chroot-distro 2.3.2__tar.gz → 2.4.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/.github/workflows/ci.yml +2 -2
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/.github/workflows/codeql.yml +1 -1
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/PKG-INFO +125 -185
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/README.md +124 -184
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/check-before-commit.sh +9 -9
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/pyproject.toml +1 -1
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/help/pages.py +36 -18
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/info.py +100 -14
- chroot_distro-2.4.1/src/chroot_distro/commands/kernel_config.py +323 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/kill.py +18 -1
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/login/__init__.py +315 -22
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/login/bindings.py +104 -21
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/login/env.py +0 -1
- chroot_distro-2.4.1/src/chroot_distro/commands/ps.py +132 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/completions/_chroot-distro +3 -3
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/completions/chroot-distro.bash +1 -1
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/completions/chroot-distro.fish +4 -4
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/constants.py +1 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/docker/transport.py +6 -6
- chroot_distro-2.4.1/src/chroot_distro/helpers/max_iso_holder.py +167 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/mount_manager.py +126 -44
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/namespace.py +195 -17
- chroot_distro-2.4.1/src/chroot_distro/helpers/session_registry.py +212 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/parser.py +9 -3
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/paths.py +13 -1
- chroot_distro-2.4.1/tests/unit/test_kernel_config.py +186 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_kill.py +87 -8
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_login_helpers.py +283 -2
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_mount_manager_ns.py +14 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_namespace.py +5 -1
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_parser.py +25 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_paths.py +9 -0
- chroot_distro-2.4.1/tests/unit/test_session.py +264 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/uv.lock +1 -1
- chroot_distro-2.3.2/check-config.sh +0 -429
- chroot_distro-2.3.2/src/chroot_distro/commands/ps.py +0 -56
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/.editorconfig +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/.github/codeql/codeql-config.yml +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/.github/dependabot.yml +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/.github/workflows/publish.yml +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/.gitignore +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/.python-version +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/LICENSE +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/__init__.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/arch.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/atomic.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/cli.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/backup.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/build.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/clear_cache.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/copy.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/diff.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/help/__init__.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/help/render.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/install.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/install_local.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/list_cmd.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/login/chroot_cmd.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/login/passwd.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/push.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/remove.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/rename.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/reset.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/restore.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/run.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/search.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/sync.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/commands/unmount.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/elevate.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/exceptions.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/__init__.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/android.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_cache.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_engine/__init__.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_engine/constants.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_engine/copy_step.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_engine/dockerignore.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_engine/engine.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_engine/errors.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_engine/handlers.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_engine/parsing.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_engine/run_step.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_engine/stage.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/build_engine/users.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/display.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/docker/__init__.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/docker/cache.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/docker/layers.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/docker/media.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/docker/pull.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/docker/push.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/docker/refs.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/dockerfile.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/download.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/gpu.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/layer_diff.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/nvidia.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/oci_writer.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/rootfs.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/session.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/sound.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/tar_extract.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/wayland.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/helpers/x11.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/locking.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/message.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/names.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/progress.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/py.typed +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/src/chroot_distro/rate_limit.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/conftest.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_android.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_arch.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_backup_restore.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_bind_options.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_cli.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_constants.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_diff_baseline_cache.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_display.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_display_sockets.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_docker_refs.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_dockerfile.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_download_algorithms.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_download_blob_multi.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_download_multi.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_elevate.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_gpu.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_info.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_install.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_install_local.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_layer_diff.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_list.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_locking.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_message.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_names.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_progress.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_push_chunked.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_remove.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_rootfs.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_sound.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_tar_extract.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_unmount.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_wayland.py +0 -0
- {chroot_distro-2.3.2 → chroot_distro-2.4.1}/tests/unit/test_x11.py +0 -0
|
@@ -13,7 +13,7 @@ jobs:
|
|
|
13
13
|
|
|
14
14
|
steps:
|
|
15
15
|
- name: Checkout Code
|
|
16
|
-
uses: actions/checkout@
|
|
16
|
+
uses: actions/checkout@v7
|
|
17
17
|
|
|
18
18
|
- name: Set up Python
|
|
19
19
|
uses: actions/setup-python@v6
|
|
@@ -47,7 +47,7 @@ jobs:
|
|
|
47
47
|
|
|
48
48
|
steps:
|
|
49
49
|
- name: Checkout Code
|
|
50
|
-
uses: actions/checkout@
|
|
50
|
+
uses: actions/checkout@v7
|
|
51
51
|
|
|
52
52
|
- name: Set up Python ${{ matrix.python-version }}
|
|
53
53
|
uses: actions/setup-python@v6
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: chroot-distro
|
|
3
|
-
Version: 2.
|
|
3
|
+
Version: 2.4.1
|
|
4
4
|
Summary: chroot-distro is a lightweight Linux container management utility built around chroot.
|
|
5
5
|
Project-URL: Homepage, https://github.com/sabamdarif/chroot-distro
|
|
6
6
|
Project-URL: Repository, https://github.com/sabamdarif/chroot-distro
|
|
@@ -34,24 +34,13 @@ Description-Content-Type: text/markdown
|
|
|
34
34
|
[](LICENSE)
|
|
35
35
|
|
|
36
36
|
|
|
37
|
-
Chroot-Distro is a utility for managing rootful Linux containers in
|
|
38
|
-
[Termux](https://termux.dev) and on regular Linux hosts. It uses the
|
|
39
|
-
host kernel's native `chroot` and bind mounts (`mount --bind`) to provide a
|
|
40
|
-
high-performance, near-native Linux environment.
