
Android container in Chrome OS - navigaid
https://chromium.googlesource.com/chromiumos/platform2/+/master/arc/container-bundle/
======
quantumwoke
I can't wait for the day that phone operating systems development environments
are a docker pull away. It's encouraging to see Google approaching my ideal
workflow using containerisation. Apple systems are great until you run into
the garden walls and are forced to use closed-source single platform software
like Xcode. Chrome OS and Android are a lot more open in many respects.

Hopefully efforts like this continue with Fuchsia and other Google products.

~~~
skrowl
To be fair you can't go very far without running into garden walls in Apple
land. It doesn't just apply to development.

Want to change your launcher / dialer / etc? WALL!

Want to run a different web browser (an ACTUAL web browser complete with JS /
CSS engine). WALL!

Want emulators or adult-themed apps? WALL!

Want to develop for iOS or macOS on Windows or Linux? WALL!

The list goes on and on...

~~~
millstone
ChromeOS is significantly more locked down than macOS, developer mode
notwithstanding. Firefox for iOS may use WebKit, but Firefox for ChromeOS
isn't even a thing.

~~~
eigenvector
Conversely, a ChromeOS _device_ is much less locked down than an iOS device,
since you can run full Linux (with root) in a chroot on a ChromeOS device.

~~~
millstone
We may be doomed to an infinite regress here. After all, a Chromecast is more
locked down than an iPad...

Someone considering running chrooted Linux on a Chromebook is going to be more
interested in a Mac than an iPad, so IMO that's the more useful comparison.

I did run Crouton on a ChromeOS device and came to regret it. ChromeOS devices
don't run a mainline kernel, they run something that Google provides which
eventually stops receiving updates.

The audio app I wanted to run required a newer kernel, and there was no way to
get it short of forward-porting a bunch of device support and building it
myself.

IMO for Linux development, users are better served by a real Linux laptop than
by a ChromeOS chimera.

~~~
jsight
I would prefer a powerful ChromeOS device with the ability to run Linux
containers over an iPad or a Mac. I suspect that I'm not the only developer
who thinks that way.

But I sort of agree with you too. I'm running Linux desktops rather than
Chrome machines for that reason.

------
jacksmith21006
Better is ChromeOS 67 enables running your own containers without having to
put CB in developer.

It uses the KVM to run a second Linux kernel. So you will be able to use
GNU/Linux applications including Steam. More to be shared at Google IO this
year.

~~~
tootie
Are you sharing a rumor/insider knowledge? Can I do this right now?

~~~
zifnab06
The current dev branch (67) supports this.

From crosh:

vmc start dev start_container.sh --container_name stretch --user
<yourusername> \--shell

That should drop you into a shell in a debian stretch distro. You can install
packages and launch them. I haven't figured out if there's a way to pin them
to the shelf yet and launch that way.

------
reggieband
I just had a vision of all major OS projects providing developer containers
for their projects. Like, you could just pull the latest Firefox dev container
and run a single command to have a running debuggable app.

I know one of the major pains we have when on-boarding new people is the whole
dance to get to that first working build / first meaningful change. I can
imagine this being significantly more simple if a working dev environment was
shipped as a container.

~~~
AnIdiotOnTheNet
You know, there once was a time when we did everything in folders and didn't
need the overhead of containerization just to keep well behaved things from
stepping all over each other and breaking everything.

Like all progress in computing we've reinvented the wheel, but now with a few
additional layers of abstraction and the consequential performance
degradation.

~~~
Phrodo_00
> keep well behaved things from stepping all over each other and breaking
> everything

Containers help with keeping bad behaviors from stepping all over each other.

~~~
AnIdiotOnTheNet
Yes, that's their value. You shouldn't need to use them for your development
environment or normal every day software.

Unless of course you're saying that most software in the GNU/Linux world is
badly behaved, which I'd kind of agree with.

------
jacksmith21006
By looking at the comments this article is creating confusion. So I thought I
might provide an overview of the two things happening with ChromeOS.

1) Android apps have been enabled on many Chromebooks using a locked container
that shares a Linux kernel with ChromeOS. You do NOT have access to the
container mechanism that is being used. It ONLY supports a container locked by
Google. It is NOT using Docker also.

