x11docker note: Option --showenv is deprecated. Please use option --printenv instead. DEBUGNOTE[13:46:15,286]: Detected cgroup v1 DEBUGNOTE[13:46:18,924]: check_host(): ps can watch root processes: yes DEBUGNOTE[13:46:19,142]: host user: debian 1000:1000 /home/debian x11docker WARNING: User debian is member of group docker. That allows unprivileged processes on host to gain root privileges. DEBUGNOTE[13:46:19,373]: check_host(): Guess if running on console: no DEBUGNOTE[13:46:20,343]: storeinfo(): cache=/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest DEBUGNOTE[13:46:20,389]: storeinfo(): stdout=/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/stdout DEBUGNOTE[13:46:20,423]: storeinfo(): stderr=/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/stderr DEBUGNOTE[13:46:20,539]: waitforlogentry(): tailstdout: Waiting for logentry "x11docker=ready" in store.info DEBUGNOTE[13:46:20,555]: waitforlogentry(): tailstderr: Waiting for logentry "x11docker=ready" in store.info DEBUGNOTE[13:46:20,740]: storeinfo(): containeruser=debian DEBUGNOTE[13:46:20,848]: container user: debian 1000:1000 /home/debian DEBUGNOTE[13:46:22,939]: Default runtime: runc x11docker[13:46:22,978]: Image name: pccastor_aqpi1l_wallet:latest Container command: DEBUGNOTE[13:46:23,107]: Backend: docker, Backendbin: /usr/bin/docker, Rootless: no DEBUGNOTE[13:46:23,411]: storepid(): Stored pid '941' of 'watchpidlist': 941 ? 00:00:00 bash DEBUGNOTE[13:46:23,489]: storepid(): Stored pid '952' of 'watchmessagefifo': 952 ? 00:00:00 bash DEBUGNOTE[13:46:25,642]: check_xcontainer(): --xc disabled x11docker WARNING: Environment variables DISPLAY and WAYLAND_DISPLAY are empty, but it looks like x11docker was started within X, not from console. Please set DISPLAY and XAUTHORITY. If you have started x11docker with su or sudo, su/sudo may be configured to unset X environment variables. It may work if you run x11docker with sudo -E x11docker [...] If your system does not support 'sudo -E', you can try sudo env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY x11docker [...] Otherwise, you can use tools like gksu/gksudo/kdesu/kdesudo/lxsu/lxsudo. x11docker[13:46:25,673]: xtool(): (usexc no): xinit DEBUGNOTE[13:46:25,687]: Dependency check for --xvfb: 0 DEBUGNOTE[13:46:25,699]: Dependencies of --xvfb already checked: 0 DEBUGNOTE[13:46:25,712]: storeinfo(): xserver=--xvfb DEBUGNOTE[13:46:25,757]: storeinfo(): DISPLAY=:101 DEBUGNOTE[13:46:25,780]: storeinfo(): XAUTHORITY=/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client DEBUGNOTE[13:46:25,813]: storeinfo(): XSOCKET=/tmp/.X11-unix/X101 DEBUGNOTE[13:46:25,865]: storeinfo(): XDG_RUNTIME_DIR=/run/user/1000 DEBUGNOTE[13:46:25,920]: storeinfo(): Xenv=DISPLAY=:101 XAUTHORITY=/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X101 XDG_RUNTIME_DIR=/run/user/1000 x11docker note: Option --xvfb: Enabling option --xtest to allow xpra access. x11docker[13:46:25,989]: xtool(): (usexc yes): env LD_PRELOAD= xdpyinfo 2>>/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/xinit.log | grep -q 'MIT-SHM' x11docker[13:46:26,151]: xtool(): (usexc no): xdpyinfo x11docker note: Option --cap-default: Enabling option --newprivileges. You can avoid this with --newprivileges=no DEBUGNOTE[13:46:26,169]: Option --home: Using docker volume pccastor_aqpi1l_home x11docker WARNING: Option --cap-default disables security hardening for containers done by x11docker. Default docker capabilities are allowed. This is considered to be less secure. x11docker note: Option --network=none is set to disable network access. If you need network and internet access, set option -I, --network [=NET]. x11docker[13:46:26,195]: xtool(): (usexc no): cvt x11docker[13:46:26,224]: xtool(): (usexc no): cvt '1980' '1200' x11docker[13:46:26,277]: Virtual screen size: 1980x1200 x11docker[13:46:26,294]: Physical screen size: x11docker[13:46:26,314]: xtool(): (usexc no): cvt x11docker[13:46:26,377]: xtool(): (usexc no): xdpyinfo 2>> /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/xinit.log DEBUGNOTE[13:46:26,479]: X server command: /usr/bin/Xvfb :101 \ -retro \ +extension RANDR \ +extension RENDER \ +extension GLX \ +extension XVideo \ +extension DOUBLE-BUFFER \ +extension SECURITY \ +extension DAMAGE \ +extension X-Resource \ -extension XINERAMA -xinerama \ -extension MIT-SHM \ +extension Composite +extension COMPOSITE \ +extension XTEST \ -dpms \ -s off \ -auth /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/Xauthority.server \ -nolisten tcp \ -screen 0 1980x1200x24 \ -iglx \ DEBUGNOTE[13:46:26,486]: storeinfo(): x11dockerpid=32358 DEBUGNOTE[13:46:26,625]: x11docker version: 7.4.3-beta-1 Backend version: Docker version 20.10.14, build a224086 Running rootless: no OCI Runtime: runc Host system: "Debian GNU/Linux 10 (buster)" Host architecture: amd64 (x86_64) Command: '/usr/bin/x11docker' '-q' '--cap-default' '--showenv' '--backend=docker' '--xvfb' '--size=1980x1200' '--lang=fr' '--keymap=fr-latin9' '--home=pccastor_aqpi1l_home' 'pccastor_aqpi1l_wallet:latest' Parsed options: () -q --cap-default --showenv --backend 'docker' --xvfb --size '1980x1200' --lang 'fr' --keymap 'fr-latin9' --home 'pccastor_aqpi1l_home' -- 'pccastor_aqpi1l_wallet:latest' x11docker was started by: debian As host user serves: debian Container user will be: debian Container user password: x11docker Running in a terminal: no Running on console: no Running over SSH: no Running sourced: no bash $-: hB x11docker[13:46:26,646]: --init: Found init binary: /usr/bin/docker-init DEBUGNOTE[13:46:26,677]: storeinfo(): tini=/usr/bin/docker-init DEBUGNOTE[13:46:27,050]: Image architecture: amd64 DEBUGNOTE[13:46:27,123]: Image CMD: '/bin/sh' '-c' 'start' DEBUGNOTE[13:46:27,223]: Image USER: DEBUGNOTE[13:46:27,235]: storeinfo(): containeruser=debian DEBUGNOTE[13:46:27,297]: Image ENTRYPOINT: DEBUGNOTE[13:46:27,407]: Image WORKDIR: x11docker WARNING: Option --newprivileges=yes: x11docker does not set docker run option --security-opt=no-new-privileges. That degrades container security. However, this is still within a default docker setup. DEBUGNOTE[13:46:27,678]: storeinfo(): containername=x11docker_X101_pccastor_aqpi1l_wallet-latest_159730262554 DEBUGNOTE[13:46:28,132]: docker command (rootless no): /usr/bin/docker run \ --pull never \ --rm \ --detach \ --tty \ --name x11docker_X101_pccastor_aqpi1l_wallet-latest_159730262554 \ --user 1000:1000 \ --userns=host \ --group-add 1000 \ --runtime='runc' \ --network none \ --security-opt label=type:container_runtime_t \ --mount type=bind,source='/usr/bin/docker-init',target='/usr/local/bin/init',readonly \ --tmpfs /run:exec \ --tmpfs /run/lock \ --tmpfs /tmp \ --mount type=bind,source='/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share',target='/x11docker' \ --volume 'pccastor_aqpi1l_home':'/home.volume/pccastor_aqpi1l_home':rw \ --mount type=bind,source='/tmp/.X11-unix/X101',target='//tmp/.X11-unix/X101',readonly \ --workdir '/tmp' \ --entrypoint env \ --env 'container=docker' \ --env 'HOME=/home.volume/pccastor_aqpi1l_home/debian' \ --env 'XAUTHORITY=/x11docker/Xauthority.client' \ --env 'DISPLAY=:101' \ --env 'USER=debian' \ -- pccastor_aqpi1l_wallet:latest /usr/local/bin/init -g -- /bin/sh - /x11docker/containerrc x11docker[13:46:28,304]: Generated containerrootrc: 1 #! /bin/sh 2 3 # containerrootrc 4 # This Script is executed as root in container. 5 # - Create container user 6 # - Set time zone 7 # - Create locale 8 # - Install NVIDIA driver if requested 9 # - Set up init system services and DBus for --init=systemd|openrc|runit|sysvinit 10 11 # redirect output to have it available before 'docker logs' starts. --init=runit (void) would eat up the output at all for unknown reasons. 12 exec 5>&1 6>&2 13 exec 1>>/x11docker/container.log 2>&1 14 15 storeinfo () 16 { 17 [ -e "$Storeinfofile" ] || return 1; 18 case "${1:-}" in 19 dump) 20 grep "^${2:-}=" "$Storeinfofile" | sed "s/^${2:-}=//" 21 ;; 22 drop) 23 sed -i "/^${2:-}=/d" "$Storeinfofile" 24 ;; 25 test) 26 grep -q "^${2:-}=" "$Storeinfofile" 27 ;; 28 *) 29 debugnote "storeinfo(): ${1:-}"; 30 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" "$Storeinfofile" && { 31 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" "$Storeinfofile" 32 }; 33 echo "${1:-}" >> "$Storeinfofile" 34 ;; 35 esac 36 } 37 rocknroll () 38 { 39 [ -s "$Timetosaygoodbyefile" ] && return 1; 40 [ -e "$Timetosaygoodbyefile" ] || return 1; 41 return 0 42 } 43 44 warning() { 45 echo "$*:WARNING" >>$Messagefile 46 } 47 note() { 48 echo "$*:NOTE" >>$Messagefile 49 } 50 verbose() { 51 echo "$*:VERBOSE" >>$Messagefile 52 } 53 debugnote() { 54 echo "$*:DEBUGNOTE" >>$Messagefile 55 } 56 error() { 57 echo "$*:ERROR" >>$Messagefile 58 exit 64 59 } 60 stdout() { 61 echo "$*:STDOUT" >>$Messagefile 62 } 63 64 Messagefile=/x11docker/message.fifo 65 Storeinfofile='/x11docker/store.info' 66 Timetosaygoodbyefile=/x11docker/timetosaygoodbye 67 68 Containeruser="$(storeinfo dump containeruser)" 69 Containeruserhome='/home.volume/pccastor_aqpi1l_home/debian' 70 71 debugnote 'Running containerrootrc: Setup as root in container' 72 73 Error='' 74 for Line in cat chmod chown cut cd cp date echo env export grep id ln ls mkdir mv printf rm sed sh sleep tail touch; do 75 command -v $Line || { 76 warning "ERROR: Command not found in image: $Line" 77 Error=1 78 } 79 done 80 [ "$Error" ] && error 'Commands for container setup missing in image. 