Docker is a “container” platform, which allows applications to be run in their own sandboxed world. These applications share resources, e.g. things like hard drive space or RAM, but otherwise can’t interfere with programs running on the host system. For corporate servers this means an attacker may not be able to use a compromised web server to get at the database holding customer data.For the desktop user, it means the bleeding-edge app you’re trying out can’t accidentally delete all your cat’s selfies. So here’s the ways on how to safely test desktop applications in a secure container with docker.
Installation and Usage
Getting things up and running involves three preliminary steps:
- First, get Docker installed and running on your system (including a graphical interface for it, if you want one).
- Next, find and download an image for the application you want to run. While you normally install an application, you get one (and only one) copy of it. Think of an image as a template for the application — you can create as many installs from this template as you like.
- Lastly, create one of those copies, called a container, and run it.
Now, let’s have a look at each of these in detail.
Most Linux distribution have Docker available in repositories for easy installation. In Ubuntu, the following command will get you what you need:
sudo apt-get install docker.io
The Docker daemon will start up with your system automatically by default, but you can set that differently if you know how to adjust your systemd settings.
If you’re interested, you can also grab the Simple Docker UI Chrome app. Follow the instructions here to get things set up so you can connect to the Docker daemon on your machine.
Note: If you use Simple Docker UI, make sure you add yourself to the “docker” user group as described here. If you’re not part of this group, you won’t be able to use Docker commands from your normal (non-root) user account, the one with which you’ll be running Chrome and its apps, without using sudo all the time.
Finding and Installing Desktop Applications With Docker
Now that you’ve got a nice UI going, it’s time to find something to install. Your first stop should be the Hub, a repository of applications hosted by the docker project. Another straightforward way to find some interesting applications is to Google for them. In either case look for a “Launch Command” along the lines of the following:
docker run -it -v someoptions \ -e more options \ yet even more options...
Paste this into a terminal and it will download and launch the application for you.
You can also “pull” the application, then launch it yourself. If you’re using the Simple UI app, it can search Docker Hub automatically for your keyword.
Once you’ve found what you’re looking for, click its listing, then the Pull Image button in the pop-up dialog to download the image of the application.
Remember, an image is a “template” of sorts. Next you’ll need to create a container that uses your new image. Switch over to the Images tab. Clicking the Deploy Container button will create a new, runnable copy of your application.
Running Your New Docker Container
From the command line, you can view a list of all your docker containers with the command:
docker ps -a
This lists the containers with some of their stats — note the “NAMES” column to the far right. To restart one of your containers, pick the name of the container you want and issue the following:
docker start [containername]
Using the app, go the “Containers” screen, select the container you want, and click the “Start” button in the upper left of the screen. Your application will start in a new window on your desktop, just like a “normal” application.
Your application should open in a new window, just as if you had installed it normally. But remember, it exists in isolation from your other applications. This allows you to do some neat things, like run LibreOffice and OpenOffice in parallel (their dependencies usually conflict with one another):