GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Kron4ek → Conty

Kron4ek / Conty

Licence: MIT license
Easy to use unprivileged Linux container packed into a single portable executable

Programming Languages

shell
77523 projects

Labels

linuxsteamfusegamingarchlinuxcontainerssandboxwineplayonlinuxsquashfslinux-containerswine-staginglutrislinux-gamingdwarfs

Projects that are alternatives of or similar to Conty

wine-launcher
Wine Launcher - Running Windows games under Linux
Stars: ✭ 249 (+25.76%)
Mutual labels:  wine, playonlinux, squashfs, wine-staging, lutris
awesome-gnu-linux-gaming
A curated list of awesome GNU/Linux tips & tricks, games, tools, and resources - Mirrored from: https://gitlab.com/linuxcafefederation/awesome-gnu-linux-gaming.git
Stars: ✭ 135 (-31.82%)
Mutual labels:  gaming, wine, wine-staging, lutris, linux-gaming
Protontricks
A simple wrapper that does winetricks things for Proton enabled games, requires Winetricks.
Stars: ✭ 182 (-8.08%)
Mutual labels:  steam, gaming, wine
Winetricks
Winetricks is an easy way to work around problems in Wine
Stars: ✭ 1,786 (+802.02%)
Mutual labels:  gaming, wine, wine-staging
Cloudrig
Stream your applications with Parsec and AWS on the cheap.
Stars: ✭ 151 (-23.74%)
Mutual labels:  steam, gaming
wine-portable-executable
Wine builds packed into portable executables
Stars: ✭ 85 (-57.07%)
Mutual labels:  wine, squashfs
SOLIDWORKS-for-Linux
This is a project, where I give you a way to use SOLIDWORKS on Linux!
Stars: ✭ 122 (-38.38%)
Mutual labels:  archlinux, wine
Docker Dontstarvetogether
Dockerfile for building a Don't Starve Together dedicated server image.
Stars: ✭ 240 (+21.21%)
Mutual labels:  steam, gaming
Gamer Os
A Steam Big Picture based couch gaming OS
Stars: ✭ 366 (+84.85%)
Mutual labels:  steam, gaming
Steamforwarder
steam_api.dll implementation for wine. Your windows games now can interact with your linux steam! (This repo mirrors https://gitlab.com/xomachine/SteamForwarder)
Stars: ✭ 190 (-4.04%)
Mutual labels:  steam, wine
nix-gaming
Gaming on Nix
Stars: ✭ 142 (-28.28%)
Mutual labels:  gaming, wine
Proton Caller
Run any Windows program through Proton
Stars: ✭ 130 (-34.34%)
Mutual labels:  steam, wine
Air For Steam
An elegant and customizable skin for Steam
Stars: ✭ 1,044 (+427.27%)
Mutual labels:  steam, gaming
AreWeAntiCheatYet
A comprehensive and crowd-sourced list of games using anti-cheats and their compatibility with GNU/Linux or Wine.
Stars: ✭ 289 (+45.96%)
Mutual labels:  steam, wine
squashmount
Init and management script for mounting rewritable squashfs-compressed data
Stars: ✭ 40 (-79.8%)
Mutual labels:  fuse, squashfs
Uwphook
🔗 Add your Windows Store or UWP games to Steam
Stars: ✭ 566 (+185.86%)
Mutual labels:  steam, gaming
ProtonUp-Qt
Install and manage GE-Proton, Luxtorpeda & more for Steam and Wine-GE & more for Lutris with this graphical user interface.
Stars: ✭ 578 (+191.92%)
Mutual labels:  steam, linux-gaming
SteamDepotDownloaderGUI
A simple GUI tool based on DepotDownloader for downloading Steam depots.
Stars: ✭ 26 (-86.87%)
Mutual labels:  steam, gaming
Playnite
Video game library manager with support for wide range of 3rd party libraries and game emulation support, providing one unified interface for your games.
Stars: ✭ 3,608 (+1722.22%)
Mutual labels:  steam, gaming
nine
Gallium Nine Standalone
Stars: ✭ 50 (-74.75%)
Mutual labels:  gaming, wine
View All Similar Projects ➔

Conty

This is an easy to use compressed unprivileged Linux container packed into a single executable that works on most Linux distros. It's designed to be as simple and user-friendly as possible. You can use it to run any applications, including games (Vulkan and OpenGL).