|
|
37
|
+
Chroot-Distro is a utility for managing rootful Linux containers in Termux and on standard Linux hosts. It uses the host kernel's native `chroot` and bind mounts (`mount --bind`) to provide a high-performance, near-native Linux environment.
|
|
41
38
|
|
|
42
|
-
Containers are created by pulling Docker/OCI images directly from
|
|
43
|
-
Docker Hub or any compatible registry — or by extracting a local
|
|
44
|
-
tarball / OCI image archive. The container filesystem is assembled from
|
|
45
|
-
the image layers and stored locally, ready to be entered at any time.
|
|
39
|
+
Containers are created by pulling Docker/OCI images directly from Docker Hub (or any compatible registry), or by extracting a local tarball / OCI image archive. The container filesystem is assembled from the image layers and stored locally, ready to be entered at any time.
|
|
46
40
|
|
|
47
|
-
Chroot-Distro can also **build** OCI images from a Dockerfile (no Docker
|
|
48
|
-
daemon required), storing the result in the local manifest cache or
|
|
49
|
-
exporting it as a standalone OCI tarball.
|
|
41
|
+
Chroot-Distro can also **build** OCI images from a Dockerfile (no Docker daemon required), storing the result in the local manifest cache or exporting it as a standalone OCI tarball.
|
|
50
42
|
|
|
51
|
-
|
|
52
|
-
rootless via `proot`), Chroot-Distro **requires root privileges** on the host. Mutating commands
|
|
53
|
-
automatically re-launch themselves via `sudo`, `doas`, `pkexec`, or `su`
|
|
54
|
-
when needed (see [First-run check](#first-run-check)).
|
|
43
|
+
Chroot-Distro requires **root privileges** on the host. Mutating commands automatically re-execute themselves via `sudo`, `doas`, `pkexec`, or `su` when needed (see [First-run check](#first-run-check)).
|
|
55
44
|
|
|
56
45
|
---
|
|
57
46
|
|
|
@@ -65,7 +54,7 @@ when needed (see [First-run check](#first-run-check)).
|
|
|
65
54
|
* [`login`](#login--start-a-shell-inside-a-container)
|
|
66
55
|
* [`run`](#run--run-the-image-defined-entrypoint)
|
|
67
56
|
* [`list`](#list--list-installed-containers)
|
|
68
|
-
* [`ps`](#ps--list-
|
|
57
|
+
* [`ps`](#ps--list-active-sessions)
|
|
69
58
|
* [`search`](#search--search-docker-hub)
|
|
70
59
|
* [`diff`](#diff--inspect-filesystem-changes)
|
|
71
60
|
* [`remove`](#remove--delete-a-container)
|
|
@@ -91,26 +80,7 @@ when needed (see [First-run check](#first-run-check)).
|
|
|
91
80
|
|
|
92
81
|
## Introduction
|
|
93
82
|
|
|
94
|
-
Chroot-Distro lets you run a full Linux userland — Ubuntu, Debian,
|
|
95
|
-
Alpine, Arch, openSUSE, distroless server images, anything available as
|
|
96
|
-
a Docker/OCI image — on top of Termux on a rooted Android device, or on
|
|
97
|
-
top of a regular Linux distribution, **with** native kernel performance,
|
|
98
|
-
**without** the overhead of `proot`'s `ptrace` interception, and
|
|
99
|
-
**without** a Docker daemon.
|
|
100
|
-
|
|
101
|
-
Typical use cases:
|
|
102
|
-
|
|
103
|
-
- Running a desktop-class Linux distribution on a phone or tablet at
|
|
104
|
-
near-native speed (rooted device required on Termux).
|
|
105
|
-
- Disk-intensive and compile workloads (GCC/Clang, Rust, Go) without
|
|
106
|
-
`proot` slowdowns.
|
|
107
|
-
- Spinning up server software (Nginx, Nextcloud, PostgreSQL, etc.) on
|
|
108
|
-
Android by reusing the same OCI images you'd run on a server.
|
|
109
|
-
- Building custom OCI images from a Dockerfile on-device, without a
|
|
110
|
-
Docker daemon — and pushing them to Docker Hub, GHCR, or any
|
|
111
|
-
OCI-compatible registry.
|
|
112
|
-
- Trying a distribution non-destructively: install, experiment,
|
|
113
|
-
`chroot-distro remove` when done.
|
|
83
|
+
Chroot-Distro lets you run a full Linux userland — Ubuntu, Debian, Alpine, Arch, openSUSE, distroless server images, or anything available as a Docker/OCI image — on top of Termux on a rooted Android device, or on top of a regular Linux distribution, with native kernel performance and without needing a Docker daemon.
|
|
114
84
|
|
|
115
85
|
### Installation
|
|
116
86
|
|
|
@@ -156,13 +126,9 @@ pip install .
|
|
|
156
126
|
|
|
157
127
|
### First-run check
|
|
158
128
|
|
|
159
|
-
On startup, commands that modify containers or mounts verify that the
|
|
160
|
-
effective UID is `0`. If not, Chroot-Distro auto-elevates when not root by
|
|
161
|
-
re-executing itself using, in order: `sudo`, `doas`, `pkexec`, or `su`.
|
|
129
|
+
On startup, commands that modify containers or mounts verify that the effective UID is `0`. If not, Chroot-Distro auto-elevates when not root by re-executing itself using, in order: `sudo`, `doas`, `pkexec`, or `su`.
|
|
162
130
|
|
|
163
|
-
`list`, `ps`, `search`, `info`, and `help` do not require root on Termux and
|
|
164
|
-
are never re-executed. On regular Linux, `list`, `ps`, and `info` still
|
|
165
|
-
elevate to inspect root-owned data.
|
|
131
|
+
`list`, `ps`, `search`, `info`, and `help` do not require root on Termux and are run immediately. On regular Linux, `list`, `ps`, and `info` still elevate to inspect root-owned data.
|
|
166
132
|
|
|
167
133
|
### Quick start
|
|
168
134
|
|
|
@@ -192,7 +158,7 @@ chroot-distro push myuser/myapp:1.0
|
|
|
192
158
|
# Rebuild from scratch (loses all in-container data)
|
|
193
159
|
chroot-distro reset ubuntu
|
|
194
160
|
|
|
195
|
-
# List
|
|
161
|
+
# List active sessions (PID, container, type, user, uptime, command)
|
|
196
162
|
chroot-distro ps
|
|
197
163
|
|
|
198
164
|
# Search Docker Hub for an image
|
|
@@ -207,8 +173,9 @@ chroot-distro diff ubuntu
|
|
|
207
173
|
# Unmount bindings and end active sessions
|
|
208
174
|
chroot-distro unmount ubuntu
|
|
209
175
|
|
|
210
|
-
# Forcibly stop a running container (SIGKILL + unmount)
|
|
176
|
+
# Forcibly stop a running container (SIGKILL + unmount), by name or session PID
|
|
211
177
|
chroot-distro kill ubuntu
|
|
178
|
+
chroot-distro kill 12345
|
|
212
179
|
|
|
213
180
|
# Permanently remove a container (unmounts active sessions first)
|
|
214
181
|
chroot-distro remove ubuntu
|
|
@@ -267,8 +234,7 @@ discovered from each registry's `/v2/` challenge.
|
|
|
267
234
|
|
|
268
235
|
**Private images** require credentials. Set `CD_DOCKER_AUTH` to
|
|
269
236
|
`username:password` (or `username:PAT`) before running `install`. The
|
|
270
|
-
colon separator is mandatory
|
|
271
|
-
for compatibility with proot-distro:
|
|
237
|
+
colon separator is mandatory:
|
|
272
238
|
|
|
273
239
|
```sh
|
|
274
240
|
export CD_DOCKER_AUTH=myuser:mypassword
|
|
@@ -286,12 +252,6 @@ Missing layers are downloaded in parallel (default **4** workers). Set
|
|
|
286
252
|
`CD_DOWNLOAD_WORKERS` to tune concurrency (integer **1–10**; values above
|
|
287
253
|
10 are capped).
|
|
288
254
|
|
|
289
|
-
On Termux, `list` does not elevate privileges. If containers were
|
|
290
|
-
installed as root, run once as root to fix legacy manifest permissions:
|
|
291
|
-
`su -c 'chmod -R a+r $PREFIX/var/lib/chroot-distro/containers/*/manifest.json'`
|
|
292
|
-
(or reinstall). New installs write `manifest.json` as world-readable
|
|
293
|
-
(`0644`).
|
|
294
|
-
|
|
295
255
|
**Examples:**
|
|
296
256
|
|
|
297
257
|
```sh
|
|
@@ -427,8 +387,7 @@ required.
|
|
|
427
387
|
|
|
428
388
|
**Authentication:**
|
|
429
389
|
|
|
430
|
-
Set `CD_DOCKER_AUTH=username:password` (colon required)
|
|
431
|
-
is accepted as a fallback:
|
|
390
|
+
Set `CD_DOCKER_AUTH=username:password` (colon required):
|
|
432
391
|
|
|
433
392
|
```sh
|
|
434
393
|
chroot-distro build -t myuser/myapp:1.0 ./mycontext
|
|
@@ -468,99 +427,33 @@ chroot-distro login ubuntu --get-chroot-cmd
|
|
|
468
427
|
| Option | Description |
|
|
469
428
|
|---|---|
|
|
470
429
|
| `-u`, `--user USER` | Log in as USER (default: `root`). Accepts `name`, numeric `uid`, `name:group`, or `uid:gid`. |
|
|
471
|
-
| `--isolated` | Reduce host exposure and enable namespace isolation (mount, PID, UTS, IPC, and cgroup when supported, via `unshare`/`nsenter`).
