JuNestOne interesting project that has been sitting on the DistroWatch waiting list for a few years is Jailed User NEST (JuNest). The project's documentation describes itself as follows:
JuNest (Jailed User NEST) is a lightweight Arch Linux based distribution that allows [users] to have disposable and partial isolated GNU/Linux environments within any generic GNU/Linux host OS and without the need to have root privileges for installing packages.
JuNest contains mainly the package manager (called pacman) that allows access to a wide range of packages from the Arch Linux repositories.The main advantages of using JuNest are:
Install packages without root privileges.
Partial isolated environment in which you can install packages without affecting a production system.
Access to a wide range of packages, in particular on GNU/Linux distros that may contain limited repositories (such as CentOS and Red Hat).
Available for x86_64 and ARM architectures, but you can build your own image from scratch too!
Run on a different architecture from the host OS via QEMU.
All Arch Linux lovers can have their favourite distro everywhere!
The purpose of JuNest is not to build a complete isolated environment but, conversely, is the ability to run programs as [if] they were running natively from the host OS. Almost everything is shared between host OS and the JuNest sandbox (kernel, process subtree, network, mounting, etc) and only the root filesystem gets isolated (since the programs installed in JuNest need to reside elsewhere).
While JuNest refers to itself as a distribution, it's not a Linux distribution in the usual sense. In fact, I'd hesitate to refer to it as a distribution at all. The project does not provide a stand-alone operating system you can install from scratch the way you could Debian, Fedora, or Ubuntu. To run JuNest we first need to have a host Linux distribution installed and running. JuNest also doesn't provide its own kernel (ie. it does not distribute Linux), JuNest relies on the host operating system's kernel. In this way, JuNest is more akin to a type of container or virtual environment which is added onto an existing distribution rather than its own Linux-based distribution. It might be better considered a meta-distribution in a similar vein to Bedrock Linux.I decided to try installing JuNest on a copy of openSUSE Leap. This, I figured, would provide me with a stable, openSUSE base while testing JuNest's ability to run cutting-edge software from Arch Linux. Setting up JuNest requires the host system to have bash, GNU Coreutils, and git installed. The first two are usually pre-installed on almost every Linux distribution while git is present in most distributions' repositories.
Installing JuNest is fairly straight forward. We can accomplish the set up with four commands. First, we grab a copy of the JuNest GitHub repository:
git clone git://github.com/fsquillace/junest
Then we set up local path information. This allows JuNest to find its tools (from the GitHub repository) and its isolated environment which is, by default, stored under ~/.junest.
The two above lines should be added to your shell's start-up configuration in order to make sure we can use JuNest the next time we sign into our account. Finally, we run a command to pull in some Arch Linux files and set up the environment:
At this point we have a minimal Arch Linux environment installed on our system under our home directory. We can use this core collection of Arch tools in a few different ways.
First impressions of JuNest
The first thing I noticed about running JuNest was that I could access the Arch-based environment by simply running "junest". This would give me an Arch bash prompt and seemed to effectively log me in as a regular user to the JuNest/Arch environment. I could run commands that were installed in the JuNest directory. I still had access to the files on my openSUSE host system, but could also run commands as though I were running a minimal Arch system.
In a small variation of this experience, if I had run "junest -f" I would be logged into the JuNest/Arch environment, but with a fakeroot account. This basically meant that, as far as the Arch environment was concerned, I was the root user and could perform administrative tasks, such as installing new software. Usually this does not seem to be necessary as I'll talk about later, but it's nice to know the "fake root" experience is available.
At this point, from my virtual terminal on openSUSE, I could run commands from either environment. For instance, I could run "sudo zypper update" to bring my openSUSE host up to date with new software packages. I could also run "pacman -Syu" to update my JuNest environment. Both commands could be run from the comfort of the same terminal window. I could also install new packages in the JuNest environment from Arch's repositories.
As an example, my copy of openSUSE did not ship with the Nano text editor, nor did the JuNest minimal environment. I corrected this by running "pacman -S nano", which installed the Arch Nano package into JuNest. I could then run "nano text-file" to create a new text file in my home directory. I could access and edit this file using native openSUSE applications or tools in the JuNest jailed environment.
This approach to seamlessly running programs from two separate environments feels similar to running Bedrock Linux which I talked about in a previous article. The main difference is Bedrock works with multiple different distributions, not just Arch. Bedrock is more flexible, but also requires more effort to set up and maintain. JuNest is specific to Arch (at the moment) and requires minimal effort to set up and maintain.
What about GUI applications?
At this point you might be thinking that having a jailed, Arch-based environment for testing software might sound cool, but does it only work for command line programs? Usually, if we want to run cutting edge software, we're more interested in desktop applications than command line tools. At least this was my main focus.
Running KWrite from the JuNest environment (full image size: 614kB, resolution: 1,125x863 pixels)
I installed a couple of desktop applications using the pacman package manager and tried out a few. For the most part, desktop applications installed inside JuNest ran seamlessly. Installing and running programs like KWrite or other simple graphical applications worked just as if they were running natively.
I did run into an issue when I tried a heavier application. Specifically, trying to run the Falkon web browser from the openSUSE command line did not work and reported an error saying the browser could not be run without the "--no-sandbox" flag set. This issue could be worked around by first running "junest" to launch the jailed environment and then launching Falkon from the JuNest shell. This is a minor workaround and functioned quite well, allowing Falkon to see and save files in my openSUSE user's home directory.
Running the Falkon browser from JuNest (full image size: 525kB, resolution: 1,125x863 pixels)
I found the JuNest software to be one of those rare gems that does exactly what it sets out to do, no more or less. The JuNest project gives us the ability to set up a semi-isolated Arch Linux environment in a jail. The software allows us to install and run software from the Arch repositories without contaminating our host operating system. This essentially gives us access to an Arch Linux environment without the overhead of a virtual machine. It also means we can use Arch applications on our desktop and share files between our host system and the JuNest jail seamlessly.
I did run into some errors with more complex applications, but those were easy enough to work around by simply running the junest command to access the jail's namespace.
All in all, I like JuNest. It may not be a full Linux distribution, like those we usual cover here, but it does provide a helpful way to run cutting edge Arch software from within an existing Linux distribution with minimal overhead or maintenance. The fact we can manage the JuNest environment and install additional software from Arch's repositories without administrative access also makes this a very handy tool for situations where we are working in a restrictive environment.
* * * * *
I'd like to thank Shells.com for donating the openSUSE test environment I was running this week. It allowed me to perform longer computing operations while travelling without interrupting what I was doing.