81 You can try with option --no-setup to avoid this error.' 82 83 # /etc/profile.d 84 85 echo 'export container=docker' >> /etc/profile.d/10-x11docker-env.sh 86 echo 'export HOME=/home.volume/pccastor_aqpi1l_home/debian' >> /etc/profile.d/10-x11docker-env.sh 87 echo 'export XAUTHORITY=/x11docker/Xauthority.client' >> /etc/profile.d/10-x11docker-env.sh 88 echo 'export DISPLAY=:101' >> /etc/profile.d/10-x11docker-env.sh 89 echo 'export USER=debian' >> /etc/profile.d/10-x11docker-env.sh 90 91 # Container system 92 Containersystem="$(grep '^ID=' /etc/os-release 2>/dev/null | cut -d= -f2 || echo 'unknown')" 93 verbose "Container system ID: $Containersystem" 94 95 # Check type of libc 96 ldd --version 2>&1 | grep -q 'musl libc' && Containerlibc='musl' 97 ldd --version 2>&1 | grep -q -E 'GLIBC|GNU libc' && Containerlibc='glibc' 98 debugnote "containerrootrc: Container libc: $Containerlibc" 99 100 # Create some system dirs with needed permissions 101 mkdir -v -p /var/lib/dbus /var/run/dbus 102 mkdir -v -p -m 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix 103 chmod -c 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix 104 105 106 # workaround: autostart of xrandr for some desktops like deepin, cinnamon and gnome to fix wrong autoresize 107 echo '#! /bin/sh 108 Output=$(xrandr | grep " connected" | cut -d" " -f1) 109 Mode=1980x1200 110 xrandr --output $Output --mode $Mode 111 ' > /usr/local/bin/x11docker-xrandr 112 113 chmod +x /usr/local/bin/x11docker-xrandr 114 mkdir -p /etc/xdg/autostart 115 116 echo '[Desktop Entry] 117 Encoding=UTF-8 118 Version=0.9.4 119 Type=Application 120 Name=x11docker-xrandr 121 Comment= 122 Exec=/usr/local/bin/x11docker-xrandr 123 ' > /etc/xdg/autostart/x11docker-xrandr.desktop 124 125 126 127 # Time zone 128 [ ! -d /usr/share/zoneinfo ] && [ "$Containerlibc" = "glibc" ] && { 129 mkdir -p /usr/share/zoneinfo 130 cp '/x11docker/libc.localtime' '/usr/share/zoneinfo/UCT' 131 } 132 [ -e '/usr/share/zoneinfo/UCT' ] && ln -f -s '/usr/share/zoneinfo/UCT' /etc/localtime 133 134 135 # --lang: Language locale fr 136 verbose "Searching for language locale matching fr" 137 Locales="$(locale -a)" 138 Langall="$(cat /usr/share/i18n/SUPPORTED | grep -E 'UTF-8|utf8' | cut -d' ' -f1 | cut -d. -f1 | cut -d@ -f1 | sort | uniq)" 139 Langland="$(echo fr | cut -d. -f1)" 140 Langcontainer='' 141 142 echo "$Langland" | grep -q '_' || { 143 Langland="$(echo $Langland | tr '[:upper:]' '[:lower:]')_$(echo $Langland | tr '[:lower:]' '[:upper:]')" 144 echo "$Langall" | grep -q "$Langland" || { 145 echo "$Langall" | grep -i -q "fr" && { 146 Langland="$(echo "$Langall" | grep -i -m1 "fr")" 147 } 148 } 149 } 150 151 Langland="$(echo "$Langland" | cut -d_ -f1 | tr '[:upper:]' '[:lower:]')_$(echo "$Langland" | cut -d_ -f2 | tr '[:lower:]' '[:upper:]')" 152 153 echo "$Locales" | grep -q "$Langland.UTF-8" && Langcontainer="$Langland.UTF-8" 154 echo "$Locales" | grep -q "$Langland.utf8" && Langcontainer="$Langland.utf8" 155 156 [ -z "$Langcontainer" ] && { 157 [ -e /usr/share/i18n/SUPPORTED ] || note "Option --lang: /usr/share/i18n/SUPPORTED not found. 158 Please install package 'locales' in image (belongs to glibc). 159 Look here to find a package for your image system: 160 https://github.com/mviereck/x11docker/wiki/dependencies#dependencies-in-image" 161 162 Langcontainer="$Langland.utf8" 163 note "Option --lang: Generating language locale $Langcontainer". 164 command -v localedef >/dev/null || note 'Option --lang: Command localedef not found in image. 165 Need it for language locale creation. 166 Look here to find a package for your image system: 167 https://github.com/mviereck/x11docker/wiki/dependencies#dependencies-in-image' 168 169 localedef --verbose --force -i "$Langland" -f UTF-8 $Langcontainer || verbose "localedef exit code: $?" 170 171 locale -a | grep -q "$Langcontainer" || { 172 note "Option --lang: Generation of locale $Langcontainer failed." 173 Langcontainer='' 174 } 175 } || { 176 debugnote "Option --lang: Found locale in image: $Langcontainer" 177 } 178 179 [ "$Langcontainer" ] && { 180 storeinfo locale="$Langcontainer" 181 echo "LANG=$Langcontainer" > /etc/default/locale 182 } || { 183 note 'Option --lang: Desired locale for 'fr' not found and not generated.' 