diyism/x11docker (linux sanbox like android shelter app)

## x11docker (linux sanbox like android shelter app)
"现在有很多国产linux程序了,比如 钉钉/飞书,
则linux上也有了隔离国产程序的需求,
试了1.virtualbox, 2.firejail, 3.docker theasp/novnc,
都不够方便实用, 最好用启动单个程序最快的是x11docker
@_:10个我离不开的android应用:
1.Shelter(隔离国产应用)"

#https://github.com/mviereck/x11docker
curl -fsSL https://raw.githubusercontent.com/mviereck/x11docker/master/x11docker | sudo bash -s -- --update

# ===========in host:
$ wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.18.tgz
$ tar xzvf docker-20.10.18.tgz
$ sudo cp docker/* /usr/bin/
$ sudo nohup dockerd >/dev/null 2>&1 &

$ curl -fsSL https://raw.githubusercontent.com/mviereck/x11docker/master/x11docker | sudo bash -s -- --update
$ sudo apt install nxagent xclip        # "--clipboard" sharing needs xclip
$ docker pull x11docker/xfce
$ x11docker --nxagent --clipboard --network --sudouser x11docker/xfce xfce4-terminal

# ===========in x11docker xfce4-terminal:
$ su -                                # the root password is "x11docker", while "x11docker … --sudouser"
$ echo 'nameserver 172.17.0.1' >/etc/resolv.conf     # in china, we must change dns from 8.8.8.8 to the fuck-GFW dns in host

$ apt install wget

# install dingtalk:
$ wget https://dtapp-pub.dingtalk.com/dingtalk-desktop/xc_dingtalk_update/linux_deb/Release/com.alibabainc.dingtalk_1.4.0.20909_amd64.deb
$ apt install libgtk2.0-0 libxss1 libxkbcommon-x11-0    # dingtalk needs these libs
$ dpkg -i com.alibabainc.dingtalk_1.4.0.20909_amd64.deb

# install feishu:
$ wget https://sf3-cn.feishucdn.com/obj/ee-appcenter/2844ab12b34f/Feishu-linux_x64-5.14.14.deb
$ apt install libnspr4 libnss3 libasound2 fonts-wqy-microhei
$ dpkg -i Feishu-linux_x64-5.14.14.deb

# install ssh server:
$ apt install openssh-server nano
$ nano /etc/ssh/sshd_config      # add "PermitRootLogin yes"
$ mkdir /run/sshd
$ /usr/bin/sshd

# install googlepinin:
$ apt install --no-install-recommends fcitx-googlepinyin fcitx fcitx-config-gtk fcitx-frontend-gtk3
$ echo 'run_im fcitx' > /home/<your user name>/.xinputrc
$ chown <your user name>:<your user name> /home/<your user name>/.xinputrc
$ /usr/bin/fcitx -d
$ fcitx-configtool

# ===========in host:
$ docker commit <container_id>  x11docker_feishu_dingtalk

# run dingtalk in seamless mode:
$ x11docker --name dingtalk --nxagent --clipboard --network --home x11docker_feishu_dingtalk /opt/apps/com.alibabainc.dingtalk/files/Elevator.sh
# the "--home" parameter will share the host folder "~/.local/share/x11docker/x11docker_feishu_dingtalk/" as x11docker home folder writable
# run fcitx-googlepinyin along with dingtalk, but it dosen't work ever with fcitx-frontend-qt5 installed, only work in file sending/search pop window:
$ docker exec dingtalk /usr/bin/fcitx -d

# desktop mode, for debug:
$ x11docker --desktop --nxagent --clipboard --network --sudouser x11docker_feishu_dingtalk startxfce4

# run feishu in seamless mode:
$ x11docker --nxagent --clipboard --network x11docker_feishu_dingtalk bytedance-feishu-stable

