API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 2nd, 2018
164
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 69.80 KB | None | 0 0
raw download clone embed print report
  1.  
  2. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/message.log <==
  3.  
  4. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log <==
  5.  
  6. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/stdout <==
  7.  
  8. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/stderr <==
  9.  
  10. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xpraserver.log <==
  11.  
  12. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xpraclient.log <==
  13.  
  14. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xinit.log <==
  15.  
  16. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/compositor.log <==
  17.  
  18. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/message.log <==
  19.  
  20. x11docker[449.18]: x11docker version 5.0.0
  21. docker version: Docker version 18.06.1-ce, build e68fc7a
  22. Host system: Ubuntu 18.04.1 LTS
  23. Command: /usr/bin/x11docker --home --hostdisplay --pulseaudio --hostnet --gpu --verbose erichough/kodi
  24. Parsed options: --home --hostdisplay --pulseaudio '' --hostnet --gpu --verbose '' -- 'erichough/kodi'
  25.  
  26. x11docker[449.18]:
  27. Wanda the fish says: Install fortunes to find wisdom.
  28.  
  29. x11docker[449.20]: Host IP: 172.17.0.1
  30.  
  31. x11docker[449.21]: Image name: erichough/kodi
  32.  
  33. x11docker[449.21]: Using X server option --hostdisplay
  34.  
  35. x11docker note: To allow GPU acceleration (option --gpu) with --hostdisplay,
  36. x11docker will allow trusted cookies (option --trusted).
  37.  
  38. x11docker WARNING: To allow --hostdisplay with trusted cookies,
  39. x11docker must share host IPC namespace with container to allow
  40. shared memory for X extension MIT-SHM.
  41. Enabling option --hostipc to avoid Video RAM access errors.
  42.  
  43. x11docker WARNING: Option --hostdisplay with trusted cookies provides
  44. QUITE BAD CONTAINER ISOLATION !
  45. Keylogging and controlling host applications is possible!
  46.  
  47. x11docker WARNING: Security risk:
  48. Option --hostipc causes severe reduction of container isolation!
  49. Drawback: IPC namespace remapping is disabled.
  50. Advantage: X extension MIT-SHM is possible.
  51.  
  52. x11docker WARNING: Security risk:
  53. Option --hostnet causes severe reduction of container isolation!
  54. Network namespacing is disabled.
  55. Drawback: Container shares host network stack.
  56. Advantage: dbus communication between host and container is possible.
  57.  
  58. x11docker[449.29]: Logfile: /home/daniel/.cache/x11docker/X50-erichough-kodi/share/x11docker.log
  59. In container: /x11docker/x11docker.log
  60. After finish: /home/daniel/.cache/x11docker/x11docker.log
  61.  
  62. x11docker[449.29]: Running Xwayland to get screen size
  63.  
  64. x11docker[449.29]: Waiting for file creation of /tmp/.X11-unix/X0
  65.  
  66.  
  67. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xinit.log <==
  68. (EE)
  69. Fatal server error:
  70. (EE) Server is already active for display 0
  71. If this server is no longer running, remove /tmp/.X0-lock
  72. and start again.
  73. (EE)
  74.  
  75. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/message.log <==
  76. x11docker[449.30]: Found new created file /tmp/.X11-unix/X0
  77.  
  78. x11docker[449.31]: Virtual screen size: 4720x3840
  79.  
  80. x11docker[449.31]: Physical screen size:
  81.  
  82.  
  83. x11docker WARNING: Option --gpu degrades container isolation.
  84. Container gains access to GPU hardware.
  85. This allows reading host window content (palinopsia leak)
  86. and GPU rootkits (compare proof of concept: jellyfish).
  87.  
  88. x11docker WARNING: Option --pulseaudio allows container applications
  89. to catch your audio output and microphone input.
  90.  
  91. x11docker[449.32]: Generated pulseaudio client.conf:
  92. 1 # Connect to host pulseaudio server using mounted UNIX socket
  93. 2 default-server = unix:/x11docker/pulseaudio.socket
  94. 3 # Prevent a server running in container
  95. 4 autospawn = no
  96. 5 daemon-binary = /bin/true
  97. 6 # Prevent use of shared memory
  98. 7 enable-shm = false
  99. 8
  100.  
  101. x11docker[449.32]: Environment variables:
  102. DISPLAY=:0 XAUTHORITY=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie XSOCKET=/tmp/.X11-unix/X0 X11DOCKER_CACHE=/home/daniel/.cache/x11docker/X50-erichough-kodi PULSE_SERVER=unix:/x11docker/pulseaudio.socket PULSE_COOKIE=/x11docker/pulseaudio.cookie
  103.  
  104. x11docker[449.39]: Stored background pid 9427 of watchpidlist
  105.  
  106. x11docker[449.39]: Stored background pid 9431 of watchmessagefifo
  107.  
  108. x11docker[449.41]: Sharing directory /home/daniel/.local/share/x11docker/erichough-kodi
  109. with container as its home directory /home/daniel
  110.  
  111. x11docker[449.41]: Found tini binary: /usr/bin/docker-init
  112.  
  113. x11docker[449.41]: Container name: x11docker_X0_992973_erichough-kodi
  114.  
  115. x11docker[449.42]: docker command:
  116. docker run -d --tty --rm --name=x11docker_X0_992973_erichough-kodi \
  117. --user=1000:1000 --env USER=daniel \
  118. --userns=host \
  119. --cap-drop ALL \
  120. --volume '/usr/bin/docker-init':'/x11docker/tini':ro \
  121. --security-opt no-new-privileges \
  122. --security-opt label=type:container_runtime_t \
  123. --group-add 29 \
  124. --group-add 44 \
  125. --tmpfs /run --tmpfs /run/lock \
  126. --entrypoint=env \
  127. --env container=docker \
  128. -v '/home/daniel/.cache/x11docker/X50-erichough-kodi/share':'/x11docker':rw \
  129. -v '/home/daniel/.local/share/x11docker/erichough-kodi':'/home/daniel':rw \
  130. -e DISPLAY=:0 -e XAUTHORITY=/x11docker/Xclientcookie \
  131. -v '/tmp/.X11-unix/X0':'/X0':rw \
  132. --device=/dev/dri:/dev/dri:rw \
  133. -v /dev/dri:/dev/dri:rw \
  134. --device=/dev/vga_arbiter:/dev/vga_arbiter:rw \
  135. -v /dev/vga_arbiter:/dev/vga_arbiter:rw \
  136. --ipc=host \
  137. --net=host \
  138. -v /home/daniel/.cache/x11docker/X50-erichough-kodi/pulseclient.conf:/etc/pulse/client.conf:ro \
  139. --workdir '/tmp' \
  140. --env PULSE_SERVER=unix:/x11docker/pulseaudio.socket \
  141. --env PULSE_COOKIE=/x11docker/pulseaudio.cookie \
  142. -- erichough/kodi /bin/sh - /x11docker/container.CMD.sh
  143.  
  144. x11docker[449.43]: Users and terminal:
  145. x11docker was started by: daniel
  146. As host user serves (running X, storing cache): daniel
  147. Container user will be: daniel
  148. Container user password: x11docker
  149. Getting permission to run docker with: bash -c
  150. Running X and other user commands with: bash -c
  151. Terminal for password frontend: bash -c
  152. Terminal to show docker pull progress: dbus-launch gnome-terminal -x
  153. Running on console: no
  154. Running over SSH: no
  155.  
