ruf-iron-flask.sh

1. #!/bin/sh
2.  
3. # Rufwoof Jan 2021 (updated May 2019 version). Comments at end
4. cd "$(realpath "${0%/*}")" #added by s243a (4 lines)
5. CWD="$(realpath .)" #"$PWD"
6. SFS_NAME="$(ls -1 ../*iron*.sfs | head -n 1 | sed -r 's#^[.][.]/##g' | sed -r 's#[.]sfs##g')"
7. Parent_WD="$(realpath "$CWD/..")"
8. SFS_PATH="$Parent_WD/$SFS_NAME".sfs #End Adds by s243a
9.  
10. xterm & # added so have at least one window I can alt-tab to out of the container
11. #[ ! -d /mnt/sda4/shared ] && mkdir /mnt/sda4/shared # as a shared folder
12. SHARED_LOC="$CWD"/shared #For a more portable container script add shared folder relative to script path.
13. [ ! -d "$SHARED_LOC" ] && mkdir "$SHARED_LOC"  # as a shared folder
14.  
15. #CHANGES_LOC=/mnt/sda4/changes        # Non pre-existing ext fs work folder
16. CHANGES_LOC="$CWD"/container #For a more portable container script add changes folder relative to script path.
17.  
18. #MAIN_SFS=/mnt/sda1/FATDOG811-FINAL/fd64.sfs # Where the main sfs is located
19. MAIN_SFS="$SFS_PATH" #s243a: Replaces above line
20.  
21. # Xephyr parameters
22. XP="-fullscreen -title container -name Xephyr2 -dpi 144 -nolisten tcp"
23.    
24. # pflask parameters
25. #PF="--mount=bind:\"$SHARED_LOC\":/home/shared"
26. #PF="${PF} --keepenv"
27. PF="${PF} --no-ipcns --no-netns"
28. #PF="${PF} --mount=bind:/mnt/sda4/shared:/home/shared" #s243a: Was duplicate
29. PF="${PF} --mount=bind:/etc/resolv.conf:/etc/resolv.conf"  # dns (internet) s243a: why bind rather than copy?
30. PF="${PF} --mount=bind:/dev/snd:/dev/sd"
31. PF="${PF} --mount=bind:/dev/mixer:/dev/mixer"
32. PF="${PF} --caps=all,-sys_admin,-sys_boot,-sys_chroot,-sys_ptrace,"
33. PF="${PF}-sys_time,-sys_tty_config,-chown,-kill,-dac_override,"
34. PF="${PF}-dac_read_search,-fowner,-setfcap,-setpcap,-net_admin,"
35. PF="${PF}-mknod,-sys_module,-sys_nice,-sys_resource"
36. PF="${PF} --chroot=${CHANGES_LOC}/top"  
37.  
38. # Avoid double click 2 instances
39. N=`date +%s` # Seconds since January 1970
40. if [ -f /tmp/container.run ];then
41.         L=`cat /tmp/container.run`
42.         D=`expr $N - $L`
43.         if [ $D -lt 2 ];then
44.             exit # quick 2 launches (doubled clicked ignore second click)
45.         fi
46. fi
47. echo $N >/tmp/container.run
48.  
49. # Create a separate X instance so isolated from the main real root X
50. T=`ps -ef | grep Xephyr2 | wc -l`
51. if [ $T -ne 2 ];then
52.         Xephyr :2 ${XP} &
53. else
54.         exit # Xephyr2 already running
55. fi
56.  
57. # Create a changes folder, sfs mount point for main.sfs and top layer
58. # folders and aufs mount to combine changes and sfs folders -> top
59. mkdir -p "${CHANGES_LOC}"
60. cd "${CHANGES_LOC}"
61. # Check for possible hangover - such as if restarted X and clean out if so
62. if [ -d top ] || [ -d sfs ] || [ -d changes ]; then
63.         umount top sfs
64.         rm -rf changes
65.         rmdir top sfs
66. fi
67. mkdir top sfs changes
68.  
