Let's say we want to run another full, separate 'buntu distro within a container. Assume that our host is running vanilla Ubuntu 22.04 and we want to create a Xubuntu container based on 23.04:
Code:
lxc launch ubuntu:23.04 --profile default --profile x11 xubuntu
Do our update and housekeeping:
Code:
ubuntu@xubuntu:~$ sudo apt update && sudo apt full-upgrade && sudo apt autoremove && sudo apt clean
Now prepare for a long download of the full Xubuntu desktop:
Code:
ubuntu@xubuntu:~$ sudo apt install xubuntu-desktop
Reboot:
Code:
ubuntu@xubuntu:~$ sudo reboot
It's almost too easy. After these simple steps, we have a working Xubuntu image. To bring up the Xubuntu desktop: <Alt> + <F2> →
Code:
lxc exec xubuntu -- sudo --login --user ubuntu xfce4-panel
But running two different desktop environments concurrently is a schizophrenic experience. Panels overlay each other, are unreadable and unreachable. Let's clean things up.
The lower Xubuntu XFCE panel should be at the bottom of your screen. Let's customize things so that only the bottom panel is used (it's really the only one we need): Right click on it → Panel → Panel Preferences. If all panels are hidden such that the mouse can't reach them, then from a shell do:
Code:
ubuntu@xubuntu:~$ xfce4-settings-manager
…and select Panels. On my installation, the bottom panel is "Panel 2".
- First, under the "Display" tab, let's permit this panel to float by turning off Lock panel.
- Set Automatically hide the panel to "Never"
- Set Mode to suit your taste.
- Set Row size, Number of rows and Length to suit your taste.
- In the "Items" tab, click the "+" button and add either Applications Menu or Whisker Menu to the panel.
Panel 2 is now configured with everything we really need and can be moved to anywhere on our desktop. Clicking on its Applications or Whisker menu allows us to choose any of the apps that come preinstalled with the Xubuntu desktop.
You may notice that Xubuntu's top panel is a faint ghostly presence hidden behind the Gnome panel and none of its features are reachable with the mouse. To deal with this:
- In Panel Preferences, switch to "Panel 1".
- We can either play around with the Display properties to put it where we want, or delete it altogether with the "-" button. I decided to delete mine because it was redundant.
When we launch the XFCE panel, all that we are really doing is invoking a means to get at Xubuntu's apps. We're keeping our host Gnome environment for our desktop because we only want to deal with one DE.
It's pretty cool to effortlessly bring up newer versions of apps. Try launching the 23.04 version of GIMP and compare it to Jammy's. You can have both versions running at the same time because one belongs to the container and the other to the host.
Note
Some apps won't work properly when launched from Xubuntu's panel menu (eg gnome-software). This may be due to permissions, ownerships, paths or some other obscure parameters. In such cases, the app may behave well if launched from a proper shell. Also remember that the container is not a real computer. System apps like power settings and display utilities will fail because the container is tightly jailed and cannot touch the host's resources—which is in fact what we desire. But it means that Xubuntu system apps will crash. We should not remove the apps because they may be integrated into Xubuntu. But if the presence of these useless menu launchers is distracting, eliminating them is left as an exercise for the reader.
Note
We cannot log out of our Xubuntu instance the normal way, using the Logout menu entry in the Panel. Shutdown, Reboot and Logout are system calls and this is one of the ways in which a container is not like a VM. We have already established that a containerized instance is prohibited from accessing system resources. If it were allowed to, these system calls would shut down our host, not our container.
To close the XFCE panel,
right click on it, then → Panel → Logout. We may get a message that closing the panel will also kill X, but it is safe to proceed. The message is referring to the container's X server, not the host's.
I hope this tutorial is sufficient to get us on the way to compartmentalizing many of our desktop apps. Used in conjunction with VMs it will hopefully add one more tool to our collection of security measures in our continuing battle with the bad guys.
Good Luck and Happy Ubuntu-ing!
Bookmarks