Container for accessing CAC enabled websites and VMWare Horizon. Useful for immutable distributions, such as Fedora Silverblue. Distrobox handles sharing USB devices, graphical applications, and setting up an init system for the container manager.
Install distrobox using your distribution's package manager:
rpm-ostree install distrobox -r # example for Fedora SilverblueIn this directory, build the container image:
sudo podman build -t cactainer .Disable and stop pcsc on the host:
sudo systemctl disable pcscd.socket
sudo systemctl stop pcscd.socket pcscd.serviceCreate a home directory for the container:
mkdir ~/cactainerWith your CAC in the reader, create the container:
distrobox create -i cactainer -n cactainer -H ~/cactainer -I -r
distrobox enter --root cactainer -- /post-install.shTo start CAC enabled Chromium:
distrobox enter --root cactainer -- chromium --incognitoTo start CAC enabled VMWare Horizon:
distrobox enter --root cactainer -- vmware-view -s afrcdesktops.us.af.milOptionally, create aliases for these commands.
On Fedora Silverblue 36, the user session crashes on the first distrobox enter and distrobox rm commands.
Ideally, these applications should be able to run in a rootless container or a Flatpak. This could be achieved by simply passing the pcsc socket from the host to the container. In this case, USB devices wouldn't need to be passed to the container and the container wouldn't need an init system. However, the pcsc server and client must share the same protocol. Red Hat patched pcsc-lite to support more smartcard readers which breaks interoperability with other distributions (see https://bugzilla.redhat.com/show_bug.cgi?id=2054826).