184 } 185 186 187 debugnote "Option --lang: Output of locale -a: 188 $(locale -a)" 189 190 191 rocknroll || exit 64 192 193 194 # Set up container user 195 196 bash --version >/dev/null 2>&1 && Containerusershell=/bin/bash || Containerusershell=/bin/sh 197 198 # /etc/passwd 199 Containeruserentry="$Containeruser:x:1000:1000:$Containeruser,,,:$Containeruserhome:$Containerusershell" 200 debugnote "containerrootrc: $Containeruserentry" 201 202 # Disable possible /etc/shadow passwords for other users 203 # Delete root user 204 # Delete possibly existing user with same uid 205 sed -i 's%:x:%:-:% ; /:0:0:/d ; /:1000:/d' /etc/passwd 206 207 echo "$Containeruserentry" >> /etc/passwd 208 echo "root:-:0:0:root:/root:$Containerusershell" >> /etc/passwd 209 210 # Create password entry for container user in /etc/shadow 211 rm -f -v /etc/shadow || warning 'Cannot change /etc/shadow. That may be a security risk.' 212 echo "$Containeruser:"'$6$Mj$WtcqpZ7JFegW4.0Br1WM0NJcNSxVxUQXgVLxGEV5uD3ib3jWGvIM3FNg2Gcj8e//mI06yhgfZ79WoNHGVtaYw1'":17293:0:99999:7:::" > /etc/shadow 213 chown root:shadow /etc/shadow 214 215 echo 'root:*:17219:0:99999:7:::' >> /etc/shadow 216 217 chmod 640 /etc/shadow # can fail depending on available capabilities 218 219 # sudo configuration 220 # Create /etc/sudoers, delete /etc/sudoers.d. Overwrite possible sudo setups in image. 221 [ -e /etc/sudoers.d ] && rm -f -v -R /etc/sudoers.d 222 [ -e /etc/sudoers ] && rm -f -v /etc/sudoers 223 echo '# /etc/sudoers created by x11docker' > /etc/sudoers 224 echo 'Defaults env_reset' >> /etc/sudoers 225 echo 'root ALL=(ALL) ALL' >> /etc/sudoers 226 227 # /etc/pam.d 228 # Restrict PAM configuration of su and sudo 229 mkdir -p /etc/pam.d 230 [ -e /etc/pam.d/sudo ] && rm -f -v /etc/pam.d/sudo 231 case "$Containersystem" in 232 fedora) 233 echo '#%PAM-1.0' > /etc/pam.d/su 234 echo 'auth sufficient pam_rootok.so' >> /etc/pam.d/su 235 # echo 'auth substack system-auth' >> /etc/pam.d/su 236 # echo 'auth include postlogin' >> /etc/pam.d/su 237 echo 'account sufficient pam_succeed_if.so uid = 0 use_uid quiet' >> /etc/pam.d/su 238 # echo 'account include system-auth' >> /etc/pam.d/su 239 # echo 'password include system-auth' >> /etc/pam.d/su 240 echo 'session include system-auth' >> /etc/pam.d/su 241 echo 'session include postlogin' >> /etc/pam.d/su 242 echo 'session optional pam_xauth.so' >> /etc/pam.d/su 243 ;; 244 *) 245 echo '#%PAM-1.0' > /etc/pam.d/su 246 echo 'auth sufficient pam_rootok.so' >> /etc/pam.d/su # allow root to switch user without a password 247 echo '@include common-auth' >> /etc/pam.d/su 248 echo '@include common-account' >> /etc/pam.d/su 249 echo '@include common-session' >> /etc/pam.d/su 250 ;; 251 esac 252 253 # /etc/group /etc/gshadow 254 sed -i "s/$Containeruser//g ; s/:,/:/g ; s/,$//g" /etc/group # remove existing entries for user in /etc/group 255 sed -i "s/$Containeruser//g ; s/:,/:/g ; s/,$//g" /etc/gshadow # remove existing entries for user in /etc/gshadow 256 257 258 Groupname="debian 259 debian-spamd" 260 Groupid="1000 261 131" 262 [ "$Groupname" ] || Groupname="$(cat /etc/group | grep "debian" | cut -d: -f1)" 263 [ "$Groupid" ] || Groupid="$(cat /etc/group | grep "debian" | cut -d: -f3)" 264 [ "$Groupname" ] && { 265 # /etc/group 266 Entry="$(grep $Groupname /etc/group)" 267 Entry="$(echo "$Entry" | cut -d: -f3-)" 268 [ -z "$Entry" ] && Entry="$Groupid:" 269 Entry="$Groupname:x:$Entry,$Containeruser" 270 Entry="$(echo "$Entry" | sed 's/:,/:/g')" 271 sed -i "/^$Groupname:/d" /etc/group 272 echo "$Entry" >> /etc/group 273 # /etc/gshadow 274 Entry="$(grep $Groupname /etc/gshadow)" 275 Entry="$(echo "$Entry" | cut -d: -f4)" 276 Entry="$Groupname:!::$Entry,$Containeruser" 277 Entry="$(echo "$Entry" | sed 's/:,/:/g')" 278 sed -i "/^$Groupname:/d" /etc/gshadow 279 echo "$Entry" >> /etc/gshadow 280 } || { 281 note "Failed to add container user to group 'debian'." 282 } 283 # Create user group entry (and delete possibly existing same gid) 284 sed -i '/:1000:/d' /etc/group 285 echo "debian:x:1000:" >> /etc/group 286 sed -i '/:1000:/d' /etc/gshadow 287 echo "debian:!::" >> /etc/gshadow 288 sed -i -e 's/\(:\).*\(:\)/\1!:\2/' /etc/gshadow # remove possible passwords 289 290 291 debugnote "containerrootrc: Container user: $(id $Containeruser) 292 $(cat /etc/passwd | grep '^$Containeruser:')" 293 294 # Create HOME 295 Containeruserhome="$(cat /etc/passwd | grep "$Containeruser:" | cut -d: -f6)" 296 Containeruserhome="${Containeruserhome:-/tmp/$Containeruser}" 297 [ -e "$Containeruserhome" ] || { 298 mkdir -v -p -m 777 "$Containeruserhome" 299 chown -v "$Containeruser":"$Containerusergroup" "$Containeruserhome" && chmod -v 755 "$Containeruserhome" # can fail depending on capabilities 300 } 301 ls -la "$Containeruserhome" 302 export HOME="$Containeruserhome" 303 304 305 # disable getty in inittab 306 [ -e /etc/inittab ] && sed -i 's/.*getty/##getty disabled by x11docker## \0/' /etc/inittab 307 308 309 rocknroll || exit 64 310 storeinfo containerrootrc=ready # signal for containerrc 311 #exec 1>&5 2>&6 312 x11docker[13:46:28,690]: Generated containerrc: 1 #! /bin/sh 2 # containerrc 3 # Created startscript for docker run used as container command. 4 # Runs as unprivileged user in container. 5 6 [ 'no' = 'no' ] && exec >> /x11docker/container.log 2>&1 7 8 mysleep () 9 { 10 sleep "${1:-1}" 2> /dev/null || sleep 1 11 } 12 pspid () 13 { 14 LC_ALL=C ps -p "${1:-}" 2> /dev/null | grep -v 'TIME' 15 } 16 rocknroll () 17 { 18 [ -s "$Timetosaygoodbyefile" ] && return 1; 19 [ -e "$Timetosaygoodbyefile" ] || return 1; 20 return 0 21 } 22 saygoodbye () 23 { 24 debugnote "time to say goodbye ($*)"; 25 [ -e "$Timetosaygoodbyefile" ] && echo timetosaygoodbye >> "$Timetosaygoodbyefile"; 26 [ -e "$Timetosaygoodbyefifo" ] && echo timetosaygoodbye >> "$Timetosaygoodbyefifo"; 27 return 0 28 } 29 storeinfo () 30 { 31 [ -e "$Storeinfofile" ] || return 1; 32 case "${1:-}" in 33 dump) 34 grep "^${2:-}=" "$Storeinfofile" | sed "s/^${2:-}=//" 35 ;; 36 drop) 37 sed -i "/^${2:-}=/d" "$Storeinfofile" 38 ;; 39 test) 40 grep -q "^${2:-}=" "$Storeinfofile" 41 ;; 42 *) 43 debugnote "storeinfo(): ${1:-}"; 44 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" "$Storeinfofile" && { 45 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" "$Storeinfofile" 46 }; 47 echo "${1:-}" >> "$Storeinfofile" 48 ;; 49 esac 50 } 51 storepid () 52 { 53 case "${1:-}" in 54 dump) 55 grep -w "${2:-}" "$Storepidfile" | cut -d' ' -f1 56 ;; 57 test) 58 grep -q -w "${2:-}" "$Storepidfile" 59 ;; 60 *) 61 echo "${1:-NOPID}" "${2:-NONAME}" >> "$Storepidfile"; 62 debugnote "storepid(): Stored pid '${1:-}' of '${2:-}': $(pspid "${1:-}" ||:)" 63 ;; 64 esac 65 } 66 waitforlogentry () 67 { 68 local Startzeit Uhrzeit Dauer Count=0 Schlaf; 69 local Errorkeys="${4:-}"; 70 local Warten="${5:-60}"; 71 local Error=; 72 Startzeit="$(date +%s ||:)"; 73 Startzeit="${Startzeit:-0}"; 74 [ "$Warten" = "infinity" ] && Warten=32000; 75 debugnote "waitforlogentry(): ${1:-}: Waiting for logentry \"${3:-}\" in $(basename "${2:-}")"; 76 while ! grep -q "${3:-}" < "${2:-}"; do 77 Count="$(( Count + 1 ))"; 78 Uhrzeit="$(date +%s ||:)"; 79 Uhrzeit="${Uhrzeit:-0}"; 80 Dauer="$(( Uhrzeit - Startzeit ))"; 81 Schlaf="$(( Count / 10 ))"; 82 [ "$Schlaf" = "0" ] && Schlaf="0.5"; 83 mysleep "$Schlaf"; 84 [ "$Dauer" -gt "10" ] && debugnote "waitforlogentry(): ${1:-}: Waiting since ${Dauer}s for log entry \"${3:-}\" in $(basename "${2:-}")"; 85 [ "$Dauer" -gt "$Warten" ] && error "waitforlogentry(): ${1:-}: Timeout waiting for entry \"${3:-}\" in $(basename "${2:-}") 86 Last lines of $(basename "${2:-}"): 87 $(tail "${2:-}")"; 88 [ "$Errorkeys" ] && grep -i -q -E "$Errorkeys" < "${2:-}" && error "waitforlogentry(): ${1:-}: Found error message in logfile. 89 Last lines of logfile $(basename "${2:-}"): 90 $(tail "${2:-}")"; 91 rocknroll || { 92 debugnote "waitforlogentry(): ${1:-}: Stopped waiting for ${3:-} in $(basename "${2:-}") due to terminating signal."; 93 Error=1; 94 break 95 }; 96 done; 97 [ "$Error" ] && return 1; 98 debugnote "waitforlogentry(): ${1:-}: Found log entry \"${3:-}\" in $(basename "${2:-}")."; 99 return 0 100 } 101 102 warning() { 103 echo "$*:WARNING" >>$Messagefile 104 } 105 note() { 106 echo "$*:NOTE" >>$Messagefile 107 } 108 verbose() { 109 echo "$*:VERBOSE" >>$Messagefile 110 } 111 debugnote() { 112 echo "$*:DEBUGNOTE" >>$Messagefile 113 } 114 error() { 115 echo "$*:ERROR" >>$Messagefile 116 exit 64 117 } 118 stdout() { 119 echo "$*:STDOUT" >>$Messagefile 120 } 121 122 Messagefile=/x11docker/message.fifo 123 Storeinfofile=/x11docker/store.info 124 Storepidfile=/x11docker/store.pids 125 Timetosaygoodbyefile=/x11docker/timetosaygoodbye 126 127 waitforlogentry containerrc $Storeinfofile containerrootrc=ready '' infinity 128 debugnote 'Running containerrc: Unprivileged user commands in container' 129 130 verbose "containerrc: Container system: 131 $(cat /etc/os-release 2>&1 ||:)" 132 133 134 135 # USER and HOME 136 Containeruser='debian' 