Package applications in Docker containers

Neat Packages

Easy as Pie

The Kaboxer developers have so far packaged three applications, which I'll take a look at from a user's perspective with two examples – one a GUI application and the other a web application.

To recreate the examples, first deploy the main Kaboxer component

$ sudo apt install kaboxer

and make sure the user account you are using belongs to the kaboxer group with the groups command (Figure 1). If you want to know which applications are available with Kaboxer and which you have installed (Figure 2), use the command:

Figure 1: If you want to use the container framework, make sure your user account belongs to the kaboxer group.
Figure 2: With a search, you can quickly determine which applications are in Kaboxer format.
$ apt search --names-only '\-kbx$'

The first application to be tested is Zenmap, a graphical front end for the Nmap port scanner. Because Zenmap depends on deprecated Python 2 libraries, a normal installation of the software on Debian and its offshoots is a real pain, because the maintainers of the distribution have removed Python 2 from the repositories. Therefore, the Kali developers made Zenmap available as one of the first Kaboxer apps under the zenmap-kbx label. The package can be set up in the normal way:

$ sudo apt install zenmap-kbx

Figure 3 shows the installation process, which also creates an entry in the desktop menu structure (Figure 4). In the same way, you can set up the covenant-kbx package, which is a .NET-based command-and-control framework that includes a web front end (Figure 5):

$ sudo apt install covenant-kbx
Figure 3: When installing Kaboxer packages with Debian's package system, the content enters the system as a Docker image from the Kali developers' GitLab registry.
Figure 4: Kaboxer automatically creates an entry in the main menu of the desktop, where you launch the container.
Figure 5: Covenant requires a bit more work because you operate it from a web interface that the container launches in the browser.

Both apps work right away and without any indication that they are running in containers. Covenant automatically launches its web interface. The developer version of Firefox as a full-fledged GUI application also behaved in a completely normal way in the lab.

Some Disadvantages

Kaboxer apps take a little longer to install than traditional DEB packages. The tandem packages for a Kaboxer app are more or less just a kind of metapackage that downloads the content as a Docker image and then sets it up. However, you will not notice any further delays when launching these apps.

The Kaboxer model shares a disadvantage with its cousins Flatpak and Snap: the file size. Even programs that are only a few kilobytes in size tend to bloat to 50MB and more in the Kaboxer container because of the dependencies that are not available on the host system (or even duplicated, in the worst case), along with the overhead of the container itself. For this reason, Kali Linux, for example, does not include these applications in the operating system images; you have to install them manually to suit your needs.


Creating applications for Kaboxer is not too tricky. The tool's documentation [2] describes the required steps in detail, including creating and building a Docker image of the corresponding application. For larger scale deployment, it would make sense to automate the process with GitLab continuous integration (CI). For more information beyond what is described in the documentation, see the man pages for Kaboxer and kaboxer.yaml.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus