Posts with the tag Linux:

Using docker image as your desktop system

In recent years, docker has created a containerization boom around the world by providing a way to easily create and run application containers. Containers save people from dependency hell by packaging the software with the operating environment it needs. Although docker was designed to be neither an operating system container nor an operating system running directly on the bare metal, docker’s powerful suite of tools will also give us tremendous convenience in managing our desktop system running on bare metal.

Why using docker image as a desktop system is a good idea? Let’s begin with talking about the inconvenience of the normal way how people are managing their desktop systems. Nowadays, most of us has more than one computer, and we want these computers to be “consistent”. Here when I say “consistent”, I mean, for example, I begin writing a document on one computer (say, at home) and am unable to finish it before having to switch to another computer (say, at work). I don’t want to worry about copying it manually to another computer, instead, I want it to be able to magically appear there so I can access it at any time. This is exactly what cloud sync disks like Dropbox do for us. However, for geeks, what cloud sync disks do is far from enough. For example, you are busy with a project, which uses a number of programming languages, libraries, and a bunch of GUI and non-GUI tools. As you keep trying new things, you install new tools and change configurations continually on your system. It would be nice if these changes can be synced across different devices automatically so that when you install something you won’t need to install it one by one on each of your computers.

把docker镜像当作桌面系统来用

博主一直都很喜欢思考怎样管理装在自己电脑上的桌面系统,这篇算是前作能当主力,能入虚拟机,还能随时打包带走,Linux就是这么强大的后续探索吧。

近些年来,Docker由于提供了一套非常方便地创建并运行应用容器的方法,而在全球掀起了一股容器化的热潮。容器通过将软件及其所需要的运行环境一同打包带走,从而将人们从依赖的苦海中拯救出来。虽然Docker设计的初衷并不是操作系统容器,更不是一个直接运行在裸机上的操作系统,但是docker这套强大的工具也会给我们管理操作系统带来巨大的便利。

为什么要用Docker镜像当作桌面系统?这就要从普通桌面系统的不方便之处说起。通常我们都拥有不止一台电脑,我们希望这些电脑能够保持一致。这里所说的“一致”,用一个例子来讲,就是我在一台电脑上编辑了一半的文件,不需要认为拷贝到另一台电脑上,而是直接打开电脑就能编辑。如果这个文件只是一个纯文本文件,或者一个Microsoft Word文档,那么实现这个一致性非常简单:把文件扔到Dropbox之类的云同步盘就好。然而对于专业用户来讲,这种一致性的保持并非单纯的扔到Dropbox里面那么简单:比如说你最近忙于一个项目,这个项目要用到若干编程语言,然后在电脑里装了一堆库,一堆工具软件,有图形界面的,也有命令行的。在工作的过程中,你有可能不断安装新的工具,或者决定弃用某个之前计划使用的库或者工具。要让你的工作在你的若干台电脑上都能工作,就要一直维护不同机器的环境的一致性:在一台机器上安装的工具,要在所有机器上重新安装一遍。在一台机器上升级了的库,要在所有机器上都升级,稍微有所差池,就有可能出现某个脚本/程序在一台机器上跑的好好的,在另一台机器上却无法运行的问题。

Adding new expressions to nftables

Introduction

I’m recently writing something that uses Linux’s firewall framework to do some non-standard operations packets. Extending the kernel is required for my task but unfortunately documentations about this topic I find online are quite dated. These old documents are mainly for kernel version 2.4 and earlier 2.6.x, in which new matches or targets are registered by calling ipt_register_match and ipt_register_target. The related subsystem of kernel has changed a lot since then, and iptables has been replaced by nftables. Although we can use xt_register_match and xt_register_target instead, I prefer to move to the new nftables framework. Due to the lack of documentation, I have to dig into the source code of Linux kernel to figure out how things works, and this post is the note for that. As Linus Torvalds says in 2008, “Linux is evolution, not intelligent design”, the design and API of nftables might be changing very fast. So I’m not only trying to make a brief review on the design or API of nftables. But also, this post will serve as a guide on how to find the correct way of doing things by reading the kernel source code. The eager reader can go directly to the summary section. This post is based on kernel version 4.13, the most recent version when this post is started writing.

Here in this post, we will solve a toy problem: monitor all outgoing TCP traffic from port 80, if it contains the string given by the user, log it. I don’t assume any knowledge in the design or kernel API of nftables, but I do assume the reader has read and understand well the official documents on how to use nftables.

能当主力,能入虚拟机,还能随时打包带走,Linux就是这么强大

更新日志: 2017-07-18 增加了新的一章:无盘系统,将多处不当使用的术语“rootfs”替换为更贴切的“root”

===================

这里介绍一下自己管理自己的Linux桌面的一点经验吧,我觉得还是有不少可取之处的。先来说一下大多数人管理Linux桌面的方法有哪些不方便的地方吧:

  • 买新电脑了,又得在新电脑上安装Linux,安装各种软件,各种库,各种开发环境,配置各种服务,真麻烦。
  • 最近一直在用电脑A,干了好多事情安装了好多软件,也配置了不少开发环境跟各种服务,然而处于某种原因,我又要开始使用好久没用过的电脑B了,难道我要把在A上的做的各种配置在B上再重新做一遍?
  • 在Windows下做着PPT呢,发现需要调出自己之前的程序,然后根据若干组输入跑几个结果画张图好插到PPT里,然而这个程序是在Linux下写的,编译等的过程也严重依赖自己用的Linux环境,重启进Linux拿到结果再回Windows太不方便,想在Windows下配置好环境把自己的程序跑通更不容易。
  • 要对系统安装某个软件,或者进行一些比较危险的更新操作(要知道Archlinux滚动更新滚挂了太正常了),担心把系统搞挂了,系统备份又实在太麻烦,要真挂了,系统恢复起来更麻烦。
  • 我一直用Archlinux做主力,然而最近做的某件事情要用某个软件,这个软件官方只给了Ubuntu上的安装方式,Archlinux里面没有相应的包,在Archlinux上手动安装也太不方便。装个Ubuntu,然后暂时用几天Ubuntu吧,也是够折腾的。更何况有时候只是想用一小下而已,怎样才能最小化自己在折腾上浪费的时间呢?
  • 有的软件官方软件仓库里面没有,而make install的话则会在系统中安装上不被包管理器所管理的文件,将来卸载也不方便,我还是更希望所有的文件都在一个包管理器中管理的。
  • 听说新版本内核引入了某个牛逼的东西?我就想快速测试一下玩玩,我电脑还有计算在跑着呢,我可不想重启,那就只能用虚拟机尝试了。而且,一定要快速,我可不想为此特地装一个虚拟机。

上述的这些不方便之处是可以通过自己管理系统时的一些技巧来克服的,本文目的就是来介绍一下这些技巧。通过这些技巧,我们实现的功能是:一台机器上,可以同时安装Windows跟若干Linux系统,Windows下可以通过虚拟机来运行位于本地磁盘的这些Linux系统,而这些Linux系统下也可以通过容器或者虚拟机的方式互相运行。并且这些系统可以非常方便地备份跟删除,也可以随时创建以及运行快照。并且这些Linux系统可以随时打包带走,只需要经过很少的修改,就能直接在U盘或者其他机器上运行。如果要换电脑,或者新装一台电脑,也不需要重新安装系统,只需要把已有的系统同步到新电脑就行。这也正是这篇文章标题的意思。