  156. x11docker[449.44]: Generated container.rootsetup.sh:
  157. 1 #! /bin/sh
  158. 2 # set up docker container as root before ongoing in unprivileged container.CMD.sh
  159. 3 # commands in this script are executed as root in container
  160. 4
  161. 5
  162. 6 warning() {
  163. 7 echo "$*:WARNING" >>$Messagefile
  164. 8 }
  165. 9 note() {
  166. 10 echo "$*:NOTE" >>$Messagefile
  167. 11 }
  168. 12 verbose() {
  169. 13 echo "$*:VERBOSE" >>$Messagefile
  170. 14 }
  171. 15 debugnote() {
  172. 16 echo "$*:DEBUGNOTE" >>$Messagefile
  173. 17 }
  174. 18 error() {
  175. 19 echo "$*:ERROR" >>$Messagefile
  176. 20 exit 1
  177. 21 }
  178. 22 stdout() {
  179. 23 echo "$*:STDOUT" >>$Messagefile
  180. 24 }
  181. 25 Messagefile=/x11docker/message.fifo
  182. 26
  183. 27 verbose -d 'Running setup as root in container'
  184. 28 ldd --version 2>&1 | grep -q 'musl libc' && Containerlibc='musl'
  185. 29 ldd --version 2>&1 | grep -q -E 'GLIBC|GNU libc' && Containerlibc='glibc'
  186. 30 verbose -d "Container libc: $Containerlibc"
  187. 31
  188. 32 # create some system dirs with needed permissions
  189. 33 mkdir -v -p /var/lib/dbus /var/run/dbus
  190. 34 mkdir -v -p -m 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix
  191. 35 chmod -c 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix
  192. 36 export DISPLAY=:0 XAUTHORITY=/x11docker/Xclientcookie
  193. 37 ln -s /X0 /tmp/.X11-unix/X0
  194. 38 ls -l /X0
  195. 39 ls -l /tmp/.X11-unix/X0
  196. 40
  197. 41 [ ! -d /usr/share/zoneinfo ] && [ "$Containerlibc" = "glibc" ] && {
  198. 42 mkdir -p /usr/share/zoneinfo
  199. 43 cp '/x11docker/timezone' '/usr/share/zoneinfo/GB'
  200. 44 }
  201. 45 [ -e '/usr/share/zoneinfo/GB' ] && ln -f -s '/usr/share/zoneinfo/GB' /etc/localtime
  202. 46
  203. 47 Containersystem=$(. /etc/os-release; echo $ID)
  204. 48 verbose "Container system ID: $Containersystem"
  205. 49
  206. 50 export PULSE_SERVER=unix:/x11docker/pulseaudio.socket
  207. 51 export PULSE_COOKIE=/x11docker/pulseaudio.cookie
  208. 52
  209. 53 # create user entry in /etc/passwd (and delete possibly existing same uid)
  210. 54 getent passwd | grep -v $(getent passwd 1000 || echo USERNOTFOUND) > /tmp/passwd
  211. 55 # disable possible /etc/shadow passwords for other users
  212. 56 sed -i s%:x:%:-:% /tmp/passwd
  213. 57 echo daniel:x:1000:1000:daniel,,,:/home/daniel:/bin/sh >> /tmp/passwd
  214. 58 rm /etc/passwd
  215. 59 mv /tmp/passwd /etc/passwd || warning 'Unable to change /etc/passwd. That may be a seurity risk.'
  216. 60
  217. 61 # create password entry for container user in /etc/shadow
  218. 62 rm -v /etc/shadow || warning 'Cannot change /etc/shadow. That may be a security risk.'
  219. 63 echo "daniel:sac19FwGGTx/A:17293:0:99999:7:::" > /etc/shadow
  220. 64 echo 'root:*:17219:0:99999:7:::' >> /etc/shadow
  221. 65
  222. 66 # add user to groups video, audio, systemd-journal
  223. 67 # replace container GIDs of video and audio with host GIDs
  224. 68 Gidvideo=44
  225. 69 Gidaudio=29
  226. 70 [ "$Gidvideo" ] || Gidvideo=$(getent group video | cut -d: -f3)
  227. 71 [ "$Gidaudio" ] || Gidaudio=$(getent group audio | cut -d: -f3)
  228. 72 getent group | sed "s/^video.*/video:x:$Gidvideo:$(getent group video | cut -d: -f4 ),daniel/ ;
  229. 73 s/^audio.*/audio:x:$Gidaudio:$(getent group audio | cut -d: -f4 ),daniel/ ;
  230. 74 s/^systemd-journal.*/\0,daniel/ " | sed 's/:,/:/' > /tmp/group
  231. 75 cp /tmp/group /etc/group
  232. 76
  233. 77 # create user group entry (and delete possibly existing same gid)
  234. 78 getent group | grep -v $(getent group 1000 || echo USERNOTFOUND) > /tmp/group
  235. 79 echo daniel:x:1000: >> /tmp/group
  236. 80 mv /tmp/group /etc/group
  237. 81
  238. 82
  239. 83 # create /etc/sudoers, delete /etc/sudoers.d. Overwrite possible sudo setups in image.
  240. 84 [ -e /etc/sudoers.d ] && rm -v -R /etc/sudoers.d
  241. 85 [ -e /etc/sudoers ] && rm -v /etc/sudoers
  242. 86 echo '# /etc/sudoers created by x11docker' > /etc/sudoers
  243. 87 echo 'root ALL=(ALL) ALL' >> /etc/sudoers
  244. 88
  245. 89 # restrict PAM configuration of su and sudo
  246. 90 echo 'auth sufficient pam_rootok.so' > /etc/pam.d/su # allow root to switch user without a password
  247. 91 [ -e /etc/pam.d/sudo ] && rm -v /etc/pam.d/sudo
  248. 92
  249. 93 # disable getty in inittab
  250. 94 [ -e /etc/inittab ] && sed -i 's/.*getty/##getty disabled by x11docker## \0/' /etc/inittab
  251. 95 command -v pulseaudio >/dev/null || warning "Command pulseaudio not found in image (option --pulseaudio),"
  252. 96
  253. 97 echo 'x11docker: Container root setup is ready'
  254. 98 :> /x11docker.setupready
  255.  
  256. x11docker[449.44]: Generated dockerrc:
  257. 1 #! /bin/bash
  258. 2 mkfile ()
  259. 3 {
  260. 4 : > "${1:-}";
  261. 5 chown $Hostuser "${1:-}";
  262. 6 chgrp $Hostusergid "${1:-}";
  263. 7 [ -n "${2:-}" ] && chmod ${2:-} "${1:-}" || :
  264. 8 }
  265. 9 rocknroll ()
  266. 10 {
  267. 11 [ -s "$Timetosaygoodbye" ] && return 1;
  268. 12 [ -e "$Timetosaygoodbye" ] || return 1;
  269. 13 return 0
  270. 14 }
  271. 15 waitforfilecreation ()
  272. 16 {
  273. 17 local Zeit= Warten= Dauer= Count=;
  274. 18 Zeit=$(date +%s);
  275. 19 verbose -d "Waiting for file creation of ${1:-}";
  276. 20 case ${2:-} in
  277. 21 "")
  278. 22 Warten=15
  279. 23 ;;
  280. 24 infinity | inf)
  281. 25 Warten=32000
  282. 26 ;;
  283. 27 *)
  284. 28 Warten=${2:-}
  285. 29 ;;
  286. 30 esac;
  287. 31 while [ ! "$(find "${1:-}" 2>/dev/null)" ]; do
  288. 32 Count=$(( Count + 1 ));
  289. 33 Dauer=$(( $(date +%s) - $Zeit ));
  290. 34 sleep $(awk "BEGIN { print $Count * 0.1 }");
  291. 35 [ $Warten -lt $Dauer ] && {
  292. 36 warning "Failed to wait for file creation of
  293. 37 ${1:-}";
  294. 38 return 1
  295. 39 };
  296. 40 verbose "Waiting since ${Dauer}s for ${1:-} to be created, will wait up to $Warten seconds.";
  297. 41 rocknroll || {
  298. 42 verbose -d "Stopped waiting for ${1:-} due to terminating signal.";
  299. 43 return 1
  300. 44 };
  301. 45 done;
  302. 46 verbose "Found new created file $(ls ${1:-})";
  303. 47 return 0
  304. 48 }
  305. 49 escapestring ()
  306. 50 {
  307. 51 echo "${1:-}" | LC_ALL=C sed -e 's/[^a-zA-Z0-9,._+@=:/-]/\\&/g; 1{$s/^$/""/}; 1!s/^/"/; $!s/$/"/'
  308. 52 }
  309. 53 rmcr ()
  310. 54 {
  311. 55 case "${1:-}" in
  312. 56 "")
  313. 57 sed "s/$(printf "\r")//g"
  314. 58 ;;
  315. 59 *)
  316. 60 sed -i "s/$(printf "\r")//g" "${1:-}"
  317. 61 ;;
  318. 62 esac
  319. 63 }
  320. 64 Hostuser=daniel
  321. 65 Hostusergid=1000
  322. 66 Timetosaygoodbye=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/timetosaygoodbye
  323. 67
  324. 68 warning() {
  325. 69 echo "$*:WARNING" >>$Messagefile
  326. 70 }
  327. 71 note() {
  328. 72 echo "$*:NOTE" >>$Messagefile
  329. 73 }
  330. 74 verbose() {
  331. 75 echo "$*:VERBOSE" >>$Messagefile
  332. 76 }
  333. 77 debugnote() {
  334. 78 echo "$*:DEBUGNOTE" >>$Messagefile
  335. 79 }
  336. 80 error() {
  337. 81 echo "$*:ERROR" >>$Messagefile
  338. 82 exit 1
  339. 83 }
  340. 84 stdout() {
  341. 85 echo "$*:STDOUT" >>$Messagefile
  342. 86 }
  343. 87 Messagefile=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/message.fifo
  344. 88
  345. 89 verbose -d 'Running dockerrc'
  346. 90 Imagename="erichough/kodi"
  347. 91 Imagecommand=""
  348. 92
  349. 93 # check whether docker daemon is running and refresh images.list for x11docker-gui
  350. 94 mkfile /home/daniel/.cache/x11docker/x11docker-gui/images.list
  351. 95 docker images --format '{{.Repository}}:{{.Tag}}' >>/home/daniel/.cache/x11docker/X50-erichough-kodi/images.list 2>>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log || {
  352. 96 rmcr '/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log'
  353. 97 error "Calling docker daemon failed.
  354. 98 Is docker daemon running at all?
  355. 99 Try to start docker daemon with: systemctl start docker
  356. 100 Last lines of log:
  357. 101 $(tail /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log)"
  358. 102 }
  359. 103 rmcr /home/daniel/.cache/x11docker/X50-erichough-kodi/images.list
  360. 104 while read -r Line ; do
  361. 105 grep -q "<none>" <<<$Line || echo $Line >> /home/daniel/.cache/x11docker/x11docker-gui/images.list
  362. 106 done < <(sort < /home/daniel/.cache/x11docker/X50-erichough-kodi/images.list)
  363. 107
  364. 108 # check if image is available locally
  365. 109 docker inspect --type=image erichough/kodi >/dev/null 2>&1 || {
  366. 110 export DISPLAY= WAYLAND_DISPLAY=wayland-0 XDG_RUNTIME_DIR=/run/user/1000
  367. 111 dbus-launch gnome-terminal -x /bin/bash /home/daniel/.cache/x11docker/X50-erichough-kodi/pullrc
  368. 112 waitforfilecreation /home/daniel/.cache/x11docker/X50-erichough-kodi/pullready infinity
  369. 113 docker inspect --type=image erichough/kodi 2>&1 | rmcr >>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log || error "Image 'erichough/kodi' not found locally and not pulled from docker hub.
  370. 114
  371. 115 Last lines of log:
  372. 116 $(tail /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log)"
  373. 117 }
  374. 118 # check CMD
  375. 119 [ -z "$Imagecommand" ] && {
  376. 120 # extract image command from image if not given on cli
  377. 121 Imagecommand="$(docker inspect --format='{{.Config.Cmd}}' erichough/kodi | rmcr)"
  378. 122 Imagecommand="${Imagecommand#[}"
  379. 123 Imagecommand="${Imagecommand%]}"
  380. 124 Imagecommand="${Imagecommand#/bin/sh -c }"
  381. 125 }
  382. 126 Tini="/x11docker/tini --"
  383. 127 Exec=exec
  384. 128 # check ENTRYPOINT
  385. 129 Entrypoint=$(docker inspect --format='{{.Config.Entrypoint}}' erichough/kodi | rmcr)
  386. 130 Entrypoint=${Entrypoint#[}
  387. 131 Entrypoint=${Entrypoint#/bin/sh -c }
  388. 132 Entrypoint=${Entrypoint%]}
  389. 133 echo "$Entrypoint" | grep -qE '/tini|/init|/systemd' && {
  390. 134 note "There seems to be an init system in ENTRYPOINT of image:
  391. 135 $Entrypoint
  392. 136 x11docker will run this instead of tini from host.
  393. 137 You can disable this ENTRYPOINT with option --no-entrypoint."
  394. 138 Tini=
  395. 139 }
  396. 140
  397. 141 [ -z "$Imagecommand$Entrypoint" ] && warning 'No image command specified and no CMD or ENTRYPOINT found in image.'
  398. 142
  399. 143 # create container.CMD.sh (shared with container and given as image command to docker run)
  400. 144 { echo '#! /bin/sh'
  401. 145 echo '# created startscript for docker run: container.CMD.sh'
  402. 146 echo '# runs as unprivileged user in container'
  403. 147 echo '
  404. 148 warning() {
  405. 149 echo "$*:WARNING" >>$Messagefile
  406. 150 }
  407. 151 note() {
  408. 152 echo "$*:NOTE" >>$Messagefile
  409. 153 }
  410. 154 verbose() {
  411. 155 echo "$*:VERBOSE" >>$Messagefile
  412. 156 }
  413. 157 debugnote() {
  414. 158 echo "$*:DEBUGNOTE" >>$Messagefile
  415. 159 }
  416. 160 error() {
  417. 161 echo "$*:ERROR" >>$Messagefile
  418. 162 exit 1
  419. 163 }
  420. 164 stdout() {
  421. 165 echo "$*:STDOUT" >>$Messagefile
  422. 166 }'
  423. 167 echo 'Messagefile=/x11docker/message.fifo'
  424. 168 echo ''
  425. 169 echo '# wait for container setup script do be ready'
  426. 170 echo 'Zeit=$(date +%s)'
  427. 171 echo 'for Count in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50; do'
  428. 172 echo ' [ -e /x11docker.setupready ] && break'
  429. 173 echo ' verbose "Waiting since $(($(date +%s) - $Zeit))s for container setup to be ready"'
  430. 174 echo ' sleep $(awk "BEGIN { print $Count*0.2 }")'
  431. 175 echo 'done'
  432. 176 echo ''
  433. 177 echo 'verbose -d "Running unprivileged user commands in container"'
  434. 178 echo ''
  435. 179 echo Imagecommand="\"$Imagecommand\""
  436. 180 echo Entrypoint="\"$Entrypoint\""
  437. 181 echo ''
  438. 182 echo 'verbose "Container system:'
  439. 183 echo '$(cat /etc/os-release)"'
  440. 184 echo ''
  441. 185 } >> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/container.CMD.sh
  442. 186 {
  443. 187 echo ''
  444. 188 echo '# x11docker variable settings'
  445. 189 echo export USER="daniel"
  446. 190 echo 'export HOME="/home/daniel"'
  447. 191 echo 'export DISPLAY=:0'
  448. 192 echo '[ -e /tmp/.X11-unix/X0 ] || ln -s /X0 /tmp/.X11-unix'
  449. 193 echo 'export XAUTHORITY=/x11docker/Xclientcookie'
  450. 194 echo 'Dbus=""'
  451. 195 echo 'verbose -d "Running dbus user session with: ${Dbus:-(none)}"'
  452. 196 echo ''
  453. 197 echo "[ -e \"\$XDG_RUNTIME_DIR\" ] || {"
  454. 198 echo ' export XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR'
  455. 199 echo ' mkdir -v -m 700 -p $XDG_RUNTIME_DIR'
  456. 200 echo ' export XDG_RUNTIME_DIR'
  457. 201 echo '}'
  458. 202 echo ''
  459. 203 echo 'export XDG_SESSION_TYPE=x11'
  460. 204 echo ''
  461. 205 echo ''
  462. 206 echo '# xpra environment settings'
  463. 207 echo 'export UBUNTU_MENUPROXY= QT_X11_NO_NATIVE_MENUBAR=1 MWNOCAPTURE=true MWNO_RIT=true MWWM=allwm'
  464. 208 echo ''
  465. 209 echo 'bash --version >/dev/null 2>&1 && export SHELL=/bin/bash || export SHELL=/bin/sh'
  466. 210 echo 'export TERM=xterm'
  467. 211 echo '[ -e /x11docker.LANG ] && export LANG="$(cat /x11docker.LANG)"'
  468. 212 echo '[ -e "/usr/share/zoneinfo/GB" ] || export TZ=UTC-01'
  469. 213 echo '[ "$(date -Ihours)" != "2018-09-02T10+01:00" ] && export TZ=UTC-01'
  470. 214 echo '[ "$DEBIAN_FRONTEND" = noninteractive ] && unset DEBIAN_FRONTEND'
  471. 215 echo '[ "$DEBIAN_FRONTEND" = newt ] && unset DEBIAN_FRONTEND'
  472. 216 echo '# custom environment (--env)'
  473. 217 echo export PULSE_SERVER=unix:/x11docker/pulseaudio.socket
  474. 218 echo export PULSE_COOKIE=/x11docker/pulseaudio.cookie
  475. 219 echo ''
  476. 220 echo 'env >> /x11docker/environment'
  477. 221 echo 'sed -i "/\(PWD=\|_=\)/d" /x11docker/environment'
  478. 222 echo 'verbose "Container environment:'
  479. 223 echo '$(env | sort)"'
  480. 224 echo 'verbose "Copy of environment stored in /x11docker/environment"'
  481. 225 echo ''
  482. 226 echo 'cd "$HOME"'
  483. 227 Workdir=$(docker inspect --format='{{.Config.WorkingDir}}' erichough/kodi 2>>'/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log'| rmcr)
  484. 228 [ "$Workdir" ] && echo "[ -d \"$Workdir\" ] && cd \"$Workdir\" # WORKDIR in image"
  485. 229 echo ''
  486. 230 echo verbose -d "Running image command: $Tini \$Dbus $Entrypoint $Imagecommand"
  487. 231 echo "$Exec $Tini \$Dbus $Entrypoint $Imagecommand >>/x11docker/stdout 2>>/x11docker/stderr"
  488. 232 echo '# Ready for docker run'
  489. 233 } >> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/container.CMD.sh
  490. 234
  491. 235 nl -ba >> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/x11docker.log < /home/daniel/.cache/x11docker/X50-erichough-kodi/share/container.CMD.sh
  492. 236
  493. 237 read Containerid < <(docker run -d --tty --rm --name=x11docker_X0_992973_erichough-kodi \
  494. 238 --user=1000:1000 --env USER=daniel \
  495. 239 --userns=host \
  496. 240 --cap-drop ALL \
  497. 241 --volume '/usr/bin/docker-init':'/x11docker/tini':ro \
  498. 242 --security-opt no-new-privileges \
  499. 243 --security-opt label=type:container_runtime_t \
  500. 244 --group-add 29 \
  501. 245 --group-add 44 \
  502. 246 --tmpfs /run --tmpfs /run/lock \
  503. 247 --entrypoint=env \
  504. 248 --env container=docker \
  505. 249 -v '/home/daniel/.cache/x11docker/X50-erichough-kodi/share':'/x11docker':rw \
  506. 250 -v '/home/daniel/.local/share/x11docker/erichough-kodi':'/home/daniel':rw \
  507. 251 -e DISPLAY=:0 -e XAUTHORITY=/x11docker/Xclientcookie \
  508. 252 -v '/tmp/.X11-unix/X0':'/X0':rw \
  509. 253 --device=/dev/dri:/dev/dri:rw \
  510. 254 -v /dev/dri:/dev/dri:rw \
  511. 255 --device=/dev/vga_arbiter:/dev/vga_arbiter:rw \
  512. 256 -v /dev/vga_arbiter:/dev/vga_arbiter:rw \
  513. 257 --ipc=host \
  514. 258 --net=host \
  515. 259 -v /home/daniel/.cache/x11docker/X50-erichough-kodi/pulseclient.conf:/etc/pulse/client.conf:ro \
  516. 260 --workdir '/tmp' \
  517. 261 --env PULSE_SERVER=unix:/x11docker/pulseaudio.socket \
  518. 262 --env PULSE_COOKIE=/x11docker/pulseaudio.cookie \
  519. 263 -- erichough/kodi /bin/sh - /x11docker/container.CMD.sh 2>>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log | rmcr)
  520. 264
  521. 265 verbose -d "Container ID: $Containerid"
  522. 266 [ "$Containerid" ] || {
  523. 267 rmcr '/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log'
  524. 268 error "Startup of docker failed. Did not receive a container ID.
  525. 269
  526. 270 Last lines of container log:
  527. 271 $(tail /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log)"
  528. 272 }
  529. 273 echo $Containerid >> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.id
  530. 274 docker logs -f $Containerid 2>&1 | rmcr >> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log &
  531. 275
  532. 276 # wait for container to be ready
  533. 277 for ((Count=1 ; Count<=20 ; Count++)); do
  534. 278 docker exec x11docker_X0_992973_erichough-kodi sh -c : 2>&1 | rmcr >>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log && { verbose -d 'Container is up and running.' ; break ; } || verbose -d "Container not ready on $Count. attempt, trying again."
  535. 279 sleep 0.2
  536. 280 done
  537. 281 Failure="$(cat /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log | rmcr | grep -v grep | grep -E 'Error response from daemon|OCI runtime exec' ||:)"
  538. 282 [ "$Failure" ] && {
  539. 283 echo "$Failure" >>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log
  540. 284 error "Got error message from docker daemon:
  541. 285 $Failure"
  542. 286 }
  543. 287
  544. 288 docker inspect --format '{{ .NetworkSettings.IPAddress }}' x11docker_X0_992973_erichough-kodi 2>>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log | rmcr >> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.ip
  545. 289 verbose -d "Container IP: $(cat /home/daniel/.cache/x11docker/X50-erichough-kodi/container.ip)"
  546. 290
  547. 291 docker inspect --format '{{.State.Pid}}' x11docker_X0_992973_erichough-kodi 2>>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log | rmcr >> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.pid1pid
  548. 292 verbose -d "Host PID of container PID 1: $(cat /home/daniel/.cache/x11docker/X50-erichough-kodi/container.pid1pid)"
  549. 293
  550. 294 # get PID of container
  551. 295 Containerpid=$(ps ax | grep $Containerid | grep -v grep | grep -v ' logs' | awk '{print $1}')
  552. 296 verbose -d "Container PID: $Containerpid"
  553. 297 echo $Containerpid >> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.pid
  554. 298
  555. 299 rmcr '/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log'
  556. 300
  557. 301 docker exec --tty -u root x11docker_X0_992973_erichough-kodi /bin/sh /x11docker/container.rootsetup.sh 2>&1 | rmcr >>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log
  558. 302 exit 0
  559.  
  560. x11docker[449.44]: Generated xtermrc:
  561. 1 #! /bin/bash
  562. 2 touchxtermready() {
  563. 3 bash -c 'touch /home/daniel/.cache/x11docker/X50-erichough-kodi/xtermready'
  564. 4 trap - EXIT
  565. 5 exit
  566. 6 }
  567. 7 trap touchxtermready EXIT
  568. 8 export TERM=xterm SHELL=/bin/bash
  569. 9 bash -c "bash /home/daniel/.cache/x11docker/X50-erichough-kodi/dockerrc "
  570. 10 exit
  571.  
