Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #ROUTER_IP=192.168.100.1
- # Rufwoof Jan 2021 (updated May 2019 version). Comments at end
- WM=jwm
- cd "$(realpath "${0%/*}")" #added by s243a (4 lines)
- CWD="$(realpath .)" #"$PWD"
- SFS_NAME="$(ls -1 ../puppy_*.sfs | head -n 1 | sed -r 's#^[.][.]/##g' | sed -r 's#[.]sfs##g')"
- Parent_WD="$(realpath "$CWD/..")"
- SFS_PATH="$Parent_WD/$SFS_NAME".sfs #End Adds by s243a
- xterm & # added so have at least one window I can alt-tab to out of the container
- #[ ! -d /mnt/sda4/shared ] && mkdir /mnt/sda4/shared # as a shared folder
- SHARED_LOC="$CWD"/shared #For a more portable container script add shared folder relative to script path.
- #Uncomment the following to use a shared folder:
- #SHARED="$SHARED_LOC"
- #CHANGES_LOC=/mnt/sda4/changes # Non pre-existing ext fs work folder
- CHANGES_LOC="$CWD"/container #For a more portable container script add changes folder relative to script path.
- #MAIN_SFS=/mnt/sda1/FATDOG811-FINAL/fd64.sfs # Where the main sfs is located
- MAIN_SFS="$SFS_PATH" #s243a: Replaces above line
- # Xephyr parameters
- XP="-fullscreen -title container -name Xephyr2 -dpi 144 -nolisten tcp"
- #XEPHYR="-fullscreen -name Xephyr2 -dpi 144 -nolisten tcp"
- XEPHYR="$XP"
- MOUNTS="--mount=bind:/dev/snd:/dev/snd \
- --mount=bind:/dev/mixer:/dev/mixer \
- --mount=bind:/mnt/pts:/mnt/pts"
- [ ! -z "${SHARED}" ] && MOUNTS="$MOUNTS -mount=bind:${SHARED}:/home/shared"
- CAPS="--caps=all,-sys_admin,-sys_boot,-sys_chroot,-sys_ptrace,-sys_time,\
- -sys_tty_config,-chown,-kill,-dac_override,-dac_read_search,\
- -fowner,-setfcap,-setpcap,-net_admin,-mknod,-sys_module,\
- -sys_nice,-sys_resource"
- #PF="${PF} --chroot=${CHANGES_LOC}/top"
- PFLASK="--keepenv --no-ipcns --no-netns ${MOUNTS} ${CAPS} \
- --chroot=${CHANGES_LOC}/top"
- declare -a options="$(getopt -o b:: --long browser-cmd::,browser-command -- "$@")"
- eval set --"$options"
- while [ $# -gt 0 ]; do
- case "$1" in
- -b|--browser-cmd|--browser-command)
- if [ $# -gt 1 ] && [[ ! $2 = 1* ]]; then
- BROWSER_CMD="$2"
- else
- BROWSER_CMD=""
- fi
- ;;
- --)
- shift
- break
- ;;
- *)
- shift
- ;;
- esac
- done
- #[ -z ${BROWSER_CMD+x} ] && BROWSER_CMD=/opt/Ungoogled_Chromium-portable/LAUNCH
- function umountall(){
- if [ ! -z "$PID" ]; then
- kill PID
- else
- killall Xephyr
- fi
- cd ${CHANGES_LOC}
- #umount top sfs
- umount -l top/dev/shm
- umount -l top/dev/pts
- umount -l top/dev
- umount -l top
- umount -l sfs
- rm -rf changes
- rmdir top sfs
- [ -d "$SHARED/flags" ] && [ ! -z "$HOSTGRAB" ] && kill $HOSTGRAB
- rm /tmp/container.run
- }
- # Avoid double click 2 instances
- N=`date +%s` # Seconds since January 1970
- if [ -f /tmp/container.run ];then
- L=`cat /tmp/container.run`
- D=`expr $N - $L`
- if [ $D -lt 2 ];then
- exit # quick 2 launches (doubled clicked ignore second click)
- fi
- fi
- trap 'umountall' 1
- echo $N >/tmp/container.run
- # Create a separate X instance so isolated from the main real root X
