Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Apps Are Not Coming To Many Still-Supported Chromebooks (betanews.com)

Posted by msmash on from the you-have-been-served dept.

While we know that Linux app support is coming to a range of Chromebooks from Lenovo, Acer, Dell and others, a post on the Chromium Gerrit reveals that devices running Linux 3.14 or older will miss out. BetaNews: Chrome OS is able to run Linux apps through the use of containers which help to keep the rest of the operating system safe from harm. As container support requires features that are only found in more recent versions of the Linux kernel, it means that many Chromebooks -- whose kernels are usually not updated -- will not be able to run Linux apps.

Here's the full list of Chromebooks that won't be getting the Linux love: AOpen Chromebase Mini (Feb 2017; tiger, veyron_pinky), AOpen Chromebox Mini (Feb 2017; fievel, veyron_pinky), ASUS Chromebook C201 (May 2015; speedy, veyron_pinky), Acer C670 Chromebook 11 (Feb 2015; paine, auron), Acer Chromebase 24 (Apr 2016; buddy, auron), Acer Chromebook 15 (Apr 2015; yuna, auron), Acer Chromebox CXI2 (May 2015; rikku, jecht), Asus Chromebit CS10 (Nov 2015; mickey, veyron_pinky), Asus Chromebook Flip C100PA (Jul 2015; minnie, veyron_pinky), Asus Chromebox CN62 (Aug 2015; guado, jecht), Dell Chromebook 13 7310 (Aug 2015; lulu, auron), Google Chromebook Pixel (Mar 2015; samus), Lenovo ThinkCentre Chromebook (May 2015; tidus, jecht), Toshiba Chromebookk 2 (Sep 2015; gandof, auron).

14 of 61 comments (clear)

  1. Original Configuration by MightyYar · · Score: 2

    I'm outraged that my $200 Chromebook only supports the same features it was sold with. I bought it specifically to get features that I wasn't aware existed yet.

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  2. If you actually do want Linux on a Chromebook by fibonacci8 · · Score: 3, Insightful

    Current version of GalliumOS supports most Chromebooks. It's an Ubuntu 16.04 base with adjustments for specific chromebook models (media key customization, other hardware configurations, etc. Doesn't seem to support ARM chipsets or Intel Pineview boards.
    Systems that are supported by GalliumOS
    and the newer version based on Ubuntu 18.04 LTS is in the works
    version 3.0 alpha

    --
    Inheritance is the sincerest form of nepotism.
    1. Re:If you actually do want Linux on a Chromebook by squiggleslash · · Score: 2

      While true, you lose the benefits of having a Chromebook if you do this. It just becomes another GNU/Linux laptop, one without the Page Up/Page Down buttons, albeit one that can be booted into ChromeOS from time to time..

      As others point out, you also generally have to install firmware modules to make this work. This is a complicated process, and if you want to still be able to boot ChromeOS, you can only do it with the rather annoying "Do this control key combination or we'll put you into a mode where you can easily and unintentionally powerwash your computer."

      It's... not ideal.

      The article is misleading, even if technically correct. Right now no Chromebooks come with the Linux feature enabled and supported. To use it you have to enable the dev channel for updates (not developer mode, just the equivalent of "Windows Insider" for Windows users, a channel that sends you betas of the operating system. Google specifically warns users not to rely on anything delivered via that channel being there forever, and has withdrawn features before (as I found out the hard way when Android app functionality was removed from my Asus C300 without warning.)

      So, as of now, Google is talking about never implementing a feature for some supported laptops that isn't officially available for anyone except beta testers. And by the time Google officially releases the feature, in a production ready form, it's quite possible that either those laptops will no longer be supported, or they'll have been upgraded to run a more recent Linux.

      In short, it's a non-story.

      --
      You are not alone. This is not normal. None of this is normal.
  3. Would require developer mode by tepples · · Score: 2

    So? Why would not you just download the source-code and compile it yourself?

    Because you would have to put a Chromebook into developer mode to install an unofficial kernel. A security feature in the Chromebook firmware allows anybody who turns on a Chromebook in developer mode to powerwash it by turning it on, pressing Space as prompted, and pressing Enter as prompted. This causes you to lose the day's work that you haven't yet been able to back up remotely and lose the use of the modified Chrome OS until you have a chance to reinstall it. (See "Chromebook Developer Mode Warning".)

  4. Re:Open source? by iggymanz · · Score: 2

    oh, you've just noticed that some vendors lock down things contrary to the open source intent and spirit? are you a dumb-ass?

  5. Security by rtkluttz · · Score: 2

    "Keep the operating safe from harm". That's both hilariousand fucked up. It needs to be the other way around. Run a sandboxed chrome OS inside of a linux container that is under the OWNERS control. Is security. The definition of malware is software not under the owners control, so by definition chromeOS is a security risk to the owner of the device.

    --
    Digital is, by definition, imperfect. Analog is the way to go.
  6. Re:Containers, Sandboxes, etc by bluefoxlucid · · Score: 2

    Containers generally provide security by segmenting the outside OS from the container. They're typically unbreakable.

