Lib.rs

Command line utilities
#podman #docker #container #virtualization #container-image #networking

app arcam

Sandboxed development containers at your fingertips

by sandorex

3 releases

0.1.10 Oct 4, 2024
0.1.8 Sep 13, 2024
0.1.7 Sep 7, 2024
0.1.6 Sep 6, 2024

#330 in Command line utilities

GPL-2.0-or-later

500KB
1.5K SLoC

arcam

Fast sandboxed development container manager using podman, minimal permissions by default choose balance between security and convenience

Demo GIF

NOTE: Version 0.1.X is considered alpha and may break compatability at any time

Experimental but all code since v0.1.1 was written inside arcam container

Originally named box

Features

  • Sandboxed ephemeral container by default (podman defaults with network turned on)
  • Pass through audio, wayland, ssh-agent easily on demand with flags or config
  • Customize your experience per language, even per project
  • Override dotfiles locally on demand, so you don't have to rebuild image to update dotfiles
  • Automatic passwordless sudo (or su if not installed)
  • Consistant development environment on any distro, especially useful on immutable distros like fedora atomic
  • Offline use, container initialization process does not require internet connection (image has to be downloaded of course)

Planned Features

These are features that are planned but the details are debatable

  • Provide support for devcontainer features
  • Docker support

Installation

You can download binary for latest release here

Alternatively you can install it from crates.io

cargo install arcam

You can also install straight from git

cargo install --git https://github.com/sandorex/arcam

Custom Container Image

Making a custom container image is same as for any other container, to take full advantage of box keep following things in mind:

  • Install sudo for nicer experience
  • Any executable files in /init.d will be executed on start of the container as the user, you can use sudo or su for root access
  • Put dotfiles in /etc/skel which will be copied to user home on start, note that it may be overriden at runtime using flags
  • All data inside the container (not counting mounts) will be deleted when container stops, to add caching or presistant data use a named volume

For examples you can take a look at my container with neovim and all LSPs preinstalled

Comparison to Other Tools

Toolbox / Distrobox

Both are great at their job, to provide a seamless integration with the host but not sandboxing

Box provides sandbox by default approach where you choose where to sacrifice sandboxing for convenience

Dependencies

~9–19MB
~268K SLoC