- T=`ps -ef | grep Xephyr2 | wc -l`
- if [ $T -ne 2 ];then
- Xephyr :2 ${XP} &
- else
- exit # Xephyr2 already running
- fi
- if [ ! -z "${ROUTER_IP}" ]; then
- iptables -A INPUT -s ${ROUTER_IP} -j DROP # Drop access to router admin
- fi
- # Prepare and launch 'container' and shared folder
- if [ ! -z "$SHARED" ]; then
- [ ! -d $SHARED ] && mkdir $SHARED
- [ ! -d ${SHARED}/flags ] && mkdir ${SHARED}/flags
- fi
- # Create a changes folder, sfs mount point for main.sfs and top layer
- # folders and aufs mount to combine changes and sfs folders -> top
- mkdir -p "${CHANGES_LOC}"
- cd "${CHANGES_LOC}"
- # Check for possible hangover - such as if restarted X and clean out if so
- if [ -d top ] || [ -d sfs ] || [ -d changes ]; then
- umount top sfs
- rm -rf changes
- rmdir top sfs
- fi
- mkdir top sfs changes
- #s243a: added append_mnt_id_awk (bellow). See: https://forum.puppylinux.com/viewtopic.php?f=136&t=1932
- append_mnt_id_awk='
- function get_mnt_id(mnt_pt,loop){
- if (length(mnt_pt) > 0 && length(loop)>0){
- cmd="cat /proc/self/mountinfo | sort | grep '" loop "' | grep " mnt_pt " | head -n 1"
- } else if (length(mnt_pt) > 0){
- cmd="cat /proc/self/mountinfo | sort | grep '" mnt_pt "' | head -n 1"
- } else if (length(loop)>0){
- cmd="cat /proc/self/mountinfo | sort | grep '" loop "' | head -n 1"
- }
- while ((cmd | getline )){
- mnt_id=$1
- break
- }
- close(cmd)
- return mnt_id
- }
- {
- mnt_pt=$1
- loop=$2
- mnt_id=get_mnt_id(mnt_pt,loop)
- print mnt_id "|" mnt_pt "|" loop
- }'
- loop=$(losetup -a | grep "${MAIN_SFS}" | sed "s/:.*$//" )
- if [ ! -z "$loop" ]; then #
- sfs_MP="$(findmnt -o TARGET,SOURCE -D -n | grep $loop\$ | awk "$append_mnt_id_awk" | sort -t '|' -k1 | cut -d'|' -f2 | head -n 1)"
- else
- sfs_MP="${CHANGES_LOC}"/sfs
- mount -r -t squashfs ${MAIN_SFS} "$sfs_MP"
- fi
- cd ${CHANGES_LOC}
- mount -t aufs -o br=changes:"$sfs_MP" none top
- cp /var/lib/dbus/machine-id top/var/lib/dbus/machine-id
- cp /etc/resolv.conf top/etc/resolv.conf
- ln -s top/var/lib/dbus/machine-id top/etc/machine-id
- #http://www.linuxfromscratch.org/lfs/view/6.1/chapter06/devices.html
- #mount -n -t tmpfs none top/dev
- #mknod -m 622 top/dev/console c 5 1
- #mknod -m 666 top/dev/null c 1 3
- #mknod -m 666 top/dev/zero c 1 5
- #mknod -m 666 top/dev/ptmx c 5 2
- #mknod -m 666 top/dev/tty c 5 0
- #mknod -m 444 top/dev/random c 1 8
- #mknod -m 444 top/dev/urandom c 1 9
- #chown root:tty top/dev/{console,ptmx,tty}
- #ln -s top/proc/self/fd /dev/fd
- #ln -s top/proc/self/fd/0 /dev/stdin
- #ln -s top/proc/self/fd/1 /dev/stdout
- #ln -s top/proc/self/fd/2 /dev/stderr
- #ln -s top/proc/kcore /dev/core
- #mkdir top/dev/pts
- #mkdir top/dev/shm
- #mount -n -t devpts -o gid=4,mode=620 none /dev/pts
- #mount -n -t tmpfs none /dev/shm
- #echo >$SHARED/flags/host-grab
- [ -d "$SHARED/flags" ] && echo >$SHARED/flags/host-grab
- if [ -d "$SHARED/flags" ]; then #TODO add more conditions to execute this code.
- cat <<EOF >top/tmp/hostgrab
- #!/bin/bash
- xsetroot -bg \#ff0000 -mod 5 5
- while inotifywait -e modify /home/shared/flags; do
- C=\$(tail -1 /home/shared/flags/host-grab | grep release)
- if [ ! -z "\${C}" ]; then
- xsetroot -bg \#0000ff -mod 5 5
- else
- xsetroot -bg \#ff0000 -mod 5 5
- fi
- done
- EOF
- chmod +x top/tmp/hostgrab
- fi
- # # create a script to run inside the chroot (i.e. must be a script, not a bin)
- # s243a: puppy doesn't have lxqt-panel
- # echo "lxqt-panel &" >>top/init
- # echo "openbox" >>top/init
- case "$WM" in
- jwm)
- echo '
- #!/bin/sh
- export DISPLAY=:2
- . /etc/DISTRO_SPECS
- if [ "$DISTRO_ARCHDIR" ] ; then
- ARCHDIR="/$DISTRO_ARCHDIR"
- fi
- ldconfig
- iconvconfig
- #update-pango-querymodules
- #Failed to create file /usr/lib/i86/-linux-gnu/pango/1.8.0/modules.cache.8P0KX0 No such file or directory
- gdk-pixbuf-query-loaders --update-cache
- update-mime-database -V /usr/share/mime/
- status_func $?
- UPDATE_MIME_DATABASE_DONE=1
- source /etc/profile
- fixmenus #probably not necessary
- keymap-set --update
- userresources=$HOME/.Xresources
- usermodmap=$HOME/.Xmodmap
- sysresources=/usr/lib/X11/xinit/Xresources
- sysmodmap=/usr/lib/X11/xinit/.Xmodmap
- # merge in defaults and keymaps
- if [ -f $sysresources ]; then
- xrdb -merge -nocpp $sysresources
- fi
- if [ -f $sysmodmap ]; then
- xmodmap $sysmodmap
- fi
- if [ -f $userresources ]; then
- xrdb -merge -nocpp $userresources
- fi
- if [ -f $usermodmap ]; then
- xmodmap $usermodmap
- fi
- setxkbmap -option keypad:pointerkeys
- DISPLAY=:2 jwm &
- DISPLAY=:2 roxfiler &
- '"$(if [ ! -z "$BROWSER_CMD" ]; then
- echo "DISPLAY=:2 xterm -e $BROWSER_CMD"
- fi )"'
- ' >top/init
- ;;
- cwm)
- cat <<EOF >top/init
- #!/bin/sh
- $(if [ -d "$SHARED/flags" ]; then
- echo '/tmp/hostgrab &
- /usr/bin/help &'
- fi )
- cwm -c /root/.cwmrc
- EOF
- cat <<EOF >top/usr/bin/help
- #!/bin/sh
- message() {
- Xdialog --title Information --msgbox "\$1" 0 0
- }
- M="This is a Xephyr X session window where cwm is the window manager.\n"
- M="\${M}cwm is great for laptops (nearly all OpenBSD developer use cwm) and is relatively easy to learn.\n"
- M="\${M}Whilst you run as 'root' within Xephyr, root is actually a highly restricted userid that is running\n"
- M="\${M}in a contained environment, as such some programs may not run as expected.\n"
- M="\${M}\nLeft mouse press on desktop shows windows menu, right mouse press for applications menu\n"
- M="\${M}(a gap is left around the screen edges so the desktop is still accessible even if a window is maximised)\n\n"
- M="\${M}Ctrl Alt Enter : terminal. Alt m : toggles maximise. Ctrl Alt x : close window. Alt ? : Open exec launcher\n"
- M="\${M}\nCtrl Shift : toggles mouse/keyboard focus (desktop changes between red and blue)\n"
- M="\${M}Alt Tab : if desktop is red - steps between main session windows\n"