In its default configuration it includes, among others, these apps: Wine-GE, Steam, Lutris, PlayOnLinux, GameHub, Minigalaxy, Legendary, Bottles, MultiMC, MangoHud, RetroArch, PPSSPP, PCSX2, OBS Studio, OpenJDK, Firefox. You can install any other applications or run locally installed apps.

Besides, Conty supports true filesystem and X11 sandboxing, so you can even use it to isolate applications.

Features

  • A single executable - download (or create) and run, nothing else is required. And it's portable, you can put it anywhere (even on a usb stick).
  • Works on most Linux distros, even very old ones and even without glibc (such as Alpine or Void with musl).
  • Root rights are not required.
  • Compressed (with squashfs or dwarfs), so it takes much less disk space than uncompressed containers and provides faster filesystem access.
  • Contains many libraries and packages so it can run almost everything. And you don't need to install anything on your main (host) system. You can even run 32-bit applications on pure 64-bit systems.
  • Based on Arch Linux, contains latest software (including latest videodrivers).
  • Almost completely seamless experience. All applications that you run with Conty read and store their configs in your HOME directory as if you weren't using the container at all.
  • No performance overhead. Since it's just a container, there is almost no overhead, thus all applications will run at full speed.
  • Supports Xorg, Wayland and XWayland.
  • Supports filesystem and X11 sandboxing (thanks to bubblewrap and xephyr).

Requirements

The only requirements are bash, fuse2 (or fuse3), tar, gzip and coreutils. And your /tmp directory should allow files execution (which it does by default on most distros).

Your Linux kernel must be at least version 4.4 and should support unprivileged user namespaces. On some Linux distros this feature is disabled by default and can be enabled with sysfs:

sysctl kernel.unprivileged_userns_clone=1

Even if unprivileged user namespaces are not supported by your kernel, you can still use Conty if you have bubblewrap with the SUID bit installed on your system, in this case just tell Conty to use system-wide utils instead of the builtin ones.

export USE_SYS_UTILS=1
./conty.sh command command_arguments

Usage

Either download a ready-to-use release from the releases page or create your own (the instructions are below). Make it executable before run.

chmod +x conty.sh
./conty.sh command command_arguments

Conty contains Steam, Lutris, PlayOnLinux, Bottles, Wine-GE and many more.

./conty.sh steam
./conty.sh lutris
./conty.sh playonlinux4
./conty.sh bottles
./conty.sh wine someapplication.exe

It has a builtin file manager (pcmanfm):

./conty.sh pcmanfm

To check if hardware acceleration (OpenGL and Vulkan) works, you can use these tools:

./conty.sh glxinfo -B
./conty.sh glxgears
./conty.sh vulkaninfo
./conty.sh vkcube

You can even use Conty for compilation:

./conty.sh gcc src.c
./conty.sh git clone https://something.git
cd something && ./conty.sh ./configure
./conty.sh make

There are many more integrated programs. You can list all of them with:

./conty.sh ls /usr/bin

It is also possible to run binaries from your storage. For example, if you want to run an application that resides on your HOME, run something like:

./conty.sh /home/username/SomeApplication/binaryfile

There are some other features, see the internal help for more information.

./conty.sh --help

Sandbox

Conty uses bubblewrap and thus supports filesystem sandboxing, X11 isolation is also supported (via Xephyr). By default sandbox is disabled and almost all directories and files on your system are available (visible and accessible) for the container.

Here are the environment variables that you can use to control the sandbox:

  • SANDBOX - enables the sandbox feature itself. Isolates all user files and directories, creates a fake temporary home directory (in RAM), which is destroyed after closing the container.
  • SANDBOX_LEVEL - controls the strictness of the sandbox. There are 3 available levels, the default is 1. Level 1 isolates all user files; Level 2 isolates all user files, disables dbus and hides all running processes; Level 3 does the same as the level 2, but additionally disables network access and isolates X11 server with Xephyr.
  • DISABLE_NET - completely disables internet access.
  • HOME_DIR - sets a custom home directory. If you set this, HOME inside the container will still appear as /home/username, but actually a custom directory will be used for it.