    If you make a container by mounting your host libraries as writable into the container, you can of course modify code that runs as root on the host. Anyone with access to create a container generally is considered a root-level user because they can make a container with root as the user internally and with / as the / volume, and then they have root access.

    There's a sort of advanced setting where you map users so e.g. UID 0 is really UID 90,000. The user ID of the process creating the user namespace has all capabilities within the namespace, but none outside: it becomes root inside the container, and can't do root things outside the container. Generally, the process can only switch to another namespace if it has CAP_SYS_ADMIN in that namespace as well.

    That means a process can't leave the container and see your system; if it does leave the container (somehow), it's UID 90,000 and has regular user permissions instead of root permissions.

    --
    Support my political activism on Patreon.
  7. Chromebook firmware is partly Tivoized by tepples · · Score: 3, Insightful

    "unofficial" kernel? Does not that imply, there is also an "official" kernel? What is that

    The official kernel for a device is the one that stock firmware loads without having to be put into developer mode.

    and just how "open source" is that very concept?

    It's the phenomenon that Free Software Foundation has referred to as Tivoization: the user has the legal right to modify a computer program, but the hardware it's shipped on has technical measures to block use of a modified version. A Chromebook's stock firmware is partially Tivoized in the sense that though the blocking can be disabled, disabling it puts the user at risk of accidental data loss every time the machine starts.

  8. Hence Kernel version by DrYak · · Score: 2

    If you make a container by mounting your host libraries as writable into the container, you can of course modify code that runs as root on the host.

    Actually, nope. Doesn't work.
    That's partly the reason why they need a recent enough version of Linux kernel.

    There's a sort of advanced setting where you map users so e.g. UID 0 is really UID 90,000. The user ID of the process creating the user namespace has all capabilities within the namespace, but none outside: it becomes root inside the container, and can't do root things outside the container. Generally, the process can only switch to another namespace if it has CAP_SYS_ADMIN in that namespace as well.

    Yup, UID namespace.
    Means that from the point of view of the kernel, it would be UID 90000 trying to overwrite files that belong to UID0, thus nope, can't take over root files.

    But you need a recent kernel enough. The feature was introduced in 3.8 and the various filesystem started supporting it over the next few version. Hence probably the reason why Google requires 3.14

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  9. Want Linux? Run Crouton! by houghi · · Score: 2

    I run Debian with Crouton. That way I have a native Linux and if I want it, Chromebook stuff.

    [Crouton] stands for ChRomium Os Universal chrooT envirONment ...or something like that. Do capitals really matter if caps-lock has been (mostly) banished, and the keycaps are all lower-case?

    --
    Don't fight for your country, if your country does not fight for you.
  10. Re:Open source? by swillden · · Score: 2

    a post on the Chromium Gerrit reveals that devices running Linux 3.14 or older will miss out.

    So? Why would not you just download the source-code and compile it yourself?

    You can. Put it in dev mode and go nuts. You'll lose all of the nice Chromebook security guarantees, of course, and your machine will be running a system that is custom, untested and therefore likely to be less reliable, but that's a perfectly acceptable tradeoff for many power users.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  11. Re:Open source? by mi · · Score: 2

    your machine will be running a system that is custom, untested and therefore likely to be less reliable

    Whoah, whoah... Had anyone alluded to such a thing — that built from source makes anything "less reliable" — back in my days, Linux fan-bois would've scorched the very soil he stood on to crisp with their flame-throwers... Are we still on Slashdot even?..

    --
    In Soviet Washington the swamp drains you.
  12. Compare to Android 8's Project Treble by tepples · · Score: 2

    But wasn't one of the main selling points of ChromeOS the fact that it's seamlessly self-updating?

    Chrome OS seamlessly updates its userland. For comparison, Android has been working toward this since version 8 "knOckoff of Hydrox". Just as Android 4.x largely separated Google Play Services from AOSP to update the former faster, Android 8 introduced a frozen kernel and device driver ABI called Project Treble to separate AOSP from the hardware support to update the former faster.

    Why does that not include the kernel? [...] I guess the OEM's would have to get involved to do a kernel upgrade

    Bingo.

    The following applies to both Chrome OS and post-Treble Android: Because hardware manufacturers customize the kernel with custom device drivers, kernel upgrades require more cooperation from each hardware manufacturer than userland upgrades. Manufacturers would prefer to sell a new device. And in markets where cellular ISPs use different mutually incompatible cellular air interfaces, such as CDMA2000 vs. GSM/UMTS in the United States, kernel upgrades on devices with a cellular radio additionally require cooperation from each cellular ISP. Cellular ISPs would prefer to sell a new device with a new 24-month service commitment.

  13. GalliumOS by friedman101 · · Score: 3, Insightful

    FYI - there is a linux distribution called GalliumOS which is tailored to support Chromebook hardware. I've been running it for years on my Chromebooks. If you want linux apps, why not just install linux?