back to article Penguins in a sandbox: Google nudges Linux apps toward Chrome OS

Sleuthing has revealed more details about Google's project to allow its locked-down Chrome OS to run Linux applications – and well-informed speculation on its architecture. Word of project "Crostini" – or fancy crouton – first emerged from public source code comments earlier this year: Add Crostini experiment to fieldtrial …

  1. Joe Werner Silver badge


    "project "Crostini" – or fancy crouton"


  2. Will Godfrey Silver badge

    Safe for who?

    Not the users I bet.

    1. Will Godfrey Silver badge

      Re: Safe for who?

      Can one of my downvoters explain how placing Linux, which collects no personal information inside a closed box designed by the poster-child for guzzling such information makes the users safer?

      I regard such hoarding as a very real security risk.

      1. Anonymous Coward

        Re: Safe for who?

        Russian bots did it?

      2. Anonymous Coward
        Anonymous Coward

        Re: "does this read more like an ad-icle"

        @Will Godfrey "Can one of my downvoters explain how placing Linux"

        I never down-voted you, but your looking at this from the wrong perspective, this adds flexibility to what is quite a rigid eco system. As long as there is privilege management of this function, i.e.

        1) How/When this features is available can be locked down

        2) What can run can be restricted

        Then this opens up a whole world of possibilities. For example, about 4 years ago I ran the IT for a small consumer financial services company, we considered Chromebooks for our call centre staff as they were cheap and fairly secure.. aside from lacking proper AD integration, they had absolutely no viable softphone solution!

        If we had the ability to run Linux apps, then there are a dozen different options we could have used to overcome the softphone issue.. Which would have been a game changer.

        1. doublelayer Silver badge

          Re: "does this read more like an ad-icle"

          Couldn't you buy some cheap laptops and put Linux on them? Some of the chromebooks have the ability to boot externally (I think by people finding BIOS access somewhere, but I try to avoid those), and there are a lot of windows laptops with similar components and prices. Although you might not want to buy them to run windows on given the problems shoving windows and running programs into 2gb or less of memory, most Linux distros should work OK for that. Then you could have them use firefox or chrome, whichever you or they prefer, and use any Linux applications you want. Administration would be basically the same, and if the network dies the machines can still be used for a few things.

  3. iron Silver badge

    Surely just wiping out the Google crap and replacing it with linux would be better for security, performance, usability, etc.

    1. ratfox

      Chrome OS is having a certain success in schools, where students receive a ChromeBook managed by the school. Would you be willing to manage a fleet of Linux laptops for a hundred teenagers, fix their issues, be responsible for them being secure, etc...?

    2. jacksmith210060

      ChromeOS is most secure OS you can get.

    3. Anonymous Coward
      Anonymous Coward

      Erm no,. Chrome OS is as secure as it gets, way more secure than any other OS. Even Linux doesn't run a fully signed, read-only totally unmodifiable sandbox OS...

      1. JohnFen

        As secure as it gets? So ChromeOS doesn't send any data back to Google?

        1. Anonymous Coward
          Anonymous Coward

          You are confusing security and privacy. And with regards to privacy, it depends on the type of account you are signed into, business pay account, school, personal "free" account, it depends on the app, in exactly the same way a Firefox browser would send day back to Mozilla on Linux, or IE would on Windows..

          Chrome OS is very secure, as it unlike any other OS, it's runtime is a complete chain of trust, each component during load checking the next. There is no way anything can slip between those cracks, and it's security is proven in real real world. You simply don't get Chrome OS malware, you might get rouge add-ons within their own sandbox, but the host OS can't be modified.

          The other side effect of all this, is s Chromebook will not slow down over time like windows, Mac and Linux PC's. The OS never bloats, as it never changes. My 3yr old Chromebook bis as fast today as it was the day I bought it, and still delivers 12hr use from a charge, which is unheard of with traditional laptops.

          1. GrumpyOldBloke

            I am not aware of Linux slowing down over time.

            Windows, most definitely.

            Linux, no.

            1. Anonymous Coward
              Anonymous Coward

              Linux based distribution slows down over time, as do Mac, as does any traditional read/write operating system, where maintenance occurs by changing files. Files get fragmented, old packages get left lying around, backup versions of old scripts are left lying around and so on.

              Chrome OS is serviced as a complete read-only, fully signed runtime image patch. Totally different to all other operating systems. (I can't think of anything else that works this way)

              Go educate yourself as to how conventional operating systems work (win, Mac Linux all fundamentally work and are serviced in a very similar manner), Chrome OS is entirely different.

