view release on metacpan or  search on metacpan

README.md  view on Meta::CPAN

# NAME

App::LXC::Container - configure, create and run LXC application containers

# SYNOPSIS

    lxc-app-setup <container>
    lxc-app-update <container>...
    lxc-app-run [{-u|--user} <user>] <container> <command> <parameters>...

# ABSTRACT

**Currently this module is a beta release.  It currently only supports
Debian (and maybe Ubuntu and some other derivates) using Pipewire or
Pulseaudio as audio system and X11 as windowing system.  Also see KNOWN BUGS
below!**
Other distributions derived from Debian using Pipewire / Pulseaudio and X11
should be easy to add.  For RPM based distributions I've already some ideas
how they could be added.  All those cases need some collaboration with users
using them though.  Other distributions need some more work, but are welcome
nonetheless.

App::LXC::Container provides a toolbox to configure, create and run one or
more applications inside of simple and secure LXC ([Linux
containers](https://linuxcontainers.org/lxc/)) application containers.  Those
containers have minimal overhead compared to the underlying Linux system.
See below for a discrimination against tools like
[Docker](https://www.docker.com/), [Snap](https://snapcraft.io/) /
[Flatpak](https://flatpak.org/) or full-blown [virtual
machines](http://www.linux-kvm.org/).

Minimal overhead includes main memory, disk storage, run-time and to a
certain extend administration.  Its main purpose is to run one or more
simple applications (e.g. a browser or a stand-alone third party
application) in a more secure environment, especially on desktop systems.

Note that this toolbox uses [UI::Various](https://metacpan.org/pod/UI%3A%3AVarious) to be able to run with or without
Graphical User Interface.  If you want to use the GUI, you need to install
[Tk](https://metacpan.org/pod/Tk) yourself as it's only an optional dependency.

Also note that both [LXC](https://linuxcontainers.org/lxc/introduction/) and
[LXCFS](https://linuxcontainers.org/lxcfs/introduction/) must be installed.

# DESCRIPTION

The goal of App::LXC::Container is to allow applications installed on the
machine to be run inside of LXC application containers.  LXC needs almost no
overhead while still providing good additional security compared to running
the applications directly on the machine.  Its main disadvantages compared
to the four alternatives aforementioned in the abstract are:

- -

    It must use the same kernel as the underlying machine.

- -

    It must use the same program and library versions.

- -

    Some components (e.g. the display server) are not as secure as with
    the alternatives.

- -

    The concept is not useful if you need to run and scale an application
    across several machines.

These disadvantages are compensated by several advantages:

- +

    All applications are automatically updated together with the Linux
    distribution of the machine.

- +

    The applications do not need additional disk space (except for the
    configuration files as well as some directories, bind-mounts and symbolic
    links - we're writing about 250-2500 additional inodes and 500-2500 kB of
    disk space).

- +

    The applications do not use additional main memory when compared to
    running outside of the LXC container (except for the overhead of a few
    scripts and LXC itself).

App::LXC::Container is a toolbox basically providing three commands:

## lxc-app-setup

is the script used to configure an LXC application container.  Depending on
the environment it uses a graphical or non-graphical user interface for the