Table of Contents ¶

• DESCRIPTION
• Crouton vs Crostini
  • Developer Mode
  • Resource Usage
  • Hardware Access
    • USB Serial
      • Serial Console
      • Uploading Arduino/ESP8286 Firmware via USB Serial Interfaces
    • Attached Storage: Permissions
    • Support of Multiple Linux Containers
• Setting Up A New Chromebook

DESCRIPTION ¶

Notes on setting up Crostini Linux containers on ChromeOS.

See:

https://discuss.linuxcontainers.org/t/using-lxd-on-your-chromebook/3823

Crouton vs Crostini ¶

Developer Mode ¶

• developer mode disables some chromebook security features
• unlike crouton, Crostini does not require the chromebook to be in developer mode

Resource Usage ¶

• Crostini requires more resources
• the Crostini linux containers can be killed during periods of low resource usage or inactivity
• on a chromebook with less than 4Gb, use crouton
• on a chromebook with 4Gb, Crostini is usable but may be terminated. If this system is your primary development environment, consider using crouton.

Hardware Access ¶

Crostini restricts hardware access.

The design of crostini protects the host OS (ChromeOS acting as a hypervisor) from the guest containers. Guest containers run arbitrary code. If this code can escape the container, it may be able to interfere with the web browser.

The downside of the crostini security controls is that USB devices must be explicitly whitelisted for use.

USB Serial ¶

Serial Console ¶

Serial ports can't be accessed directly from the container. A work around for using serial consoles is beagleterm.

Uploading Arduino/ESP8286 Firmware via USB Serial Interfaces ¶

Some microcontrollers such as some of the arduinos are whitelisted. If not, firmware can't be uploaded.

The microcontroller code can still be written and compiled in the container.

A work around is connecting the microcontroller to a Raspberry Pi. A relatively portable setup is using a microcontroller attached to a Raspberry Pi Zero.

Attached Storage: Permissions ¶

ext2 attached storage is mounted with root squash (root owned files on the file system are converted to the nobody/nogroup user). These files are not modifiable, even by the root user.

The permissions cause problems when burning Raspberry Pi OS images.

The boot partition is FAT and is writable:

• /boot/ssh can be touched to enable the ssh service

• /boot/config.txt can be modified

Modifying the rootfs of a mounted partition on ChromeOS will fail due to permissions preventing customization of the image: hostname, headless installations, ...

Workaround: use another system such as another Raspberry Pi

Support of Multiple Linux Containers ¶

Crostini installs a default Debian container named penguin. This container is assumed to exist by crostini and may cause problems if removed.

For example, after upgrading to a new Crostini release:

• starting termina from the command line may fail
• starting the default container (Terminal icon) repairs the installation and starts penguin
• entering termina from the command line now works

Both crouton and crostini support running multiple containers from different Linux images.

Setting Up A New Chromebook ¶

• in Settings > Advanced > Developers: enable the "Linux Development Environment"

• open crosh by using the key combo: ctrl-alt-T

• crosh: start termina

  vmc start --vm-type CROSTINI termina
  

• list lxc containers

  lxc list
  

• launch an Ubuntu 24.04 container

  # lxc launch ubuntu:24.04 <hostname>
  lxc launch ubuntu:24.04 test
  

• run a root shell

  lxc exec test bash
  

• upgrade the packages

  apt update
  apt dist-upgrade
  

• add a user for yourself

  groupmod -n <youruser> ubuntu
  usermod -d /home/<youruser> -m -l <youruser> -g <youruser> ubuntu
  passwd <youruser>
  

• copy your gpg, ssh keys and configuration

  cd /home/<youruser>
  ssh yourotherhost "tar zcf - .gnupg .ssh" | tar zxf -
  

• to login

  lxc exec test -- login
  

---

(markdown)