              1. JohnFen

                "Linux based distribution slows down over time"

                I've been running various flavors of Linux since the very beginning, and haven't noticed this yet.

          2. Updraft102

            The other side effect of all this, is s Chromebook will not slow down over time like windows, Mac and Linux PC's.

            Windows is known for that, though I must say that in more than a quarter of a century using Windows, I've never experienced it myself. When I retired Windows XP on my laptop a couple of years ago, it was the initial installation I'd performed in 2008, and it was still fast and responsive. If you don't load the thing up with malware and 200 programs that start at boot time and infect your system tray forevermore, it tends to keep working well.

            Also, your battery isn't magical. If you deep cycle it a number of times, its life span will follow a predictable curve. I have a Chromebook-spec low end PC that came with Windows 10 (which I promptly disinfected and replaced with Linux Mint and Powertop), and it lasts about that long too (I didn't time it the last time I had it out, but it seemed to go all day).

            As long as I treat the battery gently, it will keep doing that for a while, but if I use it, it's going to lose life like every other battery. Fortunately, the unit is easily disassembled; I can have the bottom case off in about one minute (nine screws) and the battery out in another (two more screws and not glued to anything)... unlike some of those glued or welded together "high end" models from MS and Apple that are meant to be replaced.

            My $180 pseudo-Chromebook is repairable, but the ones that cost more than five times that are disposable. Go figure.

            1. doublelayer Silver badge

              If you want to have an unmodifiable OS image, you could take any Linux or other OS that can be booted as a live environment, set it up in the way you like, and make a live CD style image of it. Then drop that as the boot image to a read-only partition. If necessary, lock down the BIOS as well so I can't possibly change it without your code. You could technically execute malicious software on it, but the software cannot persist across boots. You could also restrict which binaries can run so nobody can download code or bring it on a USB disk and run it. Just make sure the home directories are stored on a separate read/write partition so you can keep documents, browser cookies, and the like across boots. That shouldn't take that long to assemble--I have a similar setup on my fix-a-system USB disk so I neither have to re-download tools from the repositories nor find an alternate place to store notes I want to remain available after shutdown.

              Chromebooks seem to exist because Google wants to train users to use only google apps, as not many others will work at all, and google's are the only ones with support baked directly into the OS. I always get nervous when I see these used for schools, because I know google wants people to use systems for data storage and word processing that only google controls, so they can later count on a stream of users of the "free" products.

          3. JohnFen

            "You are confusing security and privacy."

            I'm not, really. Privacy is a subset of security. Once my data has been transmitted to another entity, that's a security issue. Whether or not you consider it an unacceptable security risk depends on (in this case) how much you trust Google. I do not trust Google.

            "And with regards to privacy, it depends on the type of account you are signed into"

            Really? So there's a way to use Chrome OS that does not involve sending data to Google at all?

            "There is no way anything can slip between those cracks"

            Be careful with those sorts of sweeping statements. There is always a way, no matter what. The only question is how much effort is required.

        2. claude j greengrass

          Secure ≠ Privacy

          You are confusing security with privacy. They are not the same. You need security to have privacy, but you can, as in the case of most current OS's, have security without privacy.

          1. Anonymous Coward
            Anonymous Coward

            Re: Secure ≠ Privacy

            You want both. Anything that impinges on privacy is a security risk.

          2. JohnFen

            Re: Secure ≠ Privacy

            "but you can, as in the case of most current OS's, have security without privacy."

            I disagree entirely with this. The very best you could possibly do (in an ideal world) is reduce the number of attackers to 1 -- the entity that you're sharing data with.

          3. Anonymous Coward
            Anonymous Coward

            Re: Secure ≠ Privacy

            A lack of privacy widens the attack surface. Meta data can be very useful.

    4. Anonymous Coward
      Anonymous Coward

      @iron - Good luck with that!

      Chromebooks are choked full with DRM.

  4. TVU

    Penguins in a sandbox...

    It'll certainly be useful for those who want access to full software as opposed to web apps.

  5. jacksmith210060

    This is just huge. Able to use GNU/Linux applications securely and out of the box makes ChromeOS so much more attractive.

    Hope we also get instant applications with a download of a container, runs and disappears and no install required.

    Have a PixelBook and stream and wine also working.

    1. keithzg

      I actually already run Steam on my Pixelbook, but I reboot into Kubuntu to do so; this definitely opens such things to people less willing to invasively tinker with a $1000+ computer like I am ;)

      (P.S. Slay The Spire is great on a touchscreen!)

  6. g00se


    Not sure why that would be any good. You can already use Crouton if you want to run Linux in 'user space'. What would be of interest is running Linux on the metal. Natch they won't allow their lockdowns to do that

    1. claude j greengrass

      Re: Why?

      Crouton suffers from the requirement to be in "developer mode" disabling Verified Boot. Crostini doesn't have this requirement.

      Crostini used the KVM of the Chrome OS kernel to run a second copy of the Linux kernel which has containers enabled. The Linux applications run in/on this second kernel. No hardware is emulated.

  7. IGnatius T Foobar

    Linux on ChromeOS on Linux

    So now we can run Linux software on ChromeOS, which is Linux. Got it. I'm sure there's plenty of "value added" data slurping and snooping, but it's still better than having Richard Stallman screaming at us that he thinks we should call it "GNU/ChromeOS"

  8. DrBed

    It's not about just Linux apps...

    It is how it is already done with Android apps. All (or most) of 3,7M apps:

    As R. Payne said @Chromeunboxed:

    "whatever the delivery method ends up being (Chrome extensions, Play Store, Web Store, or something new), once I install an app on my Chromebook, I expect to be able to find it in my app launcher, see it on the shelf when open, and pin it to the shelf if I choose."

    > "One OS to bring them all and in the container bind them, In the Land of Chrome where the apps lie." :D

    Think about it as it's done with user friendly MacOS/iOS GUI & powerful *nix below. But with much more choice & user control.

    1. Anonymous Coward
      Anonymous Coward

      @DrBed - Re: It's not about just Linux apps...

      I agree with you on all but the last sentence. Especially using the words control and user together. To me it's about controlling the user and here I'm with Stallman. I want a computer that trusts me not Google or Microsoft or anybody else.

      Make no mistake! Linux is free while running Linux applications on Google Chrome or Microsoft Windows is not.

      If I remember correctly someone was saying something about giving up privacy in exchange for security but I can't remember the rest.

      1. DrBed

        Re: @DrBed - It's not about just Linux apps...

        > "I agree with you on all but the last sentence"

        It was TWO sentences interrelated, so I will adapt it just for you:

        "But with much more choice & user control THEN MacOS/iOS (not GNU/Linux)."


        > "Linux is free while running Linux applications on Google Chrome"


        You really can't think out-of-the-box?

        How about running Linux apps on (top of) Chromium OS / Gallium OS - at Chromebook? Or, flatpacked and Crostini-containered e.g. Inkscape is not free/open source anymore, just because of - hardware?

        @RMS IGnatius T Foobar said:

        I'm sure there's plenty of "value added" data slurping and snooping, but it's still better than having Richard Stallman screaming at us that he thinks we should call it "GNU/ChromeOS"

        1. Anonymous Coward
          Anonymous Coward

          Re: Re: @DrBed - It's not about just Linux apps...

          First of all, if you use the word THEN this means you're starting a new statement and yours is lacking the verb.

          Second, I like your marketing/management speak "think out-of-the-box" but we're talking different points here. I'm speaking from end-user point of view so when I say running Linux applications on top of a closed proprietary system is not the same thing as running Linux, unless you tell me I can load those applications without passing through Google/Microsoft app store with all their restrictions.

          What RMS calls it is not my concern. It's what RMS tried to teach us about end-user digital freedoms that was my point. Looking at your post, he largely failed since you don't see the difference between what Google allows you to do on its platform and what Linux would have offered. Your opinion that slurping and snooping is OK proves that. Typical Stockholm syndrome.

  9. TrumpSlurp the Troll

    You say costini and I say crostini?

    Slightly worrying where the code comments use two different but very similar spellings.

  10. jelabarre59


    The only "Linux" application I really need on a Chromebook is an X-server. Then I could remote into my desktop/mid-tower machine and just call up applications from there. Then again, id Google really wanted they could make an X-server as a Regressive Web App.

  11. DrBed

    Google Just Forked a Popular GTK Theme

    "Google is working on its ‘own’ GTK theme for Linux apps to use in Chrome OS.

    Not just any GTK theme but one forked from the Material Design inspired Adapta GTK theme."

    "Google Wouldn’t Need a GTK Theme for CLI Tools, Would It?"

    "Would Google need a fancy theme if Crostini wasn’t aimed at regular users?"


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022