And launch arguments:

  • --bind SRC DEST - binds (mounts) a file or directory to a destination, so it becomes visible inside the container. SRC is what you want to mount, DEST is where you want it to be mounted. This argument can be specified multiple times to mount multiple files/dirs.
  • --ro-bind SRC DEST - same as above but mounts files/dirs as read-only.

Other bubblewrap arguments are supported too, read the bubblewrap help or manual for more information.

Note that when SANDBOX is enabled, none of user files are accessible or visible, for any application that you run in this mode your home directory will be seen as completely empty. If you want to allow access to some files or directories, use the aforementioned --bind or --ro-bind arguments.

Also note that --bind, --ro-bind, HOME_DIR and DISABLE_NET can be used even if SANDBOX is disabled.

Example:

export SANDBOX=1
export SANDBOX_LEVEL=2
./conty.sh --bind ~/.steam ~/.steam --bind ~/.local/share/Steam ~/.local/share/Steam steam

Another example:

mkdir "/home/username/custom_home_dir"
export DISABLE_NET=1
export SANDBOX=1
export HOME_DIR="/home/username/custom_home_dir"
./conty.sh lutris

If you just want a sandboxing functionality but don't need a container with a full-size Linux distro inside (which is what Conty mainly is), i recommend to take a look directly at these projects: bubblewrap and firejail. Sandboxing is a good additional feature of Conty, but is not its main purpose.

Known issues

Nvidia users with the proprietary driver will experience graphics acceleration problems (probably graphical applications won't work at all) if their Nvidia kernel module version mismatches the version of the Nvidia libraries inside Conty. This applies only to the proprietary driver, Nouveau should work fine without any additional actions (of course, if your GPU is supported by it).

For example, if the version of your Nvidia kernel module is 460.56 and the libraries inside the container are from 460.67 version, then graphics acceleration will not work.

There are two solutions to this problem:

  • The first and probably the easiest solution is to install the same driver version as included inside Conty, which is usually the latest non-beta version. You can see the exact driver version in pkg_list.txt attached to each Conty release. Of course if your GPU is not supported by new drivers, this is not an option for you.
  • The second solution is to (re)build Conty and include the same driver version as installed on your system. Read the "How to create your own Conty executables" section below, you will need to edit the create-arch-bootstrap.sh script or use the enter-chroot.sh script to include a different driver version. For instance, if you want to include legacy 470xx or 390xx drivers, edit the create-arch-bootstrap.sh script and replace nvidia-utils and lib32-nvidia-utils with nvidia-470xx-utils and lib32-nvidia-470xx-utils (replace 470xx with 390xx if you need 390xx drivers) in the video_pkgs variable, and then build Conty following the instructions.

How to update

There are three main ways to update Conty and get the latest packages, use whichever works best for you.

  • First of all, you can simply download latest release from the releases page, i usually upload a new release every two weeks.
  • You can use the self-update feature (./conty.sh -u) integrated into Conty, it will update all integrated packages and will rebuild the squashfs/dwarfs image. Read the internal help for more information about it.
  • You can manually create a Conty executable with latest packages inside, read the "How to create your own Conty executables" section below.

How to create your own Conty executables

If you want to create an Arch-based container, use the create-arch-bootstrap.sh script, it will download latest Arch Linux bootstrap and will install latest packages into it. If you want to use any other distro, then you need to manually obtain it from somewhere. Root rights are required for this step, because chroot is used here.

./create-arch-bootstrap.sh

You can edit the script if you want to include different set of packages inside the container.

When distro is obtained, you can use the enter-chroot.sh script to chroot into the bootstrap and do some manual modifications (for instance, modify some files, install/remove packages, etc.). This step is optional and you can skip it if you don't need it.

After that use the create-conty.sh script to create a squashfs (or dwarfs) image and pack everything needed into a single executable.

./create-conty.sh

By default it uses the lz4 algorithm for the squashfs compression, but you can edit it and choose zstd to get better compression ratio (keep in mind though that your squashfs-tools should support zstd for that to work).

Done!

For the sake of convenience, there are compiled binaries (utils.tar.gz) of bwrap, squashfuse and dwarfs and their dependencies uploaded in this repo, create-conty.sh uses them by default. However, you can easily compile your own binaries by using the create-utils.sh, it will compile bwrap, squashfuse and dwarfs and will create utils.tar.gz. If you are going to use your own utils.tar.gz, make sure to set the correct size for it in the conty-start.sh.

Main used projects

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].