The Debian subsystem integration enhances host distributions by enabling the execution of chrooted command-line and graphical applications from Debian. This integration relies on a chroot environment to facilitate seamless operation of Debian applications within the host environment.
# build project
make
# install project
make install
# set suid bit
chmod u+s /bin/lsl
# copy rootfs into /var/lib/subsystem directory (or use debootstrap)
debootstrap --arch=amd64 stable /var/lib/subsystem
Note: If you have issue about undefined symbols you must use make CFLAGS=-DNODLOPEN for building.
Note: If you use systemd distribution. you must use make CFLAGS=-DNOUNBIND for building. unbinding on systemd is broken (yet).
A PAM module is available to automatically synchronize the subsystem during login, though it's disabled by default. To build and enable the PAM module, use the following commands:
# build pam module
make pam
# install pam module
make install_pam
# enable module
echo -e "auth\toptional\tpam_lsl.so" >> /etc/pam.d/system-auth
# Note: The file name may vary on your system.
For creating shell:
lsl /bin/bash
Or directly run a command
sudo lsl apt install nano
- Written pure C without any dependencies
- Open files with subsystem applications
- Home directory is common
- Doesn't need a service
- Simple cgroup controller
- Simple sandbox environment
- To enable polkit, you need to disable the cgroup controller. Use the following command:
LSL_NOCGROUP=1 lsl ...- If you want to disable the sandbox feature, you can do so with this command:
LSL_NOSANDBOX=1 lsl ...-
In a sandbox environment, the UTS namespace must be isolated. This necessitates the acceptance of xhost +local: to enable local connections to the X server. This command ensures that users within the same local environment can display graphical applications on the screen.
-
udev package post-install script broken. If you give an error, you must remove postinst file and fix instalation.
# remove postinst
rm -f /var/lib/dpkg/info/udev.postinst
# fix
apt install -f- If you have an audio issue, you can try this:
# enable tcp server for pulseaudio or pipewire-pulse
# run this command on host
pactl load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
# you must set environment variable
export PULSE_SERVER=127.0.0.1- If you want to remove subsystem you must unbind before. Then check /proc/mounts and remove:
# unbind
lsl -u
# check: empty output is normal.
mount | grep "/var/lib/subsystem"
# remove rootfs
rm -rf /var/lib/subsystem- If your distribution uses systemd. You cannot unbind. You can use live system for removing rootfs.