easy to setup, with GPU acceleration, but you do not get isolation between the container and the host.

EDIT:
Description of how to set this up with LXD

aytvill · 19 May 2024 14:55

thank you, this is way better - there are several starting points to read on and maybe even try.