|
|
430
|
+
| `--isolated` | Reduce host exposure and enable namespace isolation (mount, PID, UTS, IPC, and cgroup when supported, via `unshare`/`nsenter`). Binds **no** host paths at all — `--shared-home`, `--shared-tmp`, `--shared-display`/`--shared-x11`, and `--bind` are all ignored (with a warning) when combined with `--isolated`, since there's nothing for them to bind into. Mutually exclusive with `--minimal`. To get the same namespace isolation **without** reducing the mount set (so `--shared-*`/`--bind` keep working), set `CD_USE_NS=1` instead (see [Environment variables](#environment-variables)). |
|
|
472
431
|
| `--minimal` | Bare minimum chroot: core pseudo-filesystems only (`/dev`, `/proc`, `/sys`, plus `/run`, `/dev/pts`, `/dev/shm` when present). Stripped guest environment. Mutually exclusive with `--isolated`. |
|
|
473
|
-
| `--shared-home` | Bind the invoking user's host home into the guest home (or `/root` for root). On Termux, binds `TERMUX_HOME`. |
|
|
474
|
-
| `--shared-tmp` | Bind host tmp (`/tmp` on Linux, `$PREFIX/tmp` on Termux) to `/tmp` in the guest. Opt-in only: by default the container gets its own fresh `/tmp`, not the host's. |
|
|
475
|
-
| `--shared-display` | Share the host display server (X11 and Wayland), audio (PulseAudio/PipeWire), and D-Bus session bus with the container. Binds only the specific session sockets, not the host's whole `/run`. Opt-in only. `--shared-x11` is accepted as a backward-compatible alias. |
|
|
476
|
-
| `-b`, `--bind SRC[:DST]` | Bind-mount a custom host path (repeatable). `DST` must be an absolute guest path. |
|
|
432
|
+
| `--shared-home` | Bind the invoking user's host home into the guest home (or `/root` for root). On Termux, binds `TERMUX_HOME`. Ignored under `--isolated`. |
|
|
433
|
+
| `--shared-tmp` | Bind host tmp (`/tmp` on Linux, `$PREFIX/tmp` on Termux) to `/tmp` in the guest. Opt-in only: by default the container gets its own fresh `/tmp`, not the host's. Ignored under `--isolated`. |
|
|
434
|
+
| `--shared-display` | Share the host display server (X11 and Wayland), audio (PulseAudio/PipeWire), and D-Bus session bus with the container. Binds only the specific session sockets, not the host's whole `/run`. Opt-in only. `--shared-x11` is accepted as a backward-compatible alias. Ignored under `--isolated`. |
|
|
435
|
+
| `-b`, `--bind SRC[:DST]` | Bind-mount a custom host path (repeatable). `DST` must be an absolute guest path. Ignored under `--isolated`. |
|
|
477
436
|
| `-w`, `--work-dir PATH` | Initial working directory (default: user's home). |
|
|
478
437
|
| `-e`, `--env VAR=VALUE` | Set a guest environment variable (repeatable). |
|
|
479
438
|
| `--get-chroot-cmd` | Print the fully assembled `env` + `chroot` command line and exit. |
|
|
480
439
|
|
|
481
440
|
#### Display sharing
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
`--
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
Display sharing forwards four subsystems from the invoking host session into
|
|
493
|
-
the container:
|
|
494
|
-
|
|
495
|
-
**X11**
|
|
496
|
-
- `/tmp/.X11-unix` socket directory is bind-mounted into the guest.
|
|
497
|
-
- `DISPLAY`, `XAUTHORITY`, and `XDG_RUNTIME_DIR` are forwarded.
|
|
498
|
-
- The X authority file is bind-mounted when it lives outside `/run`.
|
|
499
|
-
- Compositors such as niri with xwayland-satellite often authenticate X11
|
|
500
|
-
clients by Unix-socket UID. Chroot-distro aligns the guest user's UID to
|
|
501
|
-
the invoking host user when needed. If the guest cannot read the cookie
|
|
502
|
-
file, it is copied to `/var/tmp/.chroot-distro-xauthority` (requires
|
|
503
|
-
`xauth` on the host). If that fails, use `--shared-home`,
|
|
504
|
-
`xhost +SI:localuser:GUEST`, or a UID-matched user.
|
|
505
|
-
|
|
506
|
-
**Wayland**
|
|
507
|
-
- `WAYLAND_DISPLAY` is forwarded (fallback: `wayland-0` if socket exists).
|
|
508
|
-
- `XDG_SESSION_TYPE`, `XDG_CURRENT_DESKTOP`, and `DESKTOP_SESSION` are
|
|
509
|
-
forwarded from the host session.
|
|
510
|
-
- The host's `XDG_RUNTIME_DIR` (`/run/user/<uid>`) is bind-mounted whole
|
|
511
|
-
with **rslave** propagation, so every session socket (Wayland,
|
|
512
|
-
PulseAudio, PipeWire, D-Bus) is exposed and sockets created after mount
|
|
513
|
-
stay visible — while the host's broad `/run` stays hidden. The system
|
|
514
|
-
D-Bus socket (`/run/dbus/system_bus_socket`) is bound individually.
|
|
515
|
-
|
|
516
|
-
> Note: logging in as **root** with `--shared-display` cannot use the
|
|
517
|
-
> session D-Bus bus (it rejects uid 0 with "Connection reset by peer");
|
|
518
|
-
> log in as a UID-matched normal user with `--user` for a working session
|
|
519
|
-
> bus. The system bus works for root.
|
|
520
|
-
|
|
521
|
-
**Sound (PulseAudio / PipeWire)**
|
|
522
|
-
- `PULSE_SERVER` is forwarded (fallback: `unix:/run/user/<uid>/pulse/native`
|
|
523
|
-
if the PulseAudio socket exists).
|
|
524
|
-
- PipeWire apps discover their socket automatically via `XDG_RUNTIME_DIR`;
|
|
525
|
-
no extra env var is needed.
|
|
526
|
-
|
|
527
|
-
**D-Bus**
|
|
528
|
-
- `DBUS_SESSION_BUS_ADDRESS` is forwarded (fallback:
|
|
529
|
-
`unix:path=/run/user/<uid>/bus` if the socket exists).
|
|
530
|
-
|
|
531
|
-
Use `--isolated` to skip all display sharing, or `--minimal` for only core
|
|
532
|
-
pseudo-filesystems. Home is never bind-mounted unless you pass `--shared-home`.