  572. x11docker[449.45]: Generated xinitrc:
  573. 1 #! /bin/sh
  574. 2 Timetosaygoodbye=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/timetosaygoodbye
  575. 3 Timetosaygoodbyefifo=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/timetosaygoodbye.fifo
  576. 4 Sharefolder=/home/daniel/.cache/x11docker/X50-erichough-kodi/share
  577. 5 Bgpidfile=/home/daniel/.cache/x11docker/X50-erichough-kodi/backgroundpids
  578. 6 Winsubsystem=
  579. 7 storepid ()
  580. 8 {
  581. 9 echo ${1:-} ${2:-} >> $Bgpidfile;
  582. 10 verbose -d "Stored background pid ${1:-} of ${2:-}";
  583. 11 disown ${1:-} 2> /dev/null || :
  584. 12 }
  585. 13 rocknroll ()
  586. 14 {
  587. 15 [ -s "$Timetosaygoodbye" ] && return 1;
  588. 16 [ -e "$Timetosaygoodbye" ] || return 1;
  589. 17 return 0
  590. 18 }
  591. 19 waitfortheend ()
  592. 20 {
  593. 21 case $Winsubsystem in
  594. 22 "")
  595. 23 while rocknroll; do
  596. 24 bash -c "read -n1 -t1 <&8" && saygoodbye timetosaygoodbyefifo;
  597. 25 done
  598. 26 ;;
  599. 27 *)
  600. 28 while rocknroll; do
  601. 29 sleep 2;
  602. 30 done
  603. 31 ;;
  604. 32 esac
  605. 33 }
  606. 34 saygoodbye ()
  607. 35 {
  608. 36 verbose -d "time to say goodbye ($*)";
  609. 37 [ -e "$Sharefolder" ] && {
  610. 38 echo timetosaygoodbye >> $Timetosaygoodbye;
  611. 39 echo timetosaygoodbye >> $Timetosaygoodbyefifo
  612. 40 }
  613. 41 }
  614. 42 rmcr ()
  615. 43 {
  616. 44 case "${1:-}" in
  617. 45 "")
  618. 46 sed "s/$(printf "\r")//g"
  619. 47 ;;
  620. 48 *)
  621. 49 sed -i "s/$(printf "\r")//g" "${1:-}"
  622. 50 ;;
  623. 51 esac
  624. 52 }
  625. 53 no_xhost ()
  626. 54 {
  627. 55 local Line=;
  628. 56 command -v xhost > /dev/null || {
  629. 57 warning "Command 'xhost' not found.
  630. 58 Can not check for possibly allowed network access to X.
  631. 59 Please install 'xhost'.";
  632. 60 return 1
  633. 61 };
  634. 62 xhost 2>&1 | rmcr | tail -n +2 /dev/stdin | while read -r Line; do
  635. 63 verbose -d "xhost: Removing entry $Line";
  636. 64 xhost -$Line | rmcr;
  637. 65 done;
  638. 66 xhost - | rmcr;
  639. 67 [ "$(xhost 2>&1 | rmcr | wc -l)" -gt "1" ] && {
  640. 68 warning "Remaining xhost permissions found on display $DISPLAY
  641. 69 $(xhost 2>&1 | rmcr)";
  642. 70 return 1
  643. 71 };
  644. 72 return 0
  645. 73 }
  646. 74
  647. 75 warning() {
  648. 76 echo "$*:WARNING" >>$Messagefile
  649. 77 }
  650. 78 note() {
  651. 79 echo "$*:NOTE" >>$Messagefile
  652. 80 }
  653. 81 verbose() {
  654. 82 echo "$*:VERBOSE" >>$Messagefile
  655. 83 }
  656. 84 debugnote() {
  657. 85 echo "$*:DEBUGNOTE" >>$Messagefile
  658. 86 }
  659. 87 error() {
  660. 88 echo "$*:ERROR" >>$Messagefile
  661. 89 exit 1
  662. 90 }
  663. 91 stdout() {
  664. 92 echo "$*:STDOUT" >>$Messagefile
  665. 93 }
  666. 94 Messagefile=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/message.fifo
  667. 95
  668. 96 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/games:/usr/local/bin:/usr/sbin:/sbin'
  669. 97 verbose -d 'Running xinitrc'
  670. 98 export DISPLAY=:0 XAUTHORITY=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie XSOCKET=/tmp/.X11-unix/X0 X11DOCKER_CACHE=/home/daniel/.cache/x11docker/X50-erichough-kodi PULSE_SERVER=unix:/x11docker/pulseaudio.socket PULSE_COOKIE=/x11docker/pulseaudio.cookie
  671. 99 # background color
  672. 100 xsetroot -solid '#7F7F7F'
  673. 101 # create new XAUTHORITY cookies
  674. 102 cd /home/daniel/.cache/x11docker/X50-erichough-kodi/share
  675. 103 :> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  676. 104 xhost | rmcr | grep -q 'SI:localuser:daniel' || { xhost +SI:localuser:daniel | rmcr ; Xhostentry='yes' ; }
  677. 105 verbose 'Requesting trusted cookie from X server'
  678. 106 echo 'Requesting trusted cookie from X server'
  679. 107 xauth -v -i -f Xclientcookie generate :0 . trusted timeout 3600 | rmcr
  680. 108 export XAUTHORITY=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  681. 109 [ -s '/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie' ] || {
  682. 110 [ 'trusted' = 'untrusted' ] && note 'Could not create untrusted cookie.
  683. 111 Maybe your X server misses extension SECURITY.'
  684. 112 warning 'SECURITY RISK! Keylogging and remote host control
  685. 113 may be possible! Better avoid using option --hostdisplay,
  686. 114 rather use --xpra or --nxagent.'
  687. 115 cp /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  688. 116 }
  689. 117 ls -l /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  690. 118 [ -s '/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie' ] || {
  691. 119 # still no cookie? try to create one without extension security
  692. 120 verbose -d 'Failed to retrieve trusted cookie from X server. Will bake one myself.'
  693. 121 echo 'Failed to retrieve trusted cookie from X server. Will bake one myself.'
  694. 122 xauth -v -i -f Xclientcookie add :0 . b40602c47d1997fb24f766a08ad83e26 | rmcr
  695. 123 ls -l /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  696. 124 }
  697. 125 # create prepared cookie with localhost identification disabled by ffff, needed if X socket is shared. ffff means 'familiy wild'
  698. 126 Cookie=$(xauth -i -f Xclientcookie nlist | rmcr | sed -e 's/^..../ffff/')
  699. 127 echo "$Cookie" | xauth -v -i -f Xclientcookie nmerge - | rmcr
  700. 128 cp /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie /home/daniel/.cache/x11docker/X50-erichough-kodi/Xservercookie
  701. 129 [ -s '/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie' ] || warning 'Cookie creation failed!'
  702. 130 verbose -d "Created cookie: $(xauth -f Xclientcookie list 2>&1 | rmcr)"
  703. 131 chmod 644 /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  704. 132 [ '$Xhostentry' = 'yes' ] && env XAUTHORITY= xhost -SI:localuser:daniel | rmcr
  705. 133 export XAUTHORITY=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  706. 134 [ 'yes' = 'no' ] || [ ! -s '/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie' ] && unset XAUTHORITY && warning '--hostdisplay: X server :0 runs without cookie authentication.'
  707. 135 getscreensize() {
  708. 136 CurrentXaxis=$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f1 )
  709. 137 CurrentYaxis=$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f2 | cut -d+ -f1)
  710. 138 }
  711. 139 checkscreensize() {
  712. 140 getscreensize
  713. 141 [ "$Xaxis" = "$CurrentXaxis" ] || return 1
  714. 142 [ "$Yaxis" = "$CurrentYaxis" ] || return 1
  715. 143 return 0
  716. 144 }
  717. 145 getprimary() {
  718. 146 xrandr | grep -q primary || xrandr --output $(xrandr | grep ' connected' | head -n1 | cut -d' ' -f1) --primary
  719. 147 echo $(xrandr | grep primary | cut -d' ' -f1)
  720. 148 }
  721. 149 Output=$(getprimary)
  722. 150 verbose "Output of xrandr on :0
  723. 151 $(xrandr)"
  724. 152 touch /home/daniel/.cache/x11docker/X50-erichough-kodi/Xready
  725. 153 waitfortheend
  726.  
  727. x11docker[449.45]: Stored background pid 9513 of containershell
  728.  
  729.  
