|
|
|
|
|
|
by westurner
1236 days ago
|
|
|
VSCode + containers + the powerwash feature would enable kids to STEM. Are flatpaks out of the question? Used to be "Gnome and Chrome" on ~Gentoo. Shouldn't the ChromiumOS host be running SELinux, if the ARC support requires extended filesystem attributes for `ls -alz` and `ps -aufxz` to work? Chromium and Chrome appear to be running unconfined? AppArmor for Firefox worked years ago? https://www.google.com/search?q=chromium+selinux ; chrome_selinux ? It seems foolish to have SELinux in a guest VM but not the host. |
|
|
`adb shell pm list packages` and `adb install` a list of APKs and CRXs.
Here's chromebook_ansible: https://github.com/seangreathouse/chromebook-ansible/blob/ma...
Systemd-homed is portable. Still, "Reprovision" the broken userspace for the user.
Local k8s like microshift that does container-selinux like RH / Fedora, with Gnome and Waydroid would be cool to have for the kids.
Podman-desktop (~Docker Desktop) does k8s now.
K8s defaults to blocking containers that run as root now, and there's no mounting thee --privileged docket socket w/ k8s either. Gitea + DroneCI/ACT/ci_runner w/ rootless containers. Gvisor is considered good enough for shared server workloads.
Repo2docker + caching is probably close to "kid proof" or "reproducible".
VScode has "devcontainer.json". Scipy stacks ( https://jupyter-docker-stacks.readthedocs.io/en/latest/using... ) and Kaggle/docker-python (Google) take how many GB to run locally for users < 13 who we don't afford cloud shells with SSH (Colab with SSH, JupyterHub (TLJH w/ k8s),) for either.
Task: Learn automated testing, bash, git, and python (for Q12 K12CS STEM)