#chrome:
$ wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
$ su -
$ dpkg -i google-chrome-stable_current_amd64.deb
$ google-chrome --no-sandbox
	"现在有很多国产linux程序了,比如钉钉/飞书,
	则linux上也有了隔离国产程序的需求,
	试了1.virtualbox, 2.firejail, 3.docker theasp/novnc,
	都不够方便实用, 最好用启动单个程序最快的是x11docker
	@_:10个我离不开的android应用:
	1.Shelter(隔离国产应用)"

	#https://github.com/mviereck/x11docker
	curl -fsSL https://raw.githubusercontent.com/mviereck/x11docker/master/x11docker \| sudo bash -s -- --update

	# ===========in host:
	$ wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.18.tgz
	$ tar xzvf docker-20.10.18.tgz
	$ sudo cp docker/* /usr/bin/
	$ sudo nohup dockerd >/dev/null 2>&1 &

	$ curl -fsSL https://raw.githubusercontent.com/mviereck/x11docker/master/x11docker \| sudo bash -s -- --update
	$ sudo apt install nxagent xclip # "--clipboard" sharing needs xclip
	$ docker pull x11docker/xfce
	$ x11docker --nxagent --clipboard --network --sudouser x11docker/xfce xfce4-terminal

	# ===========in x11docker xfce4-terminal:
	$ su - # the root password is "x11docker", while "x11docker … --sudouser"
	$ echo 'nameserver 172.17.0.1' >/etc/resolv.conf # in china, we must change dns from 8.8.8.8 to the fuck-GFW dns in host

	$ apt install wget

	# install dingtalk:
	$ wget https://dtapp-pub.dingtalk.com/dingtalk-desktop/xc_dingtalk_update/linux_deb/Release/com.alibabainc.dingtalk_1.4.0.20909_amd64.deb
	$ apt install libgtk2.0-0 libxss1 libxkbcommon-x11-0 # dingtalk needs these libs
	$ dpkg -i com.alibabainc.dingtalk_1.4.0.20909_amd64.deb

	# install feishu:
	$ wget https://sf3-cn.feishucdn.com/obj/ee-appcenter/2844ab12b34f/Feishu-linux_x64-5.14.14.deb
	$ apt install libnspr4 libnss3 libasound2 fonts-wqy-microhei
	$ dpkg -i Feishu-linux_x64-5.14.14.deb

	# install ssh server:
	$ apt install openssh-server nano
	$ nano /etc/ssh/sshd_config # add "PermitRootLogin yes"
	$ mkdir /run/sshd
	$ /usr/bin/sshd

	# install googlepinin:
	$ apt install --no-install-recommends fcitx-googlepinyin fcitx fcitx-config-gtk fcitx-frontend-gtk3
	$ echo 'run_im fcitx' > /home/<your user name>/.xinputrc
	$ chown <your user name>:<your user name> /home/<your user name>/.xinputrc
	$ /usr/bin/fcitx -d
	$ fcitx-configtool

	# ===========in host:
	$ docker commit <container_id> x11docker_feishu_dingtalk

	# run dingtalk in seamless mode:
	$ x11docker --name dingtalk --nxagent --clipboard --network --home x11docker_feishu_dingtalk /opt/apps/com.alibabainc.dingtalk/files/Elevator.sh
	# the "--home" parameter will share the host folder "~/.local/share/x11docker/x11docker_feishu_dingtalk/" as x11docker home folder writable
	# run fcitx-googlepinyin along with dingtalk, but it dosen't work ever with fcitx-frontend-qt5 installed, only work in file sending/search pop window:
	$ docker exec dingtalk /usr/bin/fcitx -d

	# desktop mode, for debug:
	$ x11docker --desktop --nxagent --clipboard --network --sudouser x11docker_feishu_dingtalk startxfce4

	# run feishu in seamless mode:
	$ x11docker --nxagent --clipboard --network x11docker_feishu_dingtalk bytedance-feishu-stable

	#chrome:
	$ wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
	$ su -
	$ dpkg -i google-chrome-stable_current_amd64.deb
	$ google-chrome --no-sandbox