this post was submitted on 08 Dec 2023
51 points (82.3% liked)

Linux

48624 readers
1681 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Nothing too shabby, but still. To run it you need docker, and after that just type

docker run -it --rm --log-driver none --read-only --net none --cap-drop=ALL --security-opt=no-new-privileges defnotgustavom/pixfire4

...and you will be greeted with a little, small, very pixelated bonfire.

"Why docker and not just a simple command?"

Mostly because of those two flags: --read-only and --net none. Can't get better than this. :^)

This also came up while in a self-learning process, but I don't want to "flex" it here.

top 11 comments
sorted by: hot top controversial new old
[–] blotz 10 points 1 year ago* (last edited 1 year ago) (1 children)

What is the original size of the program before docker?

edit: Also the docker sandbox is not perfect for running unsafe programs. You could still have programs slow down your entire system by taking as many resources as possible. eg. forkbombs.

[–] [email protected] 5 points 1 year ago (1 children)

Doesn't docker have a flag for limiting system usage? Like max mem, cores/threads etc? I swear I remember using something like this before.

[–] blotz 2 points 1 year ago

Linux has ulimit so I assume docker does aswell

[–] [email protected] 8 points 1 year ago

Wow! This is almost as useful as neofetch ;-)

[–] [email protected] 6 points 1 year ago (1 children)

Doesn't work with podman (on my machine at least), any suggestions?

Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:f1c0eb6f4ccdca4b72528f451baf6f4027f4b0965396bc4d885e27fd58cba771": processing tar file(potentially insufficient UIDs or GIDs available in user namespace (requested 151413:12311 for /bin): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /bin: invalid argument): exit status 1
[–] GustavoM 5 points 1 year ago (2 children)

Did you tried running it as another user? I've set binary ownership via chmod to the non-root user in the container.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Tried with another user and it works, looks really cool btw!

Any way to quit gracefully though?
I tried both Ctrl+C and Ctrl+Z but it just ignores the signals, I could only resort to killing it

[–] GustavoM 2 points 1 year ago* (last edited 1 year ago) (1 children)

Thanks. And CTRL + C is a bit wonky since it waits for the command to reach the end of the code to trigger it, but it works. (It's intended to be "gloriously minimal", so theres that. With built-in functions, and the least amount of code and calls.)

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

I see, weirdly it works every time on my own user, but it is on my second one that it doesn't, the two applications are different though, did I somehow pull two different images?

With built-in functions, and the least amount of code and calls

I'm a bit curious, can you share the repository?

[–] GustavoM 1 points 1 year ago* (last edited 1 year ago)

I've no idea. Still, running it on my rpi 4 and on my orange pi zero 3 has given me the same expected experience without any sudden changes.

I’m a bit curious, can you share the repository?

Here you go.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

I'll try that, I also read around that I could increase my UID namespace range (not that I understand what it means 🫣), so I'll try that too

Edit: Now I half understand after reading these:

  1. https://github.com/containers/podman/issues/12715

  2. https://docs.podman.io/en/latest/markdown/podman.1.html#rootless-mode

3.https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration

4.https://opensource.com/article/19/2/how-does-rootless-podman-work

  1. https://github.com/containers/podman/issues/2542#issuecomment-523324467