This project is for our lab, to allow users have their own envirement to avoid users installed packages ruin the whole server
In this page choose a panel to enter. Then click jupyter
button to enter the interface.
The main difference between RealOS Panel
and Container Panel
is everyone can use sudo
command in container,while RealOS can't. each container are independent, and can be reset at anytime to avoid mess up whole Real OS environment .
- Most things can be done in the Container. Everyone have the
sudo
permission to install packages that they need.
- Change password
- Change password in container is useless because hashed password will be passwd to container before start it each time
- You have to change your password in Real OS via
passwd
command or in cockpit account page.
- port forwarding
- Because we can't connect listened port from external network.
- If you want to host services in the container, please check IP of the container with
ip addr
command first. - Then port forwarding port from RealOS to your container by execute this command(Replace
172.22.17.3
by your ip) in Real OS. socat TCP-LISTEN:10080,fork TCP:172.22.17.3:8080
- run docker
- Because we can't run docker in docker, so I installed rootless docker at every server.
- If you need to run docker, just run
docker
command in RealOS.
Whenever this dialog prompt, just login with your linux account
By default, /data
and /home/{username}
this two folder will mounted into the container so that users can share files though this two folder.
- In this panel, all operations are running in the real OS, means all users are share one envirement.
- If you are not a sudoer, you don't have root privilege.
- If you login the server via SSH, your envirement are the same envirement as you login at this panel
It will start a vscode instance by your account at background
Connrct to your code-server
Connect to a jupyterlab session
Connect to cockpit
Connect to account page in the cockpit
Whenever you run any program in this panel, all programs will running in a docker container.
Everyone has sudo permission in their own container.
Just start your container.
If not exist, it will create one
Delete your contaainer. It it will be created at next time you start the container
/data
and /home/{username}
folders are mounted externally, so they will not be deleted
Connrct to your code-server which running in the container
Connrct to your jupyter which running in the container
- Please mount
/home
and/data
with paramaternosuid,nodev
in real OS.- Because user has root permission in container which allows user to
setuid
a binary in container and ececute it in Real OS. - Only
/home/{username}
and/data
are share between container and Real OS, so doing this will prevent users get root permission in RealOS.
- Because user has root permission in container which allows user to