69. #s243a: added append_mnt_id_awk (bellow). See: https://forum.puppylinux.com/viewtopic.php?f=136&t=1932
70. append_mnt_id_awk='
71. function get_mnt_id(mnt_pt,loop){
72.  if (length(mnt_pt) > 0 && length(loop)>0){
73.    cmd="cat /proc/self/mountinfo | sort | grep '" loop "' | grep " mnt_pt " | head -n 1"
74.  } else if (length(mnt_pt) > 0){
75.    cmd="cat /proc/self/mountinfo | sort | grep '" mnt_pt "' | head -n 1"
76.  } else if (length(loop)>0){
77.    cmd="cat /proc/self/mountinfo | sort | grep '" loop "' | head -n 1"
78.  }
79.  while ((cmd | getline )){
80.    mnt_id=$1
81.    break  
82.  }
83.  close(cmd)
84.  return mnt_id
85. }
86. {
87.  mnt_pt=$1
88.  loop=$2
89.  mnt_id=get_mnt_id(mnt_pt,loop)
90.  print mnt_id "|" mnt_pt "|" loop
91. }'
92. loop=$(losetup -a | grep  "${MAIN_SFS}"  | sed "s/:.*$//" )
93. if [ ! -z "$loop" ]; then #
94.   sfs_MP="$(findmnt -o TARGET,SOURCE -D -n | grep 'loop5$' | awk "$append_mnt_id_awk" | sort -t '|' -k1 | cut -d'|' -f2 | head -n 1)"
95. else
96.   sfs_MP="${CHANGES_LOC}"/sfs
97.   mount -r -t squashfs ${MAIN_SFS} "$sfs_MP"
98. fi
99. cd ${CHANGES_LOC}
100. mount -t aufs -o br=changes:"$sfs_MP" none top
101.  
102.  
103. # # create a script to run inside the chroot (i.e. must be a script, not a bin)
104.  
105. # s243a: puppy doesn't have lxqt-panel
106. # echo "lxqt-panel &" >>top/init
107. # echo "openbox" >>top/init
108. echo '
109. #!/bin/sh
110. export DISPLAY=:2
111. . /etc/DISTRO_SPECS
112. if [ "$DISTRO_ARCHDIR" ] ; then
113.     ARCHDIR="/$DISTRO_ARCHDIR"
114. fi
115. ldconfig
116. iconvconfig
117. #update-pango-querymodules
118. #Failed to create file /usr/lib/i86/-linux-gnu/pango/1.8.0/modules.cache.8P0KX0 No such file or directory
119. gdk-pixbuf-query-loaders --update-cache
120. update-mime-database -V /usr/share/mime/
121. status_func $?
122. UPDATE_MIME_DATABASE_DONE=1
123.  
124. source /etc/profile
125. fixmenus #probably not necessary
126. keymap-set --update
127. userresources=$HOME/.Xresources
128. usermodmap=$HOME/.Xmodmap
129. sysresources=/usr/lib/X11/xinit/Xresources
130. sysmodmap=/usr/lib/X11/xinit/.Xmodmap
131.  
132. # merge in defaults and keymaps
133.  
134. if [ -f $sysresources ]; then
135.    xrdb -merge -nocpp $sysresources
136. fi
137.  
138. if [ -f $sysmodmap ]; then
139.    xmodmap $sysmodmap
140. fi
141.  
142. if [ -f $userresources ]; then
143.    xrdb -merge -nocpp $userresources
144. fi
145.  
146. if [ -f $usermodmap ]; then
147.    xmodmap $usermodmap
148. fi
149. setxkbmap -option keypad:pointerkeys
150. DISPLAY=:2 jwm &
151. DISPLAY=:2 roxfiler &
152. DISPLAY=:2 xterm -e iron
153. ' >top/init
154.  
155. chmod +x top/init
156. # The big Xephyr capabilities dropped chroot switch
157. DISPLAY=:2 empty -f unshare -m pflask ${PF} -- /init
158. #DISPLAY=:2 pflask ${PF} -- /init
159. wait # above backgrounds, so we wait until that ends
160.  
161. # Clean up
162. killall Xephyr
163. cd ${CHANGES_LOC}
164. umount top sfs
165. umount -l top
166. umount -l sfs
167. rm -rf changes
168. #rmdir top sfs
169. rm /tmp/container.run
170.  
171. ############################################################################
172. # FOR FATDOG 811 ... (Draft Modifications by s243a for other platforms)
173. #
174. # Aufs mounts changes (initial empty rw folder), main sfs, that combined
175. # is visible/accessed via folder 'top', that we chroot into
176. #
177. # chroot with chroot capability dropped (to prevent chroot out of the chroot)
178. # using another X session (Xephyr) to isolate it from the main X session.
179. # We chroot using pflask as that makes things easier into the top folder
180. # applying further restrictions. We use the main sfs as our base for the
181. # chroot, so very low overheads.
182. #
183. # alt-F4    closes the Xephyr container (if not then ctrl-shift to unfocus
184. #           mouse/keyboard.
185. # alt Tab   to step to another window in main system, but if use
186. #           xdotool keydown alt key Tab;xdotool keyup alt .... it doesn't
187. #           work (as intended i.e. it's locked into the "container").
188. # seamonkey from menu doesn't work, run seamonkey from within urxvt
189. # We use DISPLAY :2 for the Xephyr server
190. #
191. # Requires empty, pflask and a ext filesystem to create/work within
192. #
193. # I use fatdog multi-session save type frugal boot, and periodically I've
194. # re-merged the save files into fd64.sfs so my fd64.sfs isn't the standard
195. # version (merging changes and not copying fd64.sfs to ram helps keep ram
196. # usage low).
197. ############################################################################
198.