  730. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xinit.log <==
  731. Requesting trusted cookie from X server
  732. Ignoring locks on authority file Xclientcookie
  733. authorization id is 699
  734. Ignoring locks and writing authority file Xclientcookie
  735. -rw------- 1 daniel daniel 54 Sep 2 10:44 /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  736.  
  737. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/message.log <==
  738. x11docker[449.46]: Running xinitrc
  739.  
  740.  
  741. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xinit.log <==
  742. Ignoring locks on authority file Xclientcookie
  743. 1 entries read in: 0 new, 1 replacement
  744. Ignoring locks and writing authority file Xclientcookie
  745.  
  746. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/message.log <==
  747. x11docker[449.47]: Requesting trusted cookie from X server
  748.  
  749. x11docker[449.48]: Created cookie: #ffff#4c6f756e67652d5043#:0 MIT-MAGIC-COOKIE-1 5bb51f91969c8abccbd6dffa7e07a858
  750.  
  751. x11docker[449.49]: Output of xrandr on :0
  752. Screen 0: minimum 320 x 200, current 1920 x 1080, maximum 8192 x 8192
  753. XWAYLAND0 connected primary 1920x1080+0+0 (normal left inverted right x axis y axis) 1040mm x 580mm
  754. 1920x1080 59.96*+
  755.  
  756. x11docker[449.56]: Waiting since 0s for --hostdisplay to be ready.
  757.  
  758. x11docker ERROR: Error during startup of X server --hostdisplay.
  759. Last lines of xinit log:
  760. and start again.
  761. (EE)
  762. Requesting trusted cookie from X server
  763. Ignoring locks on authority file Xclientcookie
  764. authorization id is 699
  765. Ignoring locks and writing authority file Xclientcookie
  766. -rw------- 1 daniel daniel 54 Sep 2 10:44 /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  767. Ignoring locks on authority file Xclientcookie
  768. 1 entries read in: 0 new, 1 replacement
  769. Ignoring locks and writing authority file Xclientcookie
  770.  
  771.  
  772.  
  773. Type 'x11docker --help' for usage information
  774. For debugging, run x11docker in terminal and/or enable option '--verbose'
  775. or look afterwards at logfile /home/daniel/.cache/x11docker/x11docker.log
  776. Please report issues at https://github.com/mviereck/x11docker
  777.  
  778. x11docker[453.48]: Terminating x11docker.
  779.  
  780. x11docker[453.49]: time to say goodbye (finish-subshell)
  781.  
  782. x11docker[453.49]: time to say goodbye (xinit)
  783.  
  784. x11docker[453.50]: Terminating x11docker.
  785.  
  786. x11docker[453.52]: time to say goodbye (timetosaygoodbyefifo)
  787.  
  788. x11docker[453.52]: Terminating 9513 (containershell) x11docker: 9513 pts/0 00:00:00 x11docker
  789.  
  790. x11docker[453.54]: Terminating 9513 (containershell) x11docker:
  791.  
  792. x11docker[453.59]: Terminating 9427 (watchpidlist) x11docker: 9427 pts/0 00:00:00 x11docker
  793.  
  794. x11docker[453.61]: time to say goodbye (finish)
  795.  
  796. x11docker[453.61]: Exitcode 1
  797.  
  798. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/message.log <==
  799.  
  800. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log <==
  801.  
  802. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/stdout <==
  803.  
  804. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/stderr <==
  805.  
  806. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xpraserver.log <==
  807.  
  808. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xpraclient.log <==
  809.  
  810. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xinit.log <==
  811.  
  812. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/compositor.log <==
  813.  
  814. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/message.log <==
  815.  
  816. x11docker[449.18]: x11docker version 5.0.0
  817. docker version: Docker version 18.06.1-ce, build e68fc7a
  818. Host system: Ubuntu 18.04.1 LTS
  819. Command: /usr/bin/x11docker --home --hostdisplay --pulseaudio --hostnet --gpu --verbose erichough/kodi
  820. Parsed options: --home --hostdisplay --pulseaudio '' --hostnet --gpu --verbose '' -- 'erichough/kodi'
  821.  
  822. x11docker[449.18]:
  823. Wanda the fish says: Install fortunes to find wisdom.
  824.  
  825. x11docker[449.20]: Host IP: 172.17.0.1
  826.  
  827. x11docker[449.21]: Image name: erichough/kodi
  828.  
  829. x11docker[449.21]: Using X server option --hostdisplay
  830.  
  831. x11docker note: To allow GPU acceleration (option --gpu) with --hostdisplay,
  832. x11docker will allow trusted cookies (option --trusted).
  833.  
  834. x11docker WARNING: To allow --hostdisplay with trusted cookies,
  835. x11docker must share host IPC namespace with container to allow
  836. shared memory for X extension MIT-SHM.
  837. Enabling option --hostipc to avoid Video RAM access errors.
  838.  
  839. x11docker WARNING: Option --hostdisplay with trusted cookies provides
  840. QUITE BAD CONTAINER ISOLATION !
  841. Keylogging and controlling host applications is possible!
  842.  
  843. x11docker WARNING: Security risk:
  844. Option --hostipc causes severe reduction of container isolation!
  845. Drawback: IPC namespace remapping is disabled.
  846. Advantage: X extension MIT-SHM is possible.
  847.  
  848. x11docker WARNING: Security risk:
  849. Option --hostnet causes severe reduction of container isolation!
  850. Network namespacing is disabled.
  851. Drawback: Container shares host network stack.
  852. Advantage: dbus communication between host and container is possible.
  853.  
  854. x11docker[449.29]: Logfile: /home/daniel/.cache/x11docker/X50-erichough-kodi/share/x11docker.log
  855. In container: /x11docker/x11docker.log
  856. After finish: /home/daniel/.cache/x11docker/x11docker.log
  857.  
  858. x11docker[449.29]: Running Xwayland to get screen size
  859.  
  860. x11docker[449.29]: Waiting for file creation of /tmp/.X11-unix/X0
  861.  
  862.  
  863. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xinit.log <==
  864. (EE)
  865. Fatal server error:
  866. (EE) Server is already active for display 0
  867. If this server is no longer running, remove /tmp/.X0-lock
  868. and start again.
  869. (EE)
  870.  
  871. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/message.log <==
  872. x11docker[449.30]: Found new created file /tmp/.X11-unix/X0
  873.  
  874. x11docker[449.31]: Virtual screen size: 4720x3840
  875.  
  876. x11docker[449.31]: Physical screen size:
  877.  
  878.  
  879. x11docker WARNING: Option --gpu degrades container isolation.
  880. Container gains access to GPU hardware.
  881. This allows reading host window content (palinopsia leak)
  882. and GPU rootkits (compare proof of concept: jellyfish).
  883.  
  884. x11docker WARNING: Option --pulseaudio allows container applications
  885. to catch your audio output and microphone input.
  886.  
  887. x11docker[449.32]: Generated pulseaudio client.conf:
  888. 1 # Connect to host pulseaudio server using mounted UNIX socket
  889. 2 default-server = unix:/x11docker/pulseaudio.socket
  890. 3 # Prevent a server running in container
  891. 4 autospawn = no
  892. 5 daemon-binary = /bin/true
  893. 6 # Prevent use of shared memory
  894. 7 enable-shm = false
  895. 8
  896.  
  897. x11docker[449.32]: Environment variables:
  898. DISPLAY=:0 XAUTHORITY=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie XSOCKET=/tmp/.X11-unix/X0 X11DOCKER_CACHE=/home/daniel/.cache/x11docker/X50-erichough-kodi PULSE_SERVER=unix:/x11docker/pulseaudio.socket PULSE_COOKIE=/x11docker/pulseaudio.cookie
  899.  
  900. x11docker[449.39]: Stored background pid 9427 of watchpidlist
  901.  
  902. x11docker[449.39]: Stored background pid 9431 of watchmessagefifo
  903.  
  904. x11docker[449.41]: Sharing directory /home/daniel/.local/share/x11docker/erichough-kodi
  905. with container as its home directory /home/daniel
  906.  
  907. x11docker[449.41]: Found tini binary: /usr/bin/docker-init
  908.  
  909. x11docker[449.41]: Container name: x11docker_X0_992973_erichough-kodi
  910.  
  911. x11docker[449.42]: docker command:
  912. docker run -d --tty --rm --name=x11docker_X0_992973_erichough-kodi \
  913. --user=1000:1000 --env USER=daniel \
  914. --userns=host \
  915. --cap-drop ALL \
  916. --volume '/usr/bin/docker-init':'/x11docker/tini':ro \
  917. --security-opt no-new-privileges \
  918. --security-opt label=type:container_runtime_t \
  919. --group-add 29 \
  920. --group-add 44 \
  921. --tmpfs /run --tmpfs /run/lock \
  922. --entrypoint=env \
  923. --env container=docker \
  924. -v '/home/daniel/.cache/x11docker/X50-erichough-kodi/share':'/x11docker':rw \
  925. -v '/home/daniel/.local/share/x11docker/erichough-kodi':'/home/daniel':rw \
  926. -e DISPLAY=:0 -e XAUTHORITY=/x11docker/Xclientcookie \
  927. -v '/tmp/.X11-unix/X0':'/X0':rw \
  928. --device=/dev/dri:/dev/dri:rw \
  929. -v /dev/dri:/dev/dri:rw \
  930. --device=/dev/vga_arbiter:/dev/vga_arbiter:rw \
  931. -v /dev/vga_arbiter:/dev/vga_arbiter:rw \
  932. --ipc=host \
  933. --net=host \
  934. -v /home/daniel/.cache/x11docker/X50-erichough-kodi/pulseclient.conf:/etc/pulse/client.conf:ro \
  935. --workdir '/tmp' \
  936. --env PULSE_SERVER=unix:/x11docker/pulseaudio.socket \
  937. --env PULSE_COOKIE=/x11docker/pulseaudio.cookie \
  938. -- erichough/kodi /bin/sh - /x11docker/container.CMD.sh
  939.  
  940. x11docker[449.43]: Users and terminal:
  941. x11docker was started by: daniel
  942. As host user serves (running X, storing cache): daniel
  943. Container user will be: daniel
  944. Container user password: x11docker
  945. Getting permission to run docker with: bash -c
  946. Running X and other user commands with: bash -c
  947. Terminal for password frontend: bash -c
  948. Terminal to show docker pull progress: dbus-launch gnome-terminal -x
  949. Running on console: no
  950. Running over SSH: no
  951.  
  952. x11docker[449.44]: Generated container.rootsetup.sh:
  953. 1 #! /bin/sh
  954. 2 # set up docker container as root before ongoing in unprivileged container.CMD.sh
  955. 3 # commands in this script are executed as root in container
  956. 4
  957. 5
  958. 6 warning() {
  959. 7 echo "$*:WARNING" >>$Messagefile
  960. 8 }
  961. 9 note() {
  962. 10 echo "$*:NOTE" >>$Messagefile
  963. 11 }
  964. 12 verbose() {
  965. 13 echo "$*:VERBOSE" >>$Messagefile
  966. 14 }
  967. 15 debugnote() {
  968. 16 echo "$*:DEBUGNOTE" >>$Messagefile
  969. 17 }
  970. 18 error() {
  971. 19 echo "$*:ERROR" >>$Messagefile
  972. 20 exit 1
  973. 21 }
  974. 22 stdout() {
  975. 23 echo "$*:STDOUT" >>$Messagefile
  976. 24 }
  977. 25 Messagefile=/x11docker/message.fifo
  978. 26
  979. 27 verbose -d 'Running setup as root in container'
  980. 28 ldd --version 2>&1 | grep -q 'musl libc' && Containerlibc='musl'
  981. 29 ldd --version 2>&1 | grep -q -E 'GLIBC|GNU libc' && Containerlibc='glibc'
  982. 30 verbose -d "Container libc: $Containerlibc"
  983. 31
  984. 32 # create some system dirs with needed permissions
  985. 33 mkdir -v -p /var/lib/dbus /var/run/dbus
  986. 34 mkdir -v -p -m 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix
  987. 35 chmod -c 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix
  988. 36 export DISPLAY=:0 XAUTHORITY=/x11docker/Xclientcookie
  989. 37 ln -s /X0 /tmp/.X11-unix/X0
  990. 38 ls -l /X0
  991. 39 ls -l /tmp/.X11-unix/X0
  992. 40
  993. 41 [ ! -d /usr/share/zoneinfo ] && [ "$Containerlibc" = "glibc" ] && {
  994. 42 mkdir -p /usr/share/zoneinfo
  995. 43 cp '/x11docker/timezone' '/usr/share/zoneinfo/GB'
  996. 44 }
  997. 45 [ -e '/usr/share/zoneinfo/GB' ] && ln -f -s '/usr/share/zoneinfo/GB' /etc/localtime
  998. 46
  999. 47 Containersystem=$(. /etc/os-release; echo $ID)
  1000. 48 verbose "Container system ID: $Containersystem"
  1001. 49
  1002. 50 export PULSE_SERVER=unix:/x11docker/pulseaudio.socket
  1003. 51 export PULSE_COOKIE=/x11docker/pulseaudio.cookie
  1004. 52
  1005. 53 # create user entry in /etc/passwd (and delete possibly existing same uid)
  1006. 54 getent passwd | grep -v $(getent passwd 1000 || echo USERNOTFOUND) > /tmp/passwd
  1007. 55 # disable possible /etc/shadow passwords for other users
  1008. 56 sed -i s%:x:%:-:% /tmp/passwd
  1009. 57 echo daniel:x:1000:1000:daniel,,,:/home/daniel:/bin/sh >> /tmp/passwd
  1010. 58 rm /etc/passwd
  1011. 59 mv /tmp/passwd /etc/passwd || warning 'Unable to change /etc/passwd. That may be a seurity risk.'
  1012. 60
  1013. 61 # create password entry for container user in /etc/shadow
  1014. 62 rm -v /etc/shadow || warning 'Cannot change /etc/shadow. That may be a security risk.'
  1015. 63 echo "daniel:sac19FwGGTx/A:17293:0:99999:7:::" > /etc/shadow
  1016. 64 echo 'root:*:17219:0:99999:7:::' >> /etc/shadow
  1017. 65
  1018. 66 # add user to groups video, audio, systemd-journal
  1019. 67 # replace container GIDs of video and audio with host GIDs
  1020. 68 Gidvideo=44
  1021. 69 Gidaudio=29
  1022. 70 [ "$Gidvideo" ] || Gidvideo=$(getent group video | cut -d: -f3)
  1023. 71 [ "$Gidaudio" ] || Gidaudio=$(getent group audio | cut -d: -f3)
  1024. 72 getent group | sed "s/^video.*/video:x:$Gidvideo:$(getent group video | cut -d: -f4 ),daniel/ ;
  1025. 73 s/^audio.*/audio:x:$Gidaudio:$(getent group audio | cut -d: -f4 ),daniel/ ;
  1026. 74 s/^systemd-journal.*/\0,daniel/ " | sed 's/:,/:/' > /tmp/group
  1027. 75 cp /tmp/group /etc/group
  1028. 76
  1029. 77 # create user group entry (and delete possibly existing same gid)
  1030. 78 getent group | grep -v $(getent group 1000 || echo USERNOTFOUND) > /tmp/group
  1031. 79 echo daniel:x:1000: >> /tmp/group
  1032. 80 mv /tmp/group /etc/group
  1033. 81
  1034. 82
  1035. 83 # create /etc/sudoers, delete /etc/sudoers.d. Overwrite possible sudo setups in image.
