Fast sandboxed development container manager using podman, minimal permissions by default choose balance between security and convenience
NOTE: Version 0.1.X is considered alpha, breaking changes may happen at any point
Arcam started as a bash script and has evolved a lot since then, all code since v0.1.1
was written inside arcam container
Originally named box
- Sandboxed ephemeral container by default (podman defaults)
- Pass through audio, wayland, ssh-agent easily on demand with flags or config
- TOML configuration files for containers, customize your experience per project requirements
- Override dotfiles locally, so you don't have to rebuild the image to update dotfiles
- Automatic passwordless sudo (or
su
if not installed) - Consistant development environment on any distro, especially useful on distros like fedora atomic
- Offline use, container initialization process does not require internet connection (image has to be downloaded of course)
You can download binary for latest release here
Alternatively you can install it from crates.io
cargo install arcam
You can also install straight from git
cargo install --git https://github.com/sandorex/arcam
The CLI has up-to-date documentation, for help with configuration files run arcam config options
Making a custom container image is same as for any other container, to take full advantage of arcam keep following things in mind:
- Install
sudo
for nicer experience - Any executable files in
/init.d
will be executed on start of the container as the user, you can usesudo
orsu
for root access - Put dotfiles in
/etc/skel
which will be copied to user home on start, note that it may be overriden at runtime using--skel
- All data inside the container (not counting volumes) will be deleted when container stops, to add caching or presistant data use a named volume
For examples you can take a look at my container with neovim and all LSPs preinstalled
Both are great at their job, to provide a seamless integration with the host but not sandboxing
Arcam provides sandboxed experience by default, and it's your job to choose where/when to sacrifice security for convenience, it's highly configurable