MetaContainer - share access to your files/desktops/USB devices securely (version 2)
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
metac
nix
tests
.gitignore
README.md
config.nims
metac.nimble

README.md

metac

Warning: this is a rewrite of MetaContainer - it is not yet ready to use in production. Subscribe for newletter at https://metacontainer.org/

MetaContainer aims to provide a common interface for sharing various types of resources, including filesystems, Ethernet networks or USB devices in a secure way. MetaContainer also provides compute services (container orchestration) with the ability to seamlessly attach possibly remote resources.

Documentation | Install guide

What can MetaContainer do?

  • Share a folder between computers (view tutorial):

    user@host1$ metac fs export /home/user/shared
    ref:7N9_k-ZQJ92SyZMQtizkA4mYDoG-Byhes6Nok1ph
    Send the reference via IM or mail to another person or run on another computer:
    user@host2$ metac fs bind /home/user/shared-from-host1 ref:7N9_k-ZQJ92SyZMQtizkA4mYDoG-Byhes6Nok1ph
    
  • Share a desktop session with another person (view tutorial)

    user@host1$ metac desktop export localx11:
    ref:MNS2I2mR4nsVW4XYVI3r-1TkmScK0OZd6X_rB5qL
    Send the reference via IM or mail to another person, so she can attach to your session:
    user@host2$ metac desktop attach ref:MNS2I2mR4nsVW4XYVI3r-1TkmScK0OZd6X_rB5qL
    
  • Launch a virtual machine with a disk image residing on another computer (e.g. NAS)

    On machine hosting the disk:

    user@nas$ metac file export /dev/mapper/nas-vm
    ref:miOZCkUt77meIs-1HsK65Qb2U-_DHV2eC9yAjLiZ
    

    On machine where the VM should be ran:

    user@host$ metac vm start --drive uri=ref:miOZCkUt77meIs-1HsK65Qb2U-_DHV2eC9yAjLiZ
    
  • Run a process using Nim API:

    let dir = await fsFromUri(instance, "local:/bin")
    
    let config = ProcessEnvironmentDescription(
      memory: 512,
      filesystems: @[FsMount(path: "/bin", fs: dir)]
    )
    
    let processConfig = ProcessDescription(
      args: @["/bin/busybox", "sleep", "3"]
    )
    
    await launcher.launch(processConfig, config)

Quick start

Installing MetaContainer

Quick install:

curl https://metacontainer.org/install.sh | sudo bash

Alternatively, on Ubuntu/Debian (x86_64) based distributions execute the following commands:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv F562C6B09C9C2AA9A8D82D4CF190C4CD1C66C328
echo 'deb https://metacontainer.org/repo/ any metac | sudo tee /etc/apt/sources.list.d/metac.list
sudo apt-get install -y apt-transport-https
sudo apt-get update
sudo apt-get install -y metac

For other distros, download https://metacontainer.org/repo/metac-latest.tar.xz and unpack it somewhere (preferably to root directory).

Installing from source

MetaContainer needs to build quite a few dependencies, so it uses Nix package manager to manage the process. If you don't already have it, grab it from its homepage.

Then building MetaContainer is as simple as executing nix-build -A release.metac. If you want to build Debian package, run nix-build -A release.metacDeb.

*Warning: * building MetaContainer will take about 2 hours on good hardware (it needs to build lots of dependencies, including Linux kernel for VMs). Subseqent build (even full rebuilds) will take less then 2 minutes.

Users

Most of MetaContainer functionality can currently only be managed by root. Many services are sandboxed, so if you are going to use MetaContainer on a single user machine, you should not be concerned. (that is actually the reason some services can't be ran by normal user --- e.g. normal users can't chroot).

sound and desktop service should be ran by normal user for better intergration with desktop. To do it, you need to allow you user to create MetaContainer services:

echo METAC_ALLOWED_USERS=$(id -u) > /etc/default/metac
systemctl restart metac.target

And enable metac-user.target using user systemd:

systemctl --user enable metac-user.target
systemctl --user start metac-user.target

Brief of the MetaContainer architecture

You may also want to read (a bit outdated) paper describing MetaContainer.