About
Hakurei is a security-focused Linux container runtime for running unmodified desktop applications, developed as a non-profit open source project. It also implements planterette, an experimental self-contained Android-like package manager with modern security features.
Security on the desktop has always left something to be desired. While Qubes OS provides excellent security, its performance and usability limitations make it unsuitable for most use cases. Hakurei attempts to fill that gap by running applications natively while still establishing decent compartmentalisation enforced by the kernel.
Hakurei runs each container as a dedicated subordinate user and sets up the container via unprivileged user namespaces as another layer of defense against privilege escalation. Unprivileged user namespace creation is made unavailable in containers by default to reduce attack surface, but can be optionally enabled for applications with strong built-in sandboxes to avoid having to ruin their sandbox.
Official releases are available via Gitea and documentation for the included NixOS module can be found here.
OS Compatibility
Hakurei does not try to support every major Linux distribution and their configuration of the kernel. Most Debian-based distributions disable unprivileged user namespace creation by default, and while that could be a good way to reduce attack surface, it also disables a layer of security where the kernel enforces strict limits on user namespaces created by an unprivileged user. Having to set up the sandbox as root also adds significant complexity to the setuid wrapper. The reduction of attack surface is also made irrelevant since hakurei can disable unprivileged user namespace creation on a per-container basis.
Users on affected kernels can switch to an unmodified (and up to date) kernel
or enable unprivileged user namespace creation by setting the
kernel.unprivileged_userns_clone sysctl to 1.
Whether or not it increases attack surface is largely dependent on what runs
on the system; however, if all apps are spawned by Hakurei and the rest of the
system is sufficiently secured, enabling unprivileged user namespace creation
should not increase attack surface whatsoever.
While Hakurei is primarily developed on NixOS and relies on Nix for its integration test suite, it does not target NixOS or make assumptions that are only true on NixOS. Unfortunately, mistakes do happen semi-often as the architecture of NixOS can often hide bugs and assumptions. Please report such anomalies if you encounter them.