|
|
441
|
+
|
|
442
|
+
Pass `--shared-display` (or `--shared-x11`) to use your host's screen,
|
|
443
|
+
audio, and D-Bus session inside the container — handy for running GUI
|
|
444
|
+
apps. It's opt-in: without this flag, none of that is shared, and `/tmp`
|
|
445
|
+
and `/run` stay isolated from the host. It works best on regular Linux;
|
|
446
|
+
on Termux only some of this is available. `--shared-display` (like every
|
|
447
|
+
`--shared-*` flag) is ignored if you also pass `--isolated`, since
|
|
448
|
+
`--isolated` binds no host paths at all — drop `--isolated`, or use
|
|
449
|
+
`CD_USE_NS=1` instead, if you need display sharing alongside namespace
|
|
450
|
+
isolation.
|
|
533
451
|
|
|
534
452
|
#### GPU acceleration (auto-detected)
|
|
535
453
|
|
|
536
|
-
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
Termux.)
|
|
540
|
-
|
|
541
|
-
**AMD and Intel** (open-source Mesa drivers)
|
|
542
|
-
- Works out of the box. Host `/dev` (including `/dev/dri/` render nodes) is
|
|
543
|
-
bind-mounted into the container. The host's Vulkan/EGL/OpenCL ICD and
|
|
544
|
-
loader-config descriptors are bound read-only so the guest's own Mesa
|
|
545
|
-
stack can enumerate the hardware. Driver `.so` files are **not** bound:
|
|
546
|
-
shadowing the container's own Mesa libraries corrupts its loader.
|
|
547
|
-
|
|
548
|
-
**NVIDIA — native Linux** (proprietary driver)
|
|
549
|
-
- Detection: `/dev/nvidia0` exists, or `libcuda*.so*` / `libnvidia*.so*`
|
|
550
|
-
found under `/usr/lib*/`.
|
|
551
|
-
- Bind-mounts: `/dev/nvidia*` device nodes, `/dev/dri/card*` and
|
|
552
|
-
`/dev/dri/renderD*` DRM nodes, host NVIDIA `.so` libraries mapped to the
|
|
553
|
-
correct guest library directory (multi-arch aware), NVIDIA config and ICD
|
|
554
|
-
files (`/etc/`, EGL/Vulkan JSON descriptors, OpenCL ICD), and NVIDIA CLI
|
|
555
|
-
tools (`nvidia-smi`, etc.). Vendor-neutral GLVND/GBM dispatch libraries
|
|
556
|
-
(`libGL`, `libEGL`, `libGLX`, `libgbm`, …) and zero-byte sources are never
|
|
557
|
-
bound, so the container's own loader is not shadowed.
|
|
558
|
-
- Runs independent of `--shared-display`: the GPU works whether or not the
|
|
559
|
-
display is shared.
|
|
560
|
-
- Environment variables set: `__NV_PRIME_RENDER_OFFLOAD=1`,
|
|
561
|
-
`__GLX_VENDOR_LIBRARY_NAME=nvidia`.
|
|
562
|
-
- Guest `ldconfig` is run inside the chroot to refresh the shared library
|
|
563
|
-
cache after the new libraries are bind-mounted.
|
|
454
|
+
If you have a GPU (AMD, Intel, or NVIDIA), Chroot-Distro automatically
|
|
455
|
+
sets it up for hardware-accelerated rendering — no flag needed. This
|
|
456
|
+
works independently of display sharing and isn't available on Termux.
|
|
564
457
|
|
|
565
458
|
#### Namespace isolation (`--isolated` and `CD_USE_NS`)
|
|
566
459
|
|
|
@@ -572,16 +465,17 @@ when the kernel supports it, skipped otherwise); the **mount/PID/UTS/IPC**
|
|
|
572
465
|
set is **all-or-nothing**: chroot-distro probes that set first, and if any
|
|
573
466
|
one of them is unsupported on the kernel it acquires none of them and falls
|
|
574
467
|
back fully to a non-isolated login (with a warning naming the missing
|
|
575
|
-
namespace), so a session is never left half-isolated. This is
|
|
576
|
-
[Ubuntu-Chroot](Ubuntu-Chroot/tools/chroot.sh) and is **not** a full
|
|
468
|
+
namespace), so a session is never left half-isolated. This is **not** a full
|
|
577
469
|
container runtime: there is no network namespace, no user namespace
|
|
578
470
|
mapping, and no image layering.
|
|
579
471
|
|
|
580
|
-
`--isolated` couples two things: namespace isolation **and**
|
|
581
|
-
|
|
582
|
-
|
|
583
|
-
`--
|
|
584
|
-
|
|
472
|
+
`--isolated` couples two things: namespace isolation **and** binding no
|
|
473
|
+
host paths at all — no Android system/storage/`$PREFIX` binds on Termux,
|
|
474
|
+
no `/tmp` sharing, no display sharing on Linux, and no `--shared-*` /
|
|
475
|
+
`--bind` flags take effect (they're accepted but ignored, with a
|
|
476
|
+
warning, since there's nothing to bind into). If you want **only** the
|
|
477
|
+
namespace isolation while keeping every default mount — and keeping
|
|
478
|
+
`--shared-*` / `--bind` working — set the `CD_USE_NS=1` environment
|
|
585
479
|
variable instead: every `login`/`run` then runs in the same
|
|
586
480
|
mount/PID/UTS/IPC/cgroup namespaces but with the full default mount set
|
|
587
481
|
intact. `CD_USE_NS` accepts `1`/`true`/`yes`/`on`.
|
|
@@ -733,20 +627,41 @@ printed.