This is available on both ARM and X86 Chromebooks and most recent models are
now supported. It took a while.

All Android apps run in a single container.

2) Starting with ChromeOS 67 and only on Pixel books so far there is full
GNU/Linux capabilities on a Chromebook without having to put the Chromebook in
developer mode.

Developer mode is how you turn off much of the security of a Chromebook and
keeping in this state is a bit of a hassle as when you boot you MUST remember
not to hit the wrong keys and wipe your CB.

What Google has done is enable the KVM on the Chromebook ChromeOS Linux
kernel. So you can run a second Linux kernel where you have full control of
the second Linux kernel.

Then on top of this VM Google is pushing the use of containers. So these
containers are completely separate from the Android containers.

Then all the containers on the VM share a common Linux kernel that is separate
from the Android and ChromeOS kernel.

What this does is keeps the highly secure aspect of ChromeOS while giving you
full GNU/Linux on the machine.

Google has also enabled forward GUI of the GNU/Linux VM to the ChromeOS
desktop.

So say you start XClock on the VM the window will open up on the ChromeOS
desktop.

What is also confusing to people is GNU/Linux has been available on
Chromebooks for a long time. There has been a number of ways to use.

1) Put CB into developer, install Crouton and you have GNU/Linux. But to use
Docker you MUST use rkt to start the containers.

2) Install the Android GNURoot app. This gives you GNU/Linux but in a fake
chroot that breaks many things. You can also use the Android XSDL app for the
GUI. Since Google implemented ALL Android apps in a common container the IP is
the same for both GNURoot and the XSDL app.

In ChromeOS 67 Google has fixed the IPs used by the Android container and now
using the NAT reserved IPs instead of private IPs. This solves a weird bug you
would run into where you had a IP conflict if you used the same private IPs
elsewhere.

Google is also using the NAT reserved IPs with the new GNU/Linux support
through a VM.

It looks like Google will be packaging GNU/Linux applications like Android
Studio in containers that you can then run on a Chromebook with just a click.
But will they be in the play store is unclear. But these containers will run
on the VM.

Google will have ChromeOS 67 hitting stable at the same time as Google IO
where they are rumored to explain things better. All of this new GNU/Linux
support with a VM is in beta.

~~~
terhechte
Hey! Thanks for the detailed reply. What I don't get is: ChromeOS is open
source, so why do all these things only work on certain hardware? Isn't there
a way to install ChromeOS on any laptop today and already use Anroid apps et
al, without said machine being a Pixelbook?

I have a machine that is not an official ChromeBook and I'd love to install
ChromeOS with Android support to try it out. But I've done quite some google-
fu and could not figure out whether this is possible (and how I'd set that
up).

~~~
sounds
To expand on andrewaylett's comment, that it is open source doesn't
automatically mean "100% hardware compatibility."

Even for the linux kernel, someone somewhere has to figure out how to get it
to boot on every piece of hardware.

It's not magic. The nice thing is that if the first person who gets it working
can just 'git push' their code to kernel.org, then the next person doesn't
have to redo all that work.

~~~
bhaavan
You're correct in sentiment. But one can't git push to Linux master without
having the patch reviewed and merged by a maintainer.

------
hammerandtongs
I'd really like this to evolve into a standard thing in our linux distros. By
which I mean apt-get'able, which it looks very close to.

I have no interest in the play store but I would like my lineageos/fdroid
userspace available directly to my desktop.

------
lima
I wonder how hard it would be to get this working on, say, Fedora...

At the very least, one would need to replace what sounds like a surfaceflinger
<-> wayland proxy.

~~~
jacksmith21006
Very easy with ChromeOS 67.

Just boot, launch a chrome window and type Ctrl alt t.

Then type vmc start dev.

Then you can use whatever distribution you want as you have full GNU/Linux.

Only works on Pixelbooks but Google will extend and will share more at Google
IO.

You can even package up gnu/Linux applications. One click and they run in a
container but on a second Linux kernel.

So Android shares the ChromeOS kernel where gnu/Linux will run in a container
on top of a VM using the KVM.

It is interesting that Google did not feel just using containers for GNU/Linux
was secure enough.

~~~
kuschku
And that helps me get an Android container running on an actual desktop OS
how? That was the question, after all.

------
andor
What about Binder? Do Chrome OS kernels come with Binder built in, or are they
emulating it on top of another IPC mechanism?

Edit: yes, Chrome OS kernels come with the binder driver enabled.

------
xrd
Does anyone have a link to what Chromebooks will support ChromeOS 67? Is there
a matrix somewhere?

~~~
jacksmith21006
Just about all will support ChromeOS 67 including ARM. But that does not mean
they all will get the new gnu/Linux without developer support.

Right now only the pixel book supports in ChromeOS 67.

Google will share more at Google IO as this is still beta stuff. The hope is
it will be more than just the PB.

------
jasonvorhe
This is incredible. Using this, going from Linux to Zirkon is just a Kernel-
switch away. Potentially they could replace small parts of the Linux-parts of
Chrome OS slowly and iteratively with Fuchsia.

------
wolfspider
I have an ARM64 React Native toolchain sitting on blocks for ChromeOS. Caret
is the IDE for this but Android SDK is truly lacking for ARM the build tools
are base level. There is a guide floating around out there to make your own
too. Looking forward to more stuff like this because essentially you get
realtime Native app development with this but hooking into the debugger via
crosh terminal is hard. Smoothing out the rough edges on this and then wow!
You will have a powerhouse. NativeScript? Even better in theory.

------
a1exanderjung
Interesting to see Chrome OS adopt process compartmentalization techniques
such as this, specifically adopting `cgroups'. Afaik, cgroups isn't enabled by
default and requires customizing the kernel before you can enable it. At the
very least, container tools such as Docker require symlinks too to invoke
chroot-like filesystem isolation and this is also not available.

It'll interesting to see where they'll go with this, specifically since Google
also work on Kubernetes and that new OS, Fuchsia.

~~~
patrickaljord
Speaking of which, it is now possible to run full linux and android apps on
chromebooks which support containers (and vms?) in a tab with the new official
Google Crostini project. Makes the Pixelbook more attractive.

[https://twitter.com/rothgar/status/981579699833880576](https://twitter.com/rothgar/status/981579699833880576)

More info on Crostini
[https://www.reddit.com/r/chromeos/comments/7ytpb1/project_cr...](https://www.reddit.com/r/chromeos/comments/7ytpb1/project_crostini_linux_vms_on_chrome_os/)
…

~~~
terhechte
Would this work on a ChromeOS that I install on, say, an aging PC Laptop?

~~~
jacksmith21006
Yes. The code is also being done in chromium OS.

------
indescions_2018
Thanks for publishing. Very informative. Am just setting up NeverWare as a
devenv for Android. With localhost ADB connections. Could prove a powerful
platform for Android automation.

Also noticed there is a web "demo" of Fuschia experimental OS. That can be run
in a single Chrome tab (click "guest"):

[https://mgoulao.github.io/fuchsia-web-
demo/](https://mgoulao.github.io/fuchsia-web-demo/)

------
torpedo
The recently announced Droplet containers extend on this idea with a
supposedly commercial-ready multiplatform solution

[https://dropletcomputing.com/](https://dropletcomputing.com/)

------
jacksmith21006
You can use gnu/Linux on Android with a CB. But you have to use a fake Chroot.
Just go to play store and install GNUroot.

Then install the Android XSDL app for the GUI.

~~~
rrix2
can you use this to properly replicate the functionality of dropbox,
though?[1]

[1]:
[https://news.ycombinator.com/item?id=8863](https://news.ycombinator.com/item?id=8863)

~~~
jacksmith21006
Should not be a problem unless I am missing something? Can what you are
talking about run on GNU/Linux?

------
mankash666
Theoretically, this container should be able to run in any host os supporting
containers.

I'd like to be able to run native (via container) android apps on my desktop
OS

------
zer0zzz
When the hell are we going to get electron and node.js apps on chromeos. Those
are far more important than these crappy blown up phone apps

~~~
bitskits
I disagree on the "more electron" front. Running old Chrome with known vulns
packaged up into an app is not the direction I'm looking for ChromeOS to go.
I'll take an app in a tab, please.

------
alsadi
Android need a kernel feature called binder which afaik is not part of vanilla
kernels / distro kernels.

------
asfdsfggtfd
Does this open the path to running android apps on gnu/linux desktop?