137 export USER="$Containeruser" 138 139 Containeruserhome='/home.volume/pccastor_aqpi1l_home/debian' 140 141 [ "$Containeruserhome" ] && export HOME="$Containeruserhome" 142 143 # XDG_RUNTIME_DIR 144 145 Containeruseruid=$(id -u $Containeruser) 146 export XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR 147 [ -e /run/user/$Containeruseruid ] && { 148 ln -s /run/user/$Containeruseruid $XDG_RUNTIME_DIR 149 export XDG_RUNTIME_DIR=/run/user/$Containeruseruid 150 } || { 151 mkdir -p -m700 $XDG_RUNTIME_DIR 152 } 153 154 155 # Copy files from /etc/skel into empty HOME 156 [ -d "$HOME" ] && { 157 [ -d /etc/skel ] && [ -z "$(ls -A "$Containeruserhome" 2>/dev/null | grep -v -E "\.bashrc|\.profile|gnupg")" ] && { 158 debugnote "containerrc: HOME is empty. Copying from /etc/skel" 159 cp -n -R /etc/skel/. $Containeruserhome 160 : 161 } || { 162 debugnote "containerrc: HOME is not empty. Not copying from /etc/skel" 163 } 164 } 165 166 export DISPLAY=':101' XAUTHORITY=/x11docker/Xauthority.client 167 unset WAYLAND_DISPLAY 168 export XDG_SESSION_TYPE=x11 169 170 export TERM=xterm 171 172 storeinfo test locale && export LANG="$(storeinfo dump locale)" 173 174 [ -e "/usr/share/zoneinfo/UCT" ] || export TZ=UTC-00 175 [ "$(date -Ihours)" != "2022-11-30T13+00:00" ] && export TZ=UTC-00 176 177 [ "$DEBIAN_FRONTEND" = noninteractive ] && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND 178 [ "$DEBIAN_FRONTEND" = newt ] && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND 179 180 # container environment (--env) 181 182 command -v /bin/bash >/dev/null && export SHELL=/bin/bash || export SHELL=/bin/sh 183 export container=docker 184 export HOME=/home.volume/pccastor_aqpi1l_home/debian 185 export XAUTHORITY=/x11docker/Xauthority.client 186 export DISPLAY=:101 187 export USER=debian 188 189 [ -d "$HOME" ] && cd "$HOME" 190 [ -n '' ] && [ -d '' ] && cd '' # WORKDIR in image or option --workdir 191 192 unset -f rmcr 193 env >> /x11docker/container.environment 194 verbose "Container environment: 195 $(env | sort)" 196 197 env LD_PRELOAD= tail -f /x11docker/stdout 2>/dev/null & Stdoutpid=$! 198 env LD_PRELOAD= tail -f /x11docker/stderr >&2 2>/dev/null & Stderrpid=$! 199 exec $Dbus sh /x11docker/cmdrc >> /x11docker/stdout 2>>/x11docker/stderr x11docker[13:46:28,848]: Generated cmdrc: 1 #! /bin/sh 2 # Created startscript for cmdrc containing final container command 3 4 storeinfo () 5 { 6 [ -e "$Storeinfofile" ] || return 1; 7 case "${1:-}" in 8 dump) 9 grep "^${2:-}=" "$Storeinfofile" | sed "s/^${2:-}=//" 10 ;; 11 drop) 12 sed -i "/^${2:-}=/d" "$Storeinfofile" 13 ;; 14 test) 15 grep -q "^${2:-}=" "$Storeinfofile" 16 ;; 17 *) 18 debugnote "storeinfo(): ${1:-}"; 19 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" "$Storeinfofile" && { 20 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" "$Storeinfofile" 21 }; 22 echo "${1:-}" >> "$Storeinfofile" 23 ;; 24 esac 25 } 26 saygoodbye () 27 { 28 debugnote "time to say goodbye ($*)"; 29 [ -e "$Timetosaygoodbyefile" ] && echo timetosaygoodbye >> "$Timetosaygoodbyefile"; 30 [ -e "$Timetosaygoodbyefifo" ] && echo timetosaygoodbye >> "$Timetosaygoodbyefifo"; 31 return 0 32 } 33 waitfortheend () 34 { 35 case "$Usemkfifo" in 36 yes) 37 while rocknroll; do 38 bash -c "read -n1 <${FDtimetosaygoodbye}" && saygoodbye timetosaygoodbyefifo || sleep 1; 39 done 40 ;; 41 no | "") 42 while rocknroll; do 43 sleep 2; 44 done 45 ;; 46 esac; 47 return 0 48 } 49 rocknroll () 50 { 51 [ -s "$Timetosaygoodbyefile" ] && return 1; 52 [ -e "$Timetosaygoodbyefile" ] || return 1; 53 return 0 54 } 55 56 warning() { 57 echo "$*:WARNING" >>$Messagefile 58 } 59 note() { 60 echo "$*:NOTE" >>$Messagefile 61 } 62 verbose() { 63 echo "$*:VERBOSE" >>$Messagefile 64 } 65 debugnote() { 66 echo "$*:DEBUGNOTE" >>$Messagefile 67 } 68 error() { 69 echo "$*:ERROR" >>$Messagefile 70 exit 64 71 } 72 stdout() { 73 echo "$*:STDOUT" >>$Messagefile 74 } 75 Messagefile=/x11docker/message.fifo 76 Storeinfofile="/x11docker/store.info" 77 Timetosaygoodbyefile=/x11docker/timetosaygoodbye 78 79 [ -n "$DBUS_SESSION_BUS_ADDRESS" ] && dbus-update-activation-environment --verbose --systemd DBUS_SESSION_BUS_ADDRESS DISPLAY XAUTHORITY WAYLAND_DISPLAY XDG_RUNTIME_DIR >/x11docker/container.log 2>&1 80 81 82 while rocknroll; do 83 [ -e '/x11docker/xhostready' ] && break 84 sleep 0.1 85 verbose 'cmdrc(): Waiting for /x11docker/xhostready' 86 done 87 88 89 debugnote "cmdrc: Running container command: 90 '/bin/sh' '-c' 'start' " 91 92 '/bin/sh' '-c' 'start' 93 94 storeinfo cmdexitcode=$? 