|
|
|
733
627
|
|
|
734
628
|
---
|
|
735
629
|
|
|
736
|
-
### `ps` — List
|
|
630
|
+
### `ps` — List active sessions
|
|
737
631
|
|
|
738
632
|
```
|
|
739
633
|
chroot-distro ps [OPTIONS]
|
|
740
634
|
```
|
|
741
635
|
|
|
742
|
-
List
|
|
743
|
-
|
|
744
|
-
|
|
636
|
+
List every active container session — one row per live `login` or `run`.
|
|
637
|
+
Each session is tracked by a per-PID JSON file under
|
|
638
|
+
`$RUNTIME_DIR/sessions/` with flock-based liveness detection (immune to
|
|
639
|
+
PID recycling and crash-safe). Does not require root.
|
|
640
|
+
|
|
641
|
+
Output columns:
|
|
642
|
+
|
|
643
|
+
| Column | Description |
|
|
644
|
+
|---|---|
|
|
645
|
+
| `PID` | Host PID of the session's chroot process. |
|
|
646
|
+
| `CONTAINER` | Container name. |
|
|
647
|
+
| `TYPE` | `login` or `run` (recorded at session start). |
|
|
648
|
+
| `USER` | User the session runs as. |
|
|
649
|
+
| `UPTIME` | Elapsed time since session start (e.g. `3m12s`, `1h04m`). |
|
|
650
|
+
| `COMMAND` | Inner command line (shell-quoted, truncated to terminal width). |
|
|
651
|
+
|
|
652
|
+
Example output:
|
|
653
|
+
|
|
654
|
+
```
|
|
655
|
+
PID CONTAINER TYPE USER UPTIME COMMAND
|
|
656
|
+
12345 ubuntu login root 3m12s /bin/bash -l
|
|
657
|
+
12388 debian run* root 0m44s nginx -g 'daemon off;'
|
|
658
|
+
|
|
659
|
+
* detached session
|
|
660
|
+
```
|
|
745
661
|
|
|
746
662
|
| Option | Description |
|
|
747
663
|
|---|---|
|
|
748
|
-
| `-
|
|
749
|
-
| `-q`, `--quiet` | Print only container names, one per line. |
|
|
664
|
+
| `-q`, `--quiet` | Print only PIDs, one per line (for scripting). |
|
|
750
665
|
|
|
751
666
|
---
|
|
752
667
|
|
|
@@ -839,14 +754,12 @@ fallback.
|
|
|
839
754
|
### `kill` — Forcibly stop a running container
|
|
840
755
|
|
|
841
756
|
```
|
|
842
|
-
chroot-distro kill CONTAINER
|
|
843
|
-
Aliases: k, stop
|
|
757
|
+
chroot-distro kill (CONTAINER | PID)
|
|
844
758
|
```
|
|
845
759
|
|
|
846
|
-
Forcibly stop a running container
|
|
847
|
-
|
|
848
|
-
mounts are unmounted, and the namespace holder (if any) is released. This
|
|
849
|
-
is the abrupt counterpart to `unmount` (equivalent to `docker kill`).
|
|
760
|
+
Forcibly stop a running container. The argument may be a container name or a session PID shown in `chroot-distro ps`. When a session PID is provided, the entire container that the session belongs to is stopped. Only PIDs from active chroot-distro sessions are accepted; random host PIDs are rejected.
|
|
761
|
+
|
|
762
|
+
All processes inside the container's chroot are sent `SIGTERM` and then `SIGKILL` after a short grace period, the bind mounts are unmounted, and the namespace holder (if any) is released. This is the abrupt counterpart to `unmount` (equivalent to `docker kill`).
|
|
850
763
|
|
|
851
764
|
---
|
|
852
765
|
|
|
@@ -1110,11 +1023,12 @@ in the [`install`](#install--install-a-container) section.
|
|
|
1110
1023
|
|
|
1111
1024
|
### 2. Native chroot and bind mounts
|
|
1112
1025
|
|
|
1113
|
-
|
|
1114
|
-
real kernel features:
|
|
1026
|
+
Chroot-Distro uses real kernel features rather than path rewriting:
|
|
1115
1027
|
|
|
1116
1028
|
- **Bind mounts** (`mount --bind`) for host directories inside the guest.
|
|
1117
|
-
- **Session tracking** under `$RUNTIME_DIR/data/<name>/sessions
|
|
1029
|
+
- **Session tracking** under `$RUNTIME_DIR/data/<name>/sessions` (counter)
|
|
1030
|
+
and `$RUNTIME_DIR/sessions/<pid>.json` (per-session registry for `ps`,
|
|
1031
|
+
with `flock`-based liveness detection).
|
|
1118
1032
|
- **Automatic mount/unmount**: the first session mounts; the last session
|
|
1119
1033
|
exiting unmounts everything.
|
|
1120
1034
|
- **Lazy unmount fallback** (`umount -l`) when a target is busy.
|
|
@@ -1155,6 +1069,24 @@ Because mutating commands run as root after auto-elevation, effective
|
|
|
1155
1069
|
paths on Linux are typically under `/root/.local/share/` and
|
|
1156
1070
|
`/root/.cache/` unless you set `XDG_DATA_HOME` / `XDG_CACHE_HOME`.
|
|
1157
1071
|
|
|
1072
|
+
### Directory Variables and Definitions
|
|
1073
|
+
|
|
1074
|
+
The application dynamically computes paths based on the environment (Termux/Android vs. Regular Linux):
|
|
1075
|
+
|
|
1076
|
+
| Variable | Description | Termux Path | Regular Linux Path |
|
|
1077
|
+
|---|---|---|---|
|
|
1078
|
+
| `RUNTIME_DIR` | Root directory for application state (containers, sessions, locks, logs). | `/data/data/com.termux/files/usr/var/lib/chroot-distro` | `~/.local/share/chroot-distro` |
|
|
1079
|
+
| `BASE_CACHE_DIR` | Base directory for caching downloaded OCI layers, manifests, and build cache index. | `$RUNTIME_DIR/cache` | `~/.cache/chroot-distro` |
|
|
1080
|
+
| `CONTAINERS_DIR` | Directory containing the root filesystems (`rootfs`) of installed distributions. | `$RUNTIME_DIR/containers` | `~/.local/share/chroot-distro/containers` |
|
|
1081
|
+
| `SESSIONS_DIR` | Directory for active session tracker files (`<pid>.json`) used by the `ps` command. | `$RUNTIME_DIR/sessions` | `~/.local/share/chroot-distro/sessions` |
|
|
1082
|
+
| `LOCKS_DIR` | Directory for POSIX flock files to prevent concurrent access conflicts. | `$RUNTIME_DIR/locks` | `~/.local/share/chroot-distro/locks` |
|
|
1083
|
+
| `LAYER_CACHE_DIR` | Directory where downloaded OCI layers are cached. | `$BASE_CACHE_DIR/oci_layers` | `~/.cache/chroot-distro/oci_layers` |
|
|
1084
|
+
| `MANIFEST_CACHE_DIR` | Directory where fetched OCI manifests are cached. | `$BASE_CACHE_DIR/oci_manifests` | `~/.cache/chroot-distro/oci_manifests` |
|
|
1085
|
+
|
|
1086
|
+
> [!NOTE]
|
|
1087
|
+
> Since mutating commands on regular Linux run as `root` (via auto-elevation), the regular Linux paths above will default to being under the `/root` home directory (e.g., `/root/.local/share/chroot-distro` and `/root/.cache/chroot-distro`) unless `XDG_DATA_HOME` or `XDG_CACHE_HOME` are explicitly set and forwarded.
|
|
1088
|
+
|
|
1089
|
+
|
|
1158
1090
|
| Path | Contents |
|
|
1159
1091
|
|---|---|
|
|
1160
1092
|
| `containers/<name>/rootfs/` | Container root filesystem |
|
|
@@ -1180,7 +1112,7 @@ paths on Linux are typically under `/root/.local/share/` and
|
|
|
1180
1112
|
| `TERMUX_APP__APP_VERSION_NAME`, `TERMUX_VERSION` | Either counts toward Termux detection when set. |
|
|
1181
1113
|
| `XDG_DATA_HOME` | Base for `$XDG_DATA_HOME/chroot-distro/` on non-Termux hosts. Default: `~/.local/share`. |
|
|
1182
1114
|
| `XDG_CACHE_HOME` | Base for `$XDG_CACHE_HOME/chroot-distro/` on non-Termux hosts. Default: `~/.cache`. |
|
|
1183
|
-
| `CD_DOCKER_AUTH` | Registry credentials as `username:password` or `username:PAT` (colon required). Used by `install`, `build` (`FROM` pulls), and `push`.
|
|
1115
|
+
| `CD_DOCKER_AUTH` | Registry credentials as `username:password` or `username:PAT` (colon required). Used by `install`, `build` (`FROM` pulls), and `push`. |
|
|
1184
1116
|
| `CD_DOWNLOAD_WORKERS` | Parallel registry layer downloads during `install` (default `4`, maximum `10`). Invalid values use the default; out-of-range values are clamped. |
|
|
1185
1117
|
| `CD_DOWNLOAD_RATE_LIMIT` | Bandwidth limit for downloads (e.g., `5M` for 5 MiB/s, default `0` = unlimited). Supports suffixes `K`, `M`, `G` (case-insensitive). |
|
|
1186
1118
|
| `CD_DOWNLOAD_MAX_RETRIES` | Maximum retry attempts per connection failure (default `3`, clamped between `0` and `20`). |
|
|
@@ -1195,7 +1127,8 @@ These are set automatically by chroot-distro at login. They cannot be
|
|
|
1195
1127
|
overridden from `manifest.json` image `Env`, but can be overridden with
|
|
1196
1128
|
`--env`.
|
|
1197
1129
|
|
|
1198
|
-
**Display and audio (Linux, non-minimal, display
|
|
1130
|
+
**Display and audio (Linux, non-minimal, only when `--shared-display` /
|
|
1131
|
+
`--shared-x11` is passed — not set by default):**
|
|
1199
1132
|
|
|
1200
1133
|
| Variable | Source / Fallback |
|
|
1201
1134
|
|---|---|
|
|
@@ -1209,26 +1142,13 @@ overridden from `manifest.json` image `Env`, but can be overridden with
|
|
|
1209
1142
|
| `PULSE_SERVER` | Host `$PULSE_SERVER`; fallback `unix:/run/user/<uid>/pulse/native` if socket exists |
|
|
1210
1143
|
| `DBUS_SESSION_BUS_ADDRESS` | Host `$DBUS_SESSION_BUS_ADDRESS`; fallback `unix:path=/run/user/<uid>/bus` if socket exists |
|
|
1211
1144
|
|
|
1212
|
-
**Hostname
|
|
1213
|
-
|
|
1214
|
-
| Variable | Source / Fallback |
|
|
1215
|
-
|---|---|
|
|
1216
|
-
| `HOSTNAME` | The container name. Under `--isolated` the UTS namespace hostname is also set so `hostname`/`uname -n` report it. |
|
|
1217
|
-
|
|
1218
|
-
**GPU — NVIDIA native Linux (auto-detected, non-minimal):**
|
|
1219
|
-
|
|
1220
|
-
| Variable | Value |
|
|
1221
|
-
|---|---|
|
|
1222
|
-
| `__NV_PRIME_RENDER_OFFLOAD` | `1` |
|
|
1223
|
-
| `__GLX_VENDOR_LIBRARY_NAME` | `nvidia` |
|
|
1224
|
-
|
|
1225
|
-
**GPU — WSL2 with NVIDIA (auto-detected, non-minimal):**
|
|
1145
|
+
**Hostname and GPU (non-minimal, auto-detected/auto-set):**
|
|
1226
1146
|
|
|
1227
1147
|
| Variable | Value |
|
|
1228
1148
|
|---|---|
|
|
1229
|
-
| `
|
|
1230
|
-
| `
|
|
1231
|
-
| `LIBGL_ALWAYS_SOFTWARE` | `0` |
|
|
1149
|
+
| `HOSTNAME` | The container name (`hostname`/`uname -n` only reflect it under `--isolated`) |
|
|
1150
|
+
| `__NV_PRIME_RENDER_OFFLOAD`, `__GLX_VENDOR_LIBRARY_NAME` | `1`, `nvidia` — NVIDIA on native Linux |
|
|
1151
|
+
| `GALLIUM_DRIVER`, `MESA_D3D12_DEFAULT_DEVICE_TYPE`, `LIBGL_ALWAYS_SOFTWARE` | `d3d12`, `GPU`, `0` — NVIDIA on WSL2 |
|
|
1232
1152
|
|
|
1233
1153
|
---
|
|
1234
1154
|
|
|
@@ -1267,6 +1187,23 @@ cp src/chroot_distro/completions/chroot-distro.fish \
|
|
|
1267
1187
|
|
|
1268
1188
|
## Limitations
|
|
1269
1189
|
|
|
1190
|
+
### Design choices (not limitations)
|
|
1191
|
+
|
|
1192
|
+
- **Shared network by default**: containers use the host's network stack
|
|
1193
|
+
directly. There is no network namespace and no per-container network
|
|
1194
|
+
isolation, even under `--isolated` / `CD_USE_NS=1`. This is intentional:
|
|
1195
|
+
Chroot-Distro targets fast, near-native access to the host (Wi-Fi,
|
|
1196
|
+
mobile data, VPNs already configured on the host, etc.) rather than
|
|
1197
|
+
Docker-style network sandboxing, so there is no virtual NIC, no NAT, and
|
|
1198
|
+
no per-container firewall to set up or work around.
|
|
1199
|
+
- **Shared GPU by default**: GPU passthrough (see
|
|
1200
|
+
[GPU acceleration](#gpu-acceleration-auto-detected)) is automatic and
|
|
1201
|
+
unconditional whenever supported hardware/drivers are detected — it is
|
|
1202
|
+
not gated behind `--isolated`, `--shared-display`, or any opt-in flag.
|
|
1203
|
+
The container talks to the same `/dev/dri`, NVIDIA device nodes, and
|
|
1204
|
+
driver stack as the host, by design, so 3D/Vulkan/OpenCL workloads work
|
|
1205
|
+
out of the box without per-container GPU allocation or arbitration.
|
|
1206
|
+
|
|
1270
1207
|
### Kernel and chroot limitations
|
|
1271
1208
|
|
|
1272
1209
|
- **Root required**: real `chroot` and bind mounts need appropriate
|
|
@@ -1279,18 +1216,21 @@ cp src/chroot_distro/completions/chroot-distro.fish \
|
|
|
1279
1216
|
guest.
|
|
1280
1217
|
- **Namespaces**: `--isolated` (or `CD_USE_NS=1`) provides
|
|
1281
1218
|
mount/PID/UTS/IPC isolation, plus the cgroup namespace when the kernel
|
|
1282
|
-
supports it, via `unshare`/`nsenter
|
|
1283
|
-
|
|
1219
|
+
supports it, via `unshare`/`nsenter`. There is no user-namespace mapping
|
|
1220
|
+
and no parity with Docker or Podman. (Networking is intentionally
|
|
1221
|
+
excluded from this isolation set — see
|
|
1222
|
+
[Design choices](#design-choices-not-limitations) above.)
|
|
1284
1223
|
- **Bind mount hygiene**: crashed sessions or orphan processes can leave
|
|
1285
1224
|
mounts busy; `unmount` and lazy unmount mitigate this but orphaned
|
|
1286
1225
|
processes should be cleaned up.
|
|
1287
1226
|
|
|
1288
1227
|
### Chroot-Distro limitations
|
|
1289
1228
|
|
|
1290
|
-
- **
|
|
1291
|
-
containers on a non-rooted Android
|
|
1229
|
+
- **Root is required on Termux**: Chroot-Distro relies on real `chroot`
|
|
1230
|
+
and bind mounts, so it cannot run containers on a non-rooted Android
|
|
1231
|
+
device.
|
|
1292
1232
|
- **Registry authentication**: private pulls and pushes need
|
|
1293
|
-
`CD_DOCKER_AUTH=user:password
|
|
1233
|
+
`CD_DOCKER_AUTH=user:password`. Docker
|
|
1294
1234
|
`config.json` credential helpers are not read.
|
|
1295
1235
|
- **Dockerfile builds are not BuildKit**: `RUN` executes under `chroot`,
|
|
1296
1236
|
not a real container runtime. BuildKit-only Dockerfile features are
|