I’m new to Linux and just in the process of trying to setup Wine so I can run some old Windows games and programs. I’m also setting up OnlyOffice as well and a LAMP server. I’d like all three to be run isolated in different containers to the rest of the system.
However, I’d like my files (exe, docx, php etc) to sit on the hard drive of the OS itself in the regular places you would have them. Potentially I’d have each one under a different user account as well for additional security. When anyone attempts to run these files, they would only run in the container of e.g. OnlyOffice, because that’s where OnlyOffice is installed. The files may be on different partitions as well, so I need centralised containers for the apps to run them wherever they are located.
Would Docker work for this functionality? Or am I looking more at something like Firejail/AppArmour instead? From what I have read it doesn’t seem like Docker is what I’m after but I just want a way to isolate the running of the apps and the overarching software that controls them into the container but the files can exist anywhere so there’s less to worry about and I can structure things the way I’d like. I don’t think there would be any issues if the files themselves existed outside the container.
Any advice would be appreciated. Thanks.
Why I would not choose Docker
- You opened the topic in the “Docker Desktop for Linux” category and Docker Desktop is for development, so that is definitely not for you.
- Docker CE is which is running also in the virtual machine of Docker Desktop and it existed even before Docker Desktop. It is still not for running applications with GUI, however, you could do that.
- The goal that you described seems to me that you want some isolation and maybe the ability to run multiple versions of the same application for different users, and you heard, that Docker can do that. Docker is a software that can run containers but it is not the only one. There are other softwares like AppImage or Snaps. I think these could help you more, but I never created my own Snap or AppImage package.
What you can do with Docker
- You also mentioned you want to run a LAMP server. You could do that with Docker if you can set the proper ownership and group membership on the files that you store on your host and/or configure the PHP and Apache to run as the user on the host not as the default “daemon” or “www-data”
- On the other hand, if you allow the users to use Docker, they wil be able to get root access. Probably not everyone would be able to do that, but they could and it is not even hard so don’t do that unless you trust all of the users.
- You could also use “rootless docker”, which means you run different Docker daemons for each user so everyone would use their own Docker. This would mean more configuration and not all features would work, since some of the features require root access. Using rootless docker also means every user would download all the docker images again, so it could require more space
- If you want LAMP server, you could use Docker Desktop too which is similar to rootless Docker since every user has their own Docker Desktop instance (I never tried it with multiple users), but you can also access system files which you might not want to allow for everyone, Docker Desktop is free for personal use and small companies. See Docker FAQs - Docker
Since Docker Desktop creates virtual machines, you would need much more resources if you would like to run multiple Docker Desktops (multipe virtual machines)