Skip to main content

Shell Configuration Engineering

This document provides a deep dive into how DbxSmith manages shell environments, themes, and user identities across different isolation strategies and Linux distributions.


I. The "Hook" Architecture

One of the primary engineering challenges in container orchestration is ensuring that the container's visual identity (e.g., prompt prefix and terminal background color) persists even if the user has custom dotfiles (.bashrc, .zshrc) that override standard environment variables.

1. Persistence via Hooks

Instead of direct PS1 or PROMPT assignment, DbxSmith injects shell-specific hooks into the container's global configuration. These hooks execute dynamically before every prompt is rendered:

  • Bash: Prepends a function to PROMPT_COMMAND. This ensures that even if PS1 is redefined in ~/.bashrc, the DbxSmith function will run immediately after and re-apply the cyan (box-name) prefix.
  • Zsh: Appends to the precmd_functions array. This is the idiomatic Zsh way to run logic before a prompt, ensuring the (box-name) prefix survives Zsh theme engines like Oh-My-Zsh or Powerlevel10k.

2. Terminal Background Injection (OSC 11)

DbxSmith uses the OSC 11 escape sequence (\e]11;#RRGGBB\a) to set the terminal emulator's background color.

  • Inside the box: The hook sends the sequence based on the image's deterministic hash.
  • On exit: The host runtime (dbx-smith.sh) sends \e]111\a (OSC 111 - Reset to Default) to restore the terminal's native colors, with a black fallback for maximum compatibility.

II. Strategy & Distro Matrix

The following matrix outlines the specific engineering actions taken by DbxSmith during the provisioning phase, mapped by strategy and distribution family.

StrategyAction LayerDebian / Ubuntu / KaliFedora / RHEL / CentOSArch Linux / Alpine
All StrategiesGlobal ConfigInject to /etc/bash.bashrc & /etc/zsh/zshrcInject to /etc/bashrc & /etc/zshrcInject to /etc/bashrc & /etc/zshrc
VisualsOSC 11 Background + PROMPT_COMMAND / precmd hooksOSC 11 Background + PROMPT_COMMAND / precmd hooksOSC 11 Background + PROMPT_COMMAND / precmd hooks
Bypasstouch ~/.zshrc to skip Zsh newuser-wizardtouch ~/.zshrc to skip Zsh newuser-wizardtouch ~/.zshrc to skip Zsh newuser-wizard
StandardIdentityHost User (inherited)Host User (inherited)Host User (inherited)
IsolationNone (Host mirrored)None (Host mirrored)None (Host mirrored)
AirgappedNetworkdbx-tmp bridge -> podman network rmdbx-tmp bridge -> podman network rmdbx-tmp bridge -> podman network rm
Homemount -t tmpfs eclipse over /homemount -t tmpfs eclipse over /homemount -t tmpfs eclipse over /home
GhostIdentityPost-bootstrap podman execuseradd -m ghostuser + sudo fixesPost-bootstrap podman execuseradd -m ghostuser + wheelPost-bootstrap podman execuseradd -m ghostuser + wheel
Accessdbx-smith enters via --user ghostuser --workdir /home/ghostuserdbx-smith enters via --user ghostuser --workdir /home/ghostuserdbx-smith enters via --user ghostuser --workdir /home/ghostuser
Isolated-NetNetworkDedicated NAT bridge (dbx-net-<name>)Dedicated NAT bridge (dbx-net-<name>)Dedicated NAT bridge (dbx-net-<name>)
Hometmpfs isolation of /hometmpfs isolation of /hometmpfs isolation of /home

III. Cross-Distribution Compatibility

DbxSmith is engineered to work across the major Linux families by detecting and targeting their unique configuration paths during the init-hook phase.

1. Global Profile Injection

To ensure every user (including ghostuser) gets the DbxSmith environment, the provisioner iterates through known global config locations:

# Targeted paths for Bash
/etc/bash.bashrc # Debian, Ubuntu, Kali, Mint
/etc/bashrc # Fedora, CentOS, RHEL, Alpine

# Targeted paths for Zsh
/etc/zsh/zshrc # Debian, Ubuntu
/etc/zshrc # Fedora, RHEL, Arch, Alpine

2. Bypassing the "New User" Wizard

Many distributions (especially those using Zsh) trigger an interactive configuration wizard if a user enters a shell without an existing .zshrc. This blocks the distrobox enter process.

Engineering Solution: DbxSmith automatically touches empty .zshrc and .bashrc files for all users in /home/* during the provisioning phase. This satisfies the shell's existence check and allows for a non-interactive, frictionless entry.


IV. The Ghost Identity Engine

For strategies involving the ghost identity, DbxSmith performs the following steps inside the container before the user session begins:

  1. Identity Creation: Moved to a post-bootstrap podman exec phase. Checks for ghostuser existence; if missing, runs useradd -m ghostuser and normalizes sudo ownership across /etc/sudoers.d to bypass user namespace limitations.
  2. Privilege Escalation: Automatically adds ghostuser to both sudo (Debian/Ubuntu) and wheel (Fedora/RHEL/Alpine) groups. DbxSmith also injects a NOPASSWD entry into /etc/sudoers.d/dbx-smith-ghost to allow frictionless administration inside the sandbox.
  3. Home Visibility: Distrobox typically mounts the host home directory for compatibility. However, because the ghostuser UID (1001) differs from the host UID (1000), access to /home/<host_user> is denied by the Linux kernel, achieving "identity-based" isolation.
  4. Runtime Mapping: The host dbx-smith command detects any ghost* strategy from the registry and automatically appends --additional-flags "--user ghostuser --workdir /home/ghostuser" to the distrobox enter command.

V. Technical Breakdown by Distro Family

StepDebian / UbuntuFedora / RHEL / ArchAlpine
Bash Config/etc/bash.bashrc/etc/bashrc/etc/bashrc
Zsh Config/etc/zsh/zshrc/etc/zshrc/etc/zshrc
Sudo Groupsudowheelwheel
Init Hook Shell/bin/sh (Dash)/bin/sh (Bash)/bin/sh (Busybox)
Base Toolsapt-getdnf / pacmanapk

VI. Terminal Compatibility & Limitations

While the shell hooks for PS1 and PROMPT are universal across all standard terminal emulators, the dynamic background color feature relies on the OSC 11 escape sequence.

1. The OSC 11 Bottleneck

Not all terminal emulators implement the OSC 11 specification. If you see the Cyan prompt prefix but the background remains unchanged, your terminal emulator is likely ignoring the sequence.

CompatibilityTerminal Emulators
Full SupportKitty, Alacritty, XFCE Terminal, VS Code Terminal, WezTerm, iTerm2
ConditionalGNOME Terminal (Requires "Allow terminal applications to change colors" in profile settings)
Limited / NoneQTerminal (Default in some Kali installs), old versions of Konsole, tmux (Requires explicit wrapping)

2. Troubleshooting the "Static Background"

If your background does not change when entering a box:

  1. Test the Sequence: Run printf '\033]11;#ff0000\007' on your host. If the terminal does not turn red, it does not support OSC 11.
  2. Check Tmux: If running inside tmux, sequences are blocked by default. DbxSmith currently targets raw terminal sessions.
  3. Switch Emulators: For the full DbxSmith experience, we recommend using Kitty or XFCE Terminal on Kali Linux.

[!TIP] On Kali Linux, you can quickly install a compatible terminal via: sudo apt install kitty xfce4-terminal