The way distributions deliver software is changing. New package formats such as Flatpak and Snap are becoming more widespread, and containers are becoming increasingly important even for casual desktop users. There are many reasons for this. Developers want to see their software quickly reach users without having to create packages in different formats. Some approaches also allow multiple software versions to be installed simultaneously. Sandboxing as a security feature also plays a role.

In addition, not all software can be easily packaged and kept up-to-date using traditional package formats. This is especially true for distributions such as Kali Linux which ship hundreds of highly specialized applications. Many of these specialized applications are unavailable in the Debian repository. Others are difficult to package because they rely on outdated libraries that hardly any distributions come with anymore. Another reason would be to isolate apps so that they do not interfere with other programs.

Kaboxer [1], a Docker and DEB package-based application developed for Kali Linux, transparently deploys difficult-to-package applications in Docker containers within the Debian packaging system.

Kaboxer

Kali Linux specializes in penetration tests and digital forensics. Based on Debian, Kali Linux uses the Debian package manager. Kaboxer (an abbreviation of Kali Applications Boxer) extends the Debian package system via containers but integrates them into the existing system and controls them transparently via Kaboxer.

The Kaboxer developers emphasize the compatibility of this approach with other Debian variants in the documentation. The developers create Docker images of the applications, which they link in classic Debian packages. During installation, these packages then download the images. To create the DEBs, the Kaboxer team has extended Debian's packaging tool debhelper to include a debhelper_kaboxer option and adapted the build system to match. As a user, you install the packages in the normal way with:

sudo apt install

Afterward, you will find the applications in the main menu.

Docker Makes It Possible

The Kaboxer developers' decision to use Docker does not exclude other container formats in the future. Docker was initially chosen because its containers come with a large number of parameters for configuration, which means that the images can be easily integrated, both with the host system and across multiple containers.

To ensure this integration, Kaboxer uses existing Docker features such as mount points and port redirects. Menu items are based on .desktop files created by Kaboxer. All the integration details, as well as the instructions for creating or retrieving the Docker image, are bundled in a single YAML file. The file, in turn, is packaged in one of the DEB files provided by the Kali project. The post-inst script for these packages downloads the image so that the application it contains can be used immediately afterwards.

Transparently Integrated

After containerizing an app, Kaboxer's next task is to deploy the app so that users can open it with the familiar Debian package management commands. Kaboxer's other tasks include ensuring the persistence of the data created by the user with the respective application, even if the user deletes the corresponding container.

This explains why Kaboxer comes with functions for configuring volumes shared between the host and the container. Additional steps need to be taken for GUI or web applications: GUI applications, for example, need access to the host's X11 socket. For web applications, the HTTP port must be allowed, and the web browser must be launched with the respective URL.