- M="\${M}OR if desktop is blue - steps between windows within the Xephyr container\n"
- M="\${M}\nWHEN THE DESKTOP IS BLUE (mouse/keyboard locked into Xephyr) ...\n"
- M="\${M}Alt middle mouse drag: resizes window. Alt left mouse drag : moves window\n"
- M="\${M}\nWHEN THE DESKTOP IS RED (mouse/keyboard unlocked from Xephyr) ...\n"
- M="\${M}you can use usual main system controls such as Alt-F1 for menu, Alt-F4 to close the Xephyr ...etc.\n"
- M="\${M}\nRevisit this list again at any time by running 'help', or search online for the cwm manual"
- message "\${M}"
- EOF
- chmod +x top/usr/bin/help
- ;;
- esac
- for a_autostart in dunst.desktop firewallstatus.desktop flsynclient.desktop freememapplet.desktop netmon_wce.desktop powerapplet.desktop retrovol.desktop; do
- mv top/root/.config/autostart/"$a_autostart" top/root/.config/autostart/"$a_autostart"-disable
- done
- chmod +x top/init
- # The big Xephyr capabilities dropped chroot switch
- DISPLAY=:2 empty -f unshare -m pflask ${PFLASK} -- /init
- PID=$!
- if [ -d "$SHARED/flags" ]; then
- function _hostgrabstate() {
- local WID=""
- while [ -z "${WID}" ]; do
- WID=$(wmctrl -lp | grep Xephyr | cut -d ' ' -f 1)
- sleep 1
- done
- sleep 2
- xprop -id ${WID} -spy WM_NAME >>$SHARED/flags/host-grab
- }
- _hostgrabstate &
- HOSTGRAB=$!
- fi
- #DISPLAY=:2 pflask ${PF} -- /init
- wait $PID # above backgrounds, so we wait until that ends
- # Clean up
- umountall
- #rmdir top sfs
- ############################################################################
- # FOR FATDOG 811 ... (Draft Modifications by s243a for other platforms)
- #
- # Aufs mounts changes (initial empty rw folder), main sfs, that combined
- # is visible/accessed via folder 'top', that we chroot into
- #
- # chroot with chroot capability dropped (to prevent chroot out of the chroot)
- # using another X session (Xephyr) to isolate it from the main X session.
- # We chroot using pflask as that makes things easier into the top folder
- # applying further restrictions. We use the main sfs as our base for the
- # chroot, so very low overheads.
- #
- # alt-F4 closes the Xephyr container (if not then ctrl-shift to unfocus
- # mouse/keyboard.
- # alt Tab to step to another window in main system, but if use
- # xdotool keydown alt key Tab;xdotool keyup alt .... it doesn't
- # work (as intended i.e. it's locked into the "container").
- # seamonkey from menu doesn't work, run seamonkey from within urxvt
- # We use DISPLAY :2 for the Xephyr server
- #
- # Requires empty, pflask and a ext filesystem to create/work within
- #
- # I use fatdog multi-session save type frugal boot, and periodically I've
- # re-merged the save files into fd64.sfs so my fd64.sfs isn't the standard
- # version (merging changes and not copying fd64.sfs to ram helps keep ram
- # usage low).
- ############################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement