Chroot Method (Needs Root)
First off, I am going to say my solution is the chroot method. This isn't my favorite choice of solving this problem as what I really want is to be able to encapsulate the program by itself on the host system, not create a subsystem or dual boot or virtual machine.
The 3 commands below do 3 things. The first one installs schroot and debootstrap. They are both necessary to be able to run a chroot environment. There are ways to chroot without root, but I would have to do more research on that. The second one creates a chroot environment in /srv/chroot/jessie for Debian Jessie. I already had the script on my machine, if it turns out that some people don't have that, I may update this answer to create the script. The third command allows you to paste into gedit the below config so you can start the chroot environment. There are also text based editors such as vim and nano that others have explained how to use if a graphical application is not available.
Commands
sudo apt-get install schroot debootstrap
sudo debootstrap jessie /srv/chroot/jessie
sudo gedit /etc/schroot/chroot.d/jessie.conf
Config
[jessie]
description=Debian Jessie x64
directory=/srv/chroot/jessie
groups=sbuild-security
aliases=stable
personality=linux
This command allows you to see what your display number is, write it down or remember it (it usually is :0 unless you have a special setup)
echo $DISPLAY
Then you will want to tell your main system to actually allow connections to your graphics environment from your chrooted machine (on the same physical device). This wiki should help a little bit. Putting this command in your .profile or .bashrc will allow it to already be running when you need it.
xhost +local:
Pre-Load Chroot Mounts
So, to get G'MIC to work, I followed the instructions about mounting the hosts special devices inside chroot.
You will want to execute this on the host system, not the chroot system. Basically, this allows you to use the special devices of the host system (I have to do more research to see how secure this is, but since chroot itself is inherently insecure, you will probably need a better solution besides this for security instead).
cd /srv/chroot/jessie/
sudo mount -t proc proc proc/
sudo mount -t sysfs sys sys/
sudo mount -o bind /dev dev/
Better yet, you will want to create a system service that can start these commands at boot. You can only run these once per boot or you will be locked out of your shell until reboot.
Run this to create the file, then paste the below contents into that file
sudo gedit /etc/init.d/mountChroot
Paste this into /etc/init.d/mountChroot
#!/bin/sh
### BEGIN INIT INFO
# Provides: chrootMount
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start: 5
# Default-Stop:
# Short-Description: mounts chroot special devices
### END INIT INFO
set -e
#PATH="/sbin:/bin"
. /lib/lsb/init-functions
error=0
case "$1" in
start)
mount -t proc proc /srv/chroot/jessie/proc/
mount -t sysfs sys /srv/chroot/jessie/sys/
mount -o bind /dev /srv/chroot/jessie/dev/
;;
stop)
#Do Nothing!
;;
restart|force-reload)
#Do Nothing!
;;
status)
#Do Nothing!
;;
*)
#Do Nothing!
;;
esac
exit 0
Now, run these commands to set the correct permissions and enable and start the service.
sudo chmod 755 /etc/init.d/mountChroot
sudo systemctl enable mountChroot.service
sudo systemctl start mountChroot.service
Starting the Environment
This command is the one used to actually start the chroot environment.
sudo schroot -c jessie -u root
Below is more specific to what you are trying to do inside the chroot environment. Basically your commands might change, but if you are also running Kali and trying to get G'MIC to cooperate while still keeping your Gnome Settings program, then follow exactly.
The reason you don't see me add gmic to the apt command is because turns out, that version also lacks the actual plugin I need, just like Kali's repos. So, I used my magic admin powers and copied the proper package from my desktop to chroots home folder.
Magic Admin Powers
sudo cp /home/senor/Desktop/gmic_debian_jessie_amd64.deb /srv/chroot/jessie/root/
Now granted, you may not be able to use your magic admin powers, or you just simply feel like wget is better. If so, do this instead (inside the Chroot environment):
apt-get install ca-certificates
wget https://gmic.eu/files/linux/gmic_debian_jessie_amd64.deb
Installing ca-certificates will not only install openssl, but it will also give wget the certificates it needs to establish a secure connection (as gmic uses Let's Encrypt, but wget didn't realize it was a valid cert until telling it). Also, wget just downloads the 64 bit version of G'MIC to whatever folder you are in (probably /root/).
Inside Chroot
apt-get install gimp libcanberra-gtk-module
dpkg -i /root/gmic_debian_jessie_amd64.deb
When you go to install G'MIC in itself, APT may complain and say that you are missing dependencies and that you should run "apt-get -f install" to correct it. One of two things will happen when you do this, either one it will install the missing dependencies and then install G'MIC, or two it will remove G'MIC and let you use APT again for other packages. For me on Kali it removed packages (G'MIC), but on Debian it installed dependencies that G'MIC required before installing. If you install the missing packages manually, be warned that it may remove system packages if you tell it to (but only if you manually install the dependencies), as APT will do exactly what you tell it to do. Now, it will ask you if you want to remove packages, so you can run the command and cancel it if it asks to remove packages that you want to keep.
Now, libcanberra is one of those packages that isn't a hard requirement to get the plugin installed, but without it, G'MIC is only there for looks, it won't actually modify your image and will just silently crash with some output to the terminal.
Now, that you have installed a graphical program, you will want to run this command whenever you start the chroot environment (for use with graphical programs).
export DISPLAY=":0"
Now, you can start Gimp (by typing gimp) and actually make images with the G'MIC plugin. All that's left is making it easy to share images with your main (host) system and making it easier/automated to start Gimp (or you could just use your magic admin powers).
Linking your chroot system with the host
Well, first I am going to say, linking it and making the link nice is a bit weird due to the fact that symlinking to the host system creates a broken link to a non-existent folder in the guest (or subsystem) system. Instead, I decided to create the folder in the guest system and link it to the host system. I just have to deal with file permissions since I don't want to make /root/ world readable.
sudo mkdir -p /srv/chroot/jessie/public/photoshop
sudo ln -s /srv/chroot/jessie/public/photoshop /home/senor/.data/photoshop
sudo chmod o+r /srv/chroot/jessie/public
sudo chmod o+rw /srv/chroot/jessie/public/photoshop
That above will create at least one symlink to the host system. I want to create one in chroot's /root/ and one on my desktop.
sudo ln -s /srv/chroot/jessie/public/photoshop /home/senor/Desktop/photoshop
Inside Chroot:
ln -s /public/photoshop /root/photoshop
Now, you may notice that the permissions are not right since you are running as root in the chroot system and as whatever in the host. Thanks to ACL I can set permissions automatically for any future created files (not ones already created). Do inside chroot.
chmod g+s /public/photoshop
setfacl -d -m g::rwx /public/photoshop
setfacl -d -m o::rwx /public/photoshop
If you want to set all files recursively that were already created... Do inside chroot.
chmod -R og+w /public/photoshop
Script to launch chroot's Gimp
Well, first, to make exporting the environment variable easier, you can just run the below commands in chroot.
echo -e "export DISPLAY=:0\ngimp" > /bin/run-gimp.sh
chmod +x /bin/run-gimp.sh
To run the script without need for a password, type this command and type the line with %sudo into the file.
sudo visudo -f /etc/sudoers.d/02_insecurities
Put into the terminal for allowing access to the command as sudo without the password (remember, anything giving root without security (like a password) is inherently insecure)
%sudo ALL=(root) NOPASSWD: /usr/bin/schroot --directory /root/ -c jessie -u root /bin/bash /bin/run-gimp.sh
Now you can type the below command without the need for a password (providing you are part of the group, sudo).
sudo /usr/bin/schroot --directory /root/ -c jessie -u root /bin/bash /bin/run-gimp.sh
Alacarte (or some other Menu Manager)
Decided to use sudoers instead of setuid because of automatic path setting and other security enhancements. Obviously this is still insecure to run root without password (even for a single command) and I would like to be able to run rootless, I just haven't figured out how yet.
You install alacarte if you do not already have a menu manager and depending on what manager you use, there are different ways to operate the gui. You run the below command on the host system to install alacarte.
sudo apt-get install alacarte
Now, you use the Gui to paste the below command into the command portion of alacarte when you create a menu item and save it. You may have to logout/login or reboot for changes to take effect if you are modifying (or deleting) an existing entry.
sudo /usr/bin/schroot --directory /root/ -c jessie -u root /bin/bash /bin/run-gimp.sh
I left some images on Imgur to show alacarte and the app menu.
Well, there you have it, a way to load Gimp with G'MIC onto Kali Linux. Have Fun!!!
Pros/Cons
Cons
Now, minor caveats to this solution is, the lack of a window manager makes Gimp look ugly compared to the one on Kali, this is a bit complicated just for a simple setup for an art plugin, and this can't just work like how I could just download the program and expect it to work.
Pros
Some advantages to this are, I don't have to dual boot for a plugin (especially since I use Kali for pen-testing purposes) and I don't waste resources running a full fledged virtual machine.