  1036. 84 [ -e /etc/sudoers.d ] && rm -v -R /etc/sudoers.d
  1037. 85 [ -e /etc/sudoers ] && rm -v /etc/sudoers
  1038. 86 echo '# /etc/sudoers created by x11docker' > /etc/sudoers
  1039. 87 echo 'root ALL=(ALL) ALL' >> /etc/sudoers
  1040. 88
  1041. 89 # restrict PAM configuration of su and sudo
  1042. 90 echo 'auth sufficient pam_rootok.so' > /etc/pam.d/su # allow root to switch user without a password
  1043. 91 [ -e /etc/pam.d/sudo ] && rm -v /etc/pam.d/sudo
  1044. 92
  1045. 93 # disable getty in inittab
  1046. 94 [ -e /etc/inittab ] && sed -i 's/.*getty/##getty disabled by x11docker## \0/' /etc/inittab
  1047. 95 command -v pulseaudio >/dev/null || warning "Command pulseaudio not found in image (option --pulseaudio),"
  1048. 96
  1049. 97 echo 'x11docker: Container root setup is ready'
  1050. 98 :> /x11docker.setupready
  1051.  
  1052. x11docker[449.44]: Generated dockerrc:
  1053. 1 #! /bin/bash
  1054. 2 mkfile ()
  1055. 3 {
  1056. 4 : > "${1:-}";
  1057. 5 chown $Hostuser "${1:-}";
  1058. 6 chgrp $Hostusergid "${1:-}";
  1059. 7 [ -n "${2:-}" ] && chmod ${2:-} "${1:-}" || :
  1060. 8 }
  1061. 9 rocknroll ()
  1062. 10 {
  1063. 11 [ -s "$Timetosaygoodbye" ] && return 1;
  1064. 12 [ -e "$Timetosaygoodbye" ] || return 1;
  1065. 13 return 0
  1066. 14 }
  1067. 15 waitforfilecreation ()
  1068. 16 {
  1069. 17 local Zeit= Warten= Dauer= Count=;
  1070. 18 Zeit=$(date +%s);
  1071. 19 verbose -d "Waiting for file creation of ${1:-}";
  1072. 20 case ${2:-} in
  1073. 21 "")
  1074. 22 Warten=15
  1075. 23 ;;
  1076. 24 infinity | inf)
  1077. 25 Warten=32000
  1078. 26 ;;
  1079. 27 *)
  1080. 28 Warten=${2:-}
  1081. 29 ;;
  1082. 30 esac;
  1083. 31 while [ ! "$(find "${1:-}" 2>/dev/null)" ]; do
  1084. 32 Count=$(( Count + 1 ));
  1085. 33 Dauer=$(( $(date +%s) - $Zeit ));
  1086. 34 sleep $(awk "BEGIN { print $Count * 0.1 }");
  1087. 35 [ $Warten -lt $Dauer ] && {
  1088. 36 warning "Failed to wait for file creation of
  1089. 37 ${1:-}";
  1090. 38 return 1
  1091. 39 };
  1092. 40 verbose "Waiting since ${Dauer}s for ${1:-} to be created, will wait up to $Warten seconds.";
  1093. 41 rocknroll || {
  1094. 42 verbose -d "Stopped waiting for ${1:-} due to terminating signal.";
  1095. 43 return 1
  1096. 44 };
  1097. 45 done;
  1098. 46 verbose "Found new created file $(ls ${1:-})";
  1099. 47 return 0
  1100. 48 }
  1101. 49 escapestring ()
  1102. 50 {
  1103. 51 echo "${1:-}" | LC_ALL=C sed -e 's/[^a-zA-Z0-9,._+@=:/-]/\\&/g; 1{$s/^$/""/}; 1!s/^/"/; $!s/$/"/'
  1104. 52 }
  1105. 53 rmcr ()
  1106. 54 {
  1107. 55 case "${1:-}" in
  1108. 56 "")
  1109. 57 sed "s/$(printf "\r")//g"
  1110. 58 ;;
  1111. 59 *)
  1112. 60 sed -i "s/$(printf "\r")//g" "${1:-}"
  1113. 61 ;;
  1114. 62 esac
  1115. 63 }
  1116. 64 Hostuser=daniel
  1117. 65 Hostusergid=1000
  1118. 66 Timetosaygoodbye=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/timetosaygoodbye
  1119. 67
  1120. 68 warning() {
  1121. 69 echo "$*:WARNING" >>$Messagefile
  1122. 70 }
  1123. 71 note() {
  1124. 72 echo "$*:NOTE" >>$Messagefile
  1125. 73 }
  1126. 74 verbose() {
  1127. 75 echo "$*:VERBOSE" >>$Messagefile
  1128. 76 }
  1129. 77 debugnote() {
  1130. 78 echo "$*:DEBUGNOTE" >>$Messagefile
  1131. 79 }
  1132. 80 error() {
  1133. 81 echo "$*:ERROR" >>$Messagefile
  1134. 82 exit 1
  1135. 83 }
  1136. 84 stdout() {
  1137. 85 echo "$*:STDOUT" >>$Messagefile
  1138. 86 }
  1139. 87 Messagefile=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/message.fifo
  1140. 88
  1141. 89 verbose -d 'Running dockerrc'
  1142. 90 Imagename="erichough/kodi"
  1143. 91 Imagecommand=""
  1144. 92
  1145. 93 # check whether docker daemon is running and refresh images.list for x11docker-gui
  1146. 94 mkfile /home/daniel/.cache/x11docker/x11docker-gui/images.list
  1147. 95 docker images --format '{{.Repository}}:{{.Tag}}' >>/home/daniel/.cache/x11docker/X50-erichough-kodi/images.list 2>>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log || {
  1148. 96 rmcr '/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log'
  1149. 97 error "Calling docker daemon failed.
  1150. 98 Is docker daemon running at all?
  1151. 99 Try to start docker daemon with: systemctl start docker
  1152. 100 Last lines of log:
  1153. 101 $(tail /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log)"
  1154. 102 }
  1155. 103 rmcr /home/daniel/.cache/x11docker/X50-erichough-kodi/images.list
  1156. 104 while read -r Line ; do
  1157. 105 grep -q "<none>" <<<$Line || echo $Line >> /home/daniel/.cache/x11docker/x11docker-gui/images.list
  1158. 106 done < <(sort < /home/daniel/.cache/x11docker/X50-erichough-kodi/images.list)
  1159. 107
  1160. 108 # check if image is available locally
  1161. 109 docker inspect --type=image erichough/kodi >/dev/null 2>&1 || {
  1162. 110 export DISPLAY= WAYLAND_DISPLAY=wayland-0 XDG_RUNTIME_DIR=/run/user/1000
  1163. 111 dbus-launch gnome-terminal -x /bin/bash /home/daniel/.cache/x11docker/X50-erichough-kodi/pullrc
  1164. 112 waitforfilecreation /home/daniel/.cache/x11docker/X50-erichough-kodi/pullready infinity
  1165. 113 docker inspect --type=image erichough/kodi 2>&1 | rmcr >>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log || error "Image 'erichough/kodi' not found locally and not pulled from docker hub.
  1166. 114
  1167. 115 Last lines of log:
  1168. 116 $(tail /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log)"
  1169. 117 }
  1170. 118 # check CMD
  1171. 119 [ -z "$Imagecommand" ] && {
  1172. 120 # extract image command from image if not given on cli
  1173. 121 Imagecommand="$(docker inspect --format='{{.Config.Cmd}}' erichough/kodi | rmcr)"
  1174. 122 Imagecommand="${Imagecommand#[}"
  1175. 123 Imagecommand="${Imagecommand%]}"
  1176. 124 Imagecommand="${Imagecommand#/bin/sh -c }"
  1177. 125 }
  1178. 126 Tini="/x11docker/tini --"
  1179. 127 Exec=exec
  1180. 128 # check ENTRYPOINT
  1181. 129 Entrypoint=$(docker inspect --format='{{.Config.Entrypoint}}' erichough/kodi | rmcr)
  1182. 130 Entrypoint=${Entrypoint#[}
  1183. 131 Entrypoint=${Entrypoint#/bin/sh -c }
  1184. 132 Entrypoint=${Entrypoint%]}
  1185. 133 echo "$Entrypoint" | grep -qE '/tini|/init|/systemd' && {
  1186. 134 note "There seems to be an init system in ENTRYPOINT of image:
  1187. 135 $Entrypoint
  1188. 136 x11docker will run this instead of tini from host.
  1189. 137 You can disable this ENTRYPOINT with option --no-entrypoint."
  1190