Package applications in Docker containers
Neat Packages
The way distributions deliver software is changing. The new package formats (e.g., Flatpak and Snap) are becoming more and more widespread, and for many reasons, containers are becoming increasingly important, even in the everyday lives of average desktop users.
Developers want to see their software reach users more quickly without having to create packages in different formats. Some approaches allow you to install multiple versions of a program simultaneously. Sandboxing as a security feature can play a role, or isolating apps so that they do not interfere with other programs.
Additionally, not all software can be easily packaged and kept up to date with the use of traditional package formats, especially for distributions like Kali Linux that ship hundreds of highly specialized applications. Many of these applications are not available in the Debian repository, and others are difficult to package (e.g., because they expect outdated libraries that virtually no distribution now includes).
To address these problems, Kaboxer, a Docker and DEB package-based application developed for Kali Linux, which specializes in penetration tests and digital forensics, transparently deploys difficult-to-package applications in Docker containers within the Debian packaging system.
Kaboxer
Kaboxer [1] is short for Kali applications boxer. Kali Linux is based on Debian and uses its package manager. The Kaboxer framework extends the Debian package system to include containers but integrates them into the existing system and controls them transparently.
The developers emphasize the compatibility of this approach with other Debian variants in the documentation. They create Docker images of the applications, which they link with classic Debian packages. During the installation, these packages then download the images. To create the DEBs, the Kaboxer team has extended Debian's debhelper
packaging tool with the debhelper_kaboxer
option and adapted the build system accordingly. You install the packages in the usual way with the sudo apt install
command, and the applications are then available in the main menu.
Docker Makes It Possible
The decision in favor of Docker does not rule out other container formats in the future. The only reason Docker was chosen first was because its containers come with a large number of parameters for configuration, so images can be integrated easily, both with the host system and across multiple containers.
To weave its magic, Kaboxer uses existing Docker features such as mountpoints and port redirects. Menu items are created with .desktop
files created by Kaboxer. All the details for the integration, as well as the instructions for creating or retrieving the Docker image, are in a single YAML file, which, in turn, is packaged in one of the DEB files provided by the Kali project. The post-installation script from these packages downloads the image so that the application it contains can be used immediately afterward.
Transparently Integrated
After containerizing an app, Kaboxer's next task is to deploy the app so that users can use it with the familiar Debian package management commands. Kaboxer's other task includes ensuring the persistence of the data created by the user with the respective app, even if the user deletes the corresponding container.
For this reason, Kaboxer has functions for configuring volumes shared between host and container. A graphical user interface (GUI) or web application involves additional steps. GUI apps, for example, need access to the host's X11 socket. For web applications, the HTTP port has to be enabled, and the web browser has to be started with the respective URL.
Buy this article as PDF
(incl. VAT)