diff --git a/x11docker b/x11docker index 9aa6e015..ca15783b 100755 --- a/x11docker +++ b/x11docker @@ -1805,19 +1805,11 @@ $(cowsay "$Wisdom" 2>/dev/null || echo "Wanda the fish says: $Wisdom")" ;; xonly) Showdisplayenvironment="yes" - case $Xserver in - --nothing|--hostwayland) - note "You are using $Xserver along with --xonly. - That will achieve nothing" - ;; - *) - Hostexe="sleep infinity" - Imagename="" - Imagecommand="" - Hostexebasename="xonly" - X11dockermode="exe" - ;; - esac + Hostexe="sleep infinity" + Imagename="" + Imagecommand="" + Hostexebasename="xonly" + X11dockermode="exe" ;; esac } @@ -1947,7 +1939,7 @@ $(cowsay "$Wisdom" 2>/dev/null || echo "Wanda the fish says: $Wisdom")" # check if --xorg can run case $Xserver in --xorg) - [ "$Autochooseserver" = "yes" ] && [ -z "$Imagename" ] && error "Will not run an empty Xorg in auto-choosing mode. + [ "$Autochooseserver" = "yes" ] && [ "$Hostexebasename" = "xonly" ] && error "Will not run an empty Xorg in auto-choosing mode. If you want this, please use option --xorg explicitly." [ -e "/etc/X11/Xwrapper.config" ] && sed 's/ //g' /etc/X11/Xwrapper.config | grep -xq "allowed_users=anybody" && sed 's/ //g' /etc/X11/Xwrapper.config | grep -xq "needs_root_rights=yes" && { @@ -1956,7 +1948,7 @@ $(cowsay "$Wisdom" 2>/dev/null || echo "Wanda the fish says: $Wisdom")" Xlegacywrapper="no" [ "$Startuser" != "root" ] && [ "$Tty" = "no" ] && warning "Your configuration seems not to allow to start a second core Xorg server from within X. Option --xorg will probably fail. - (As a default configuration, only root or console users can do that). + (Per default, only root or console users are allowed to run an Xorg server). Possible solutions: 1.) Install one of nested X servers 'Xephyr', 'Xnest' or 'nxagent'. @@ -1964,15 +1956,13 @@ $(cowsay "$Wisdom" 2>/dev/null || echo "Wanda the fish says: $Wisdom")" 2.) Switch to console tty1...tty6 with ... and start x11docker there. 3.) Run x11docker as root. - - Setup to start a second Xorg X server from within already running X: - Edit file '/etc/X11/Xwrapper.config' and replace line: - allowed_users=console - with lines - allowed_users=anybody - needs_root_rights=yes - If the file does not exist already, you can create it. - On Ubuntu 16.04 and debian 9 you need package xserver-xorg-legacy." + 4.) Edit file '/etc/X11/Xwrapper.config' and replace line: + allowed_users=console + with lines + allowed_users=anybody + needs_root_rights=yes + If the file does not exist already, you can create it. + On Ubuntu 16.04 and debian 9 you need package xserver-xorg-legacy." } ;; esac @@ -2228,7 +2218,7 @@ $(cowsay "$Wisdom" 2>/dev/null || echo "Wanda the fish says: $Wisdom")" --hostdisplay) [ "$Autochooseserver" = "yes" ] && note "To allow protection against X security leaks, please install one or more of: - xpra, Xephyr, nxagent, weston+Xwayland, kwin_wayland+Xwayland or Xnest. + xpra, Xephyr, nxagent, weston+Xwayland, kwin_wayland+Xwayland or Xnest, or run a second Xorg server with option --xorg." [ "$Trusted" = "no" ] && { warning "Option --hostdisplay provides only low container isolation! @@ -2237,8 +2227,8 @@ $(cowsay "$Wisdom" 2>/dev/null || echo "Wanda the fish says: $Wisdom")" To improve security with --hostdisplay x11docker uses untrusted cookies. This can lead to strange behaviour of some applications. - If you encounter issues, enable option --clipboard that disables security - settings for --hostdisplay by the way." + If you encounter application ${Colredbg}errors${Colnorm}, enable option --clipboard + that disables security restrictions for --hostdisplay as a side effect." } || { warning "Option --hostdisplay with trusted cookies provides QUITE BAD CONTAINER ISOLATION ! @@ -3836,9 +3826,11 @@ done case $Initsystem in none) ;; tini) - [ -e "/usr/bin/docker-init" ] && Tinibinary="/usr/bin/docker-init" - [ -e "/usr/local/share/x11docker/tini-static" ] && Tinibinary="$Hostuserhome/.local/share/x11docker/tini-static" + Tinibinary="$(command -v docker-init)" + [ -z "$Tinibinary" ] && Tinibinary="/snap/docker/current/bin/docker-init" + [ -e "/usr/local/share/x11docker/tini-static" ] && Tinibinary="/usr/local/share/x11docker/tini-static" [ -e "$Hostuserhome/.local/share/x11docker/tini-static" ] && Tinibinary="$Hostuserhome/.local/share/x11docker/tini-static" + Tinibinary="$(realpath "$Tinibinary")" [ -z "$Tinibinary" ] && { Initsystem="none" note "Did not find container init system 'tini'. @@ -4445,7 +4437,7 @@ DefaultEnvironment=DISPLAY=$Newdisplay XAUTHORITY=$Cshare/Xclientcookie $(IFS=$' echo " echo ''" echo " echo verbose -d \"Running image command: \$Tini \\\$Dbus \$Entrypoint \$Imagecommand\"" - echo " echo \"\$Exec \$Tini \\\$Dbus \$Entrypoint \$Imagecommand $([ "$Forwardstdin" = "yes" ] && echo "<$Cshare/stdin") >>$Cshare/stdout 2>>$Cshare/stderr\"" + echo " echo \"\$Exec \$Tini \\\$Dbus \$Entrypoint \$Imagecommand $( [ "$Forwardstdin" = "yes" ] && echo "<$Cshare/stdin") >>$Cshare/stdout 2>>$Cshare/stderr\"" echo " echo '# Ready for docker run'" echo "} >> $Imagecommandscript" @@ -4924,6 +4916,7 @@ exit 0' >> /etc/rc.local" } # message to container.CMD.sh + echo "echo 'x11docker: Container root setup is ready'" echo ":> /x11docker.setupready" [ "$Switchcontaineruser" = "yes" ] && { # if "no", container.CMD.sh is executed in command line $Dockercommand @@ -5537,7 +5530,10 @@ $(pstree -cp $(cat $Containerpid1pidfile))" $(tail $Containerlogfile) Last lines of command stderr: -$(tail $Cmdstderrlogfile)" +$(tail $Cmdstderrlogfile) + + Last lines of command stdout: +$(tail $Cmdstdoutlogfile)" } } ;; @@ -5638,11 +5634,7 @@ $(tail $Compositorlogfile)")" ######### ToDo notes for development todo() { -# check --xpra with several options -# check xpra manpage whether all options are deployed well - # further checks of pam.d -# --weston/x: allow tty switch/option --vt if running as root? # error message window in wayland fails: xterm: no display. should use konsole # x11docker-gui: menu entry management? persistant command storage? @@ -5650,32 +5642,31 @@ todo() { # BUG arch: issues with x11docker/fluxbox, background missing, sometimes no context menu. where is the difference? # --group-add: compare host and container GID? warn if group misses in container, or create it? +# --weston/x: allow tty switch/option --vt if running as root? # --systemd: try to avoid xhost +SI:localuser:$Benutzer, needed by deepin, does not recognice XAUTHORITY # --no-init no-new-privileges switchuser: exec fails, but why? # check out capsh. replace su with capsh? (missing in alpine) But how to trigger login? # check echo especially in sh scripts, replace with printf if needed (#25) # avoid possible confusions --home --sharedir. --sharedir mounts can overlap --home folder. What about softlinks with existing target in --home? Maybe avoid /home/$USER at all - # --lang: find out locale package names for several distris for documentation -# --keymap does not work on tty with --kwin and --kwin-xwayland. No idea how to set it. # further check of xpra server crashes with jess/atom and chromium. --mmap=no avoids the bug: xpra bug report? -# check all FIXME +# check multimonitor behaviour +# --keymap does not work on tty with --kwin and --kwin-xwayland. No idea how to set it. # bug report to docker about --volume waylandsocket in --volume # --xpra-xwayland, xdummy-xwayland: use kwin-wayland as fallback for missing weston? # --xorg: getty and autologin to avoid Xwrapper.config changes? -# gnome3 based desktop failing due to gnome bugs: pantheon budgie gnome3 # --wayland --user/--hostuser: wayland socket access denied due to XDG_RUNTIME_DIR # --nxagent 3.5.0: Mageia 6: seamless mode fails # fedora: SElinux issue: '--security-opt label=type:container_runtime_t': need more restrictive setting # https://unix.stackexchange.com/questions/386767/selinux-and-docker-allow-access-to-x-unix-socket-in-tmp-x11-unix -# check current multimonitor behaviour # --xdummy --gpu on tty allows real resolutions only # --xorg: check custom systemd start of X #7 # check X in container #7 # some tests with Xephyrglamor=no ### BUG collection: non x11docker bugs +# BUG segmentation faults in gnome3 based desktops: pantheon budgie gnome3 # BUG Xwayland does not always sit at 0.0 on multiple outputs. # bugreport: https://bugzilla.redhat.com/show_bug.cgi?id=1498665 # BUG --kwin*: wrong fullscreen and crashes in gnome-wayland, strange in weston, WAYLAND_DISPLAY="" does not help, probably bug in kwin