95 96 97 export LD_PRELOAD= 98 [ -h "$Homesoftlink" ] && rm $Homesoftlink 99 saygoodbye cmdrc 100 DEBUGNOTE[13:46:28,863]: waitforlogentry(): start_container(): Waiting for logentry "xinitrc is ready" in xinit.log DEBUGNOTE[13:46:28,907]: storepid(): Stored pid '1823' of 'containershell': 1823 ? 00:00:00 bash x11docker[13:46:28,936]: Generated xinitrc: 1 #! /bin/sh 2 cookiebaker () 3 { 4 local Display; 5 local Address Addresslength Displaynumber Displaynumberlength Data Part Code; 6 Display="${1:-$DISPLAY}"; 7 Address="$(printf "%s" "$Display" | cut -d: -f1)"; 8 case "$Address" in 9 "") 10 Address="$(hostname)/unix"; 11 Addresslength="$(strlenhex "$Address")" 12 ;; 13 *.*.*.*) 14 Data="$Address"; 15 Address=""; 16 while [ "$(printf "%s" "$Data" | wc -c)" -gt 0 ]; do 17 Part="$( printf "%s" "$Data" | cut -d. -f1)"; 18 Address="${Address}\x$(printf "%x" "$Part")"; 19 Data="$( printf "%s" "$Data" | cut -s -d. -f2-)"; 20 done; 21 Addresslength="4" 22 ;; 23 *) 24 Addresslength="$(strlenhex "$Address")" 25 ;; 26 esac; 27 Displaynumber="$(printf "%s" "$Display" | cut -d: -f2)"; 28 Displaynumber="$(printf "%s" "$Displaynumber" | cut -d. -f1)"; 29 Displaynumberlength="$(strlenhex "$Displaynumber")"; 30 Data="$(makecookie)"; 31 while [ "$(printf "%s" "$Data" | wc -c)" -gt 0 ]; do 32 Part="$( printf "%s" "$Data" | cut -c1-2)"; 33 Code="${Code}\x$Part"; 34 Data="$( printf "%s" "$Data" | cut -c3-)"; 35 done; 36 awk "BEGIN{ 37 printf \"\xFF\xFF\" 38 printf \"\x00\x${Addresslength}\" 39 printf \"${Address}\" 40 printf \"\x00\x${Displaynumberlength}\" 41 printf \"${Displaynumber}\" 42 printf \"\x00\x12\" 43 printf \"MIT-MAGIC-COOKIE-1\" 44 printf \"\x00\x10\" 45 printf \"${Code}\" 46 }" 47 } 48 strlenhex () 49 { 50 printf '%x' "$(printf "%s" "${1:-}" | wc -c)" 51 } 52 pspid () 53 { 54 LC_ALL=C ps -p "${1:-}" 2> /dev/null | grep -v 'TIME' 55 } 56 disable_xhost () 57 { 58 local Line= Environment; 59 Environment="${1:-"DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY"}"; 60 xtool --check xhost || return 1; 61 xtool "env $Environment xhost 2>&1 | tail -n +2 /dev/stdin" | while read -r Line; do 62 debugnote "xhost: Removing entry $Line"; 63 xtool "env $Environment xhost -'$Line'"; 64 done; 65 xtool "env $Environment xhost -"; 66 [ "$(xtool "env $Environment xhost 2>&1 | wc -l")" -gt "1" ] && { 67 warning "Remaining xhost permissions found on display ${DISPLAY:-} 68 $(xtool "env $Environment xhost 2>&1" )"; 69 return 1 70 }; 71 xtool "env $Environment xhost 2>&1" | grep -q "access control disabled" && { 72 warning "Failed to restrict xhost permissions. 73 Access to display ${1:-} is allowed for everyone."; 74 return 1 75 }; 76 return 0 77 } 78 rocknroll () 79 { 80 [ -s "$Timetosaygoodbyefile" ] && return 1; 81 [ -e "$Timetosaygoodbyefile" ] || return 1; 82 return 0 83 } 84 storeinfo () 85 { 86 [ -e "$Storeinfofile" ] || return 1; 87 case "${1:-}" in 88 dump) 89 grep "^${2:-}=" "$Storeinfofile" | sed "s/^${2:-}=//" 90 ;; 91 drop) 92 sed -i "/^${2:-}=/d" "$Storeinfofile" 93 ;; 94 test) 95 grep -q "^${2:-}=" "$Storeinfofile" 96 ;; 97 *) 98 debugnote "storeinfo(): ${1:-}"; 99 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" "$Storeinfofile" && { 100 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" "$Storeinfofile" 101 }; 102 echo "${1:-}" >> "$Storeinfofile" 103 ;; 104 esac 105 } 106 saygoodbye () 107 { 108 debugnote "time to say goodbye ($*)"; 109 [ -e "$Timetosaygoodbyefile" ] && echo timetosaygoodbye >> "$Timetosaygoodbyefile"; 110 [ -e "$Timetosaygoodbyefifo" ] && echo timetosaygoodbye >> "$Timetosaygoodbyefifo"; 111 return 0 112 } 113 114 warning() { 115 echo "$*:WARNING" >>$Messagefile 116 } 117 note() { 118 echo "$*:NOTE" >>$Messagefile 119 } 120 verbose() { 121 echo "$*:VERBOSE" >>$Messagefile 122 } 123 debugnote() { 124 echo "$*:DEBUGNOTE" >>$Messagefile 125 } 126 error() { 127 echo "$*:ERROR" >>$Messagefile 128 exit 64 129 } 130 stdout() { 131 echo "$*:STDOUT" >>$Messagefile 132 } 133 storepid () 134 { 135 case "${1:-}" in 136 dump) 137 grep -w "${2:-}" "$Storepidfile" | cut -d' ' -f1 138 ;; 139 test) 140 grep -q -w "${2:-}" "$Storepidfile" 141 ;; 142 *) 143 echo "${1:-NOPID}" "${2:-NONAME}" >> "$Storepidfile"; 144 debugnote "storepid(): Stored pid '${1:-}' of '${2:-}': $(pspid "${1:-}" ||:)" 145 ;; 146 esac 147 } 148 unpriv () 149 { 150 local Command; 151 Command="$(oneline "${1:-}")"; 152 $Unpriv "$Command"; 153 return $? 