Android Apps support on CloudReady via Anbox?

Comments

2 comments

  • Michael Pobega

    At the current time it's unlikely that we'll be able to support Anbox.

     

    The last time I took a look at it it required snaps (which we do not support) as well as some third party kernel modules, which could impact system security. In general we try not to use any third party kernel modules/patches outside of Google's branches or cherry-picking official patches.

  • Maksim Lin

    Hi Michael,

    I've only taken a quick look at the ANbox docs myself but from what I can tell, the only extrra kernel modules that Anbox requires are ashmem and binder, which I think are already shipped in standard ChromeOS kernels?

    Having a quick look on my lenovo X1 running Cloudready community edition (73.1.66 (Developer Build - neverware) stable-channel chromeover64) I can see /dev/ashmem but /dev/binder is not, but since its shipped in some offical ChromeOS kernels perhaps if wouldn't be too big a change to enable it in Cloudready kernel config? Given its shipped by Google in ChromeOS kernels I would not expect it has much impact of security?

    With the need for snaps - thats just the Anbox projects preferred way to distribute but would not be required to ship it inside cloudready. 

    Architecturally Anbox uses a LXC container to run their custom Android image inside and given LXC is already supported inside CrosVM perhaps it would not be a big security impact to also ship it inside Cloudready though as the Readme for Crostini points out, ChromeOS itself compromises some security by running ARC++ inside only a container and not inside a VM (the way CrosVM does for linux containers) so perhaps Cloudready would be willing to accept the same security compromise already made by Google for Android support on official ChromeOS devices?

    Maks.

Please sign in to leave a comment.