Hi UncleScrooge,
AFAIK, this is the only post suggesting how Docker could be run under Bionicpup64.
http://www.murga-linux.com/puppy/viewto ... 29#1046529. But I don't know if anyone has actually done it. By way of comparison, see
http://murga-linux.com/puppy/viewtopic. ... 665#903665 under FatDog64.
As the previous post suggest, Docker is just a 'brand' of Containers, which --unless its Devs have kept pace-- may already have been left behind,
http://murga-linux.com/puppy/viewtopic. ... 248#852248, and in any event, is --or is equivalent to-- running an application is a chroot environment.
http://murga-linux.com/puppy/viewtopic. ... 98#1025598. If that were essential, starting from scratch with EasyOS, FatDog or Void would likely be less time-consuming that trying to get Docker or Containers to work under Bionicpup64.
But there is/are one or two other alternatives for accomplishing the same goal: running an application in a Chroot environment. [My 'number' confusion results from the fact that not having constructed 'either' 'they' may be the same technique or two ways to employ the same technique. Haven't really yet 'gotten my head around' Chroot]. The first is firejail, available via PPM. Seems to be builtin or works OOTB in FatDog. And under Puli –the latest is based on Bionicpup64- AFAIK, Ubuntu’s firejail deb is used OOTB, but included in Puli’s repo for convenience. Puli’s packages –including firejail and web-browsers-- can be found here,
https://sourceforge.net/projects/puppys ... /packages/
The ‘second?’ technique is ‘simply’ to build apps in a chroot environment and use them that way. That requires that all necessary structures and libraries be included in the application: tantamount to including almost another operating system. Watchdog built firefox 73 that way. You can download and examine it from here,
http://www.murga-linux.com/puppy/viewto ... 62#1050962. [My recollection is that somewhere watchdog mentioned that he used the entire core of an OS and did not try to strip out what may not have been needed]. Similarly, employing Watchdog's technique, Mike Walsh’s 'chrooted' Iron 69 browser includes 900 Mbs of Tahrpup so that it could be run under precise,
http://murga-linux.com/puppy/viewtopic. ... 76#1035276.
My experience with watchdog’s firefox under Bionicpup64 is that it runs like a sloth. Sort of to be expected as you are running one operating system to run another operating system to run an app (firefox) which is, itself, a memory hog.
As I’ve mentioned elsewhere, as far as I know the only applications where such extreme security measures may make sense are web-browsers: the Web being the mother of all malware: threats to privacy and security. I would suggest that there is a far more efficient method of accomplishing the same goal.
Both the ‘non-portable’ Google-Chrome,
http://www.murga-linux.com/puppy/viewto ... 95#1056295 and AFAIK any version of firefox can be run as spot, honoring spot’s permission restrictions that such application, itself, has no access to any folder other than the spot folder: a hacker can not access any application, file or folder which is not within the spot folder. Downloaded files lack root permissions, and files copied/moved there are ‘stripped’ of their root permissions. To facilitate spot’s use, Mike Walsh published a permission changer, last version available from here,
http://www.murga-linux.com/puppy/viewto ... 71#1048371. When installed (it’s builtin to non-portable Chrome) it places a launcher on the taskbar. When activated, the launcher provides a choice of (a) moving a file from /spot/Downloads to /root/Downloads changing its permissions while doing so; and (b) changing the permissions of a file already in /spot/Uploads from root to spot. You can add the folder /spot/uploads to Bionic’s right-click ‘copy-to’ function. But I think from a security viewpoint, permissionchanger’s root-to-spot module can be fairly easily modified to first run an encryption app. That way, files you want to transmit are already encrypted before they are placed in a folder exposed to the internet. Or perhaps another right-click ‘copy-to’ version can be added which runs encryption, changes permissions and then copies to /spot/uploads.