154 } 155 Unpriv='eval' 156 xtool() { 157 [ "${1:-}" = "--check" ] && command -v "${2:-}" && return 158 eval ${1:-} 159 } 160 getscreensize() { 161 CurrentXaxis="$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f1 )" 162 CurrentYaxis="$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f2 | cut -d+ -f1)" 163 } 164 checkscreensize() { 165 getscreensize 166 [ "$Xaxis" = "$CurrentXaxis" ] || return 1 167 [ "$Yaxis" = "$CurrentYaxis" ] || return 1 168 return 0 169 } 170 getprimary() { 171 xrandr | grep -q primary || xrandr --output $(xrandr | grep ' connected' | head -n1 | cut -d' ' -f1) --primary 172 echo $(xrandr | grep primary | cut -d' ' -f1) 173 } 174 175 Messagefile='/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/message.fifo' 176 Output="$(getprimary)" 177 Storeinfofile='/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/store.info' 178 Storepidfile='/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/store.pids' 179 Timetosaygoodbyefile='/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/timetosaygoodbye' 180 181 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games' 182 183 Cookie='' 184 Line='' 185 Var='' 186 187 debugnote 'Running xinitrc' 188 189 export DISPLAY=:101 XAUTHORITY=/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X101 XDG_RUNTIME_DIR=/run/user/1000 190 191 xsetroot -solid '#7F7F7F' 2>/dev/null 192 193 # create new XAUTHORITY cookies 194 Trusted=trusted 195 echo "Requesting $Trusted cookie from X server" 196 xauth -v -n -i -f /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client generate :101 . $Trusted timeout 3600 197 [ '--xvfb' = '--hostdisplay' ] && sed -i /$Hostcookie/d /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client 198 199 [ -s '/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client' ] || { 200 : 201 } 202 [ -s '/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client' ] || { 203 # still no cookie? try to create one without extension security 204 echo 'Failed to retrieve trusted cookie from X server. Will bake one directly with xauth' 205 xauth -v -n -i -f /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client add :101 . 6e613cfd2439c995a24f8875a0f83434 206 } 207 [ -s '/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client' ] && { 208 # Prepare cookie with localhost identification disabled by ffff, needed if X socket is shared. ffff means 'familiy wild' 209 Cookie="$(xauth -n -i -f /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client nlist | sed -e 's/^..../ffff/')" 210 truncate -s0 /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client 211 echo "$Cookie" | xauth -v -n -i -f /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client nmerge - 212 } 213 [ -s '/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client' ] || { 214 debugnote 'Failed to create cookie with xauth. Will try custom cookie baker script.' 215 cookiebaker ':101' >> /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client 216 } 217 ls -l /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client 218 truncate -s0 /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/Xauthority.server 219 cat /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client >> /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/Xauthority.server 220 chmod 644 /home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client 221 222 [ -s '/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client' ] || error 'xinitrc(): Option --xauth=yes: Cookie creation failed.' 223 export XAUTHORITY=/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client 224 [ 'yes' = 'no' ] || [ ! -s '/home/debian/.cache/x11docker/159730262554-pccastor_aqpi1l_wallet-latest/share/Xauthority.client' ] && unset XAUTHORITY && warning 'Option --xauth=no: X server :101 runs without cookie authentication.' 225 226 # clean xhost 227 verbose 'Disabling any possible access to new X server possibly granted by xhost' 228 disable_xhost 229 230 # Keyboard layout 231 # create set of different screen resolutions 232 [ -e "/home/debian/.cache/x11docker/modelines/1980x1200" ] && while read Line; do 233 Line="$(echo "$Line" | sed 's/Modeline//g')" 234 Line="$(echo "$Line" | sed 's/"//g')" 235 xrandr --newmode $Line 2>/dev/null 236 xrandr --addmode "$Output" $(echo $Line | cut -d' ' -f1) 2>/dev/null 237 done < "/home/debian/.cache/x11docker/modelines/1980x1200" 238 xrandr --newmode "1984x1200" 199.25 1984 2120 2328 2672 1200 1203 1213 1245 -hsync +vsync 239 xrandr --addmode $Output "1984x1200" 240 241 verbose "Output of xrandr on :101 242 $(xrandr)" 243 244 echo 'xinitrc: xinitrc is ready' 245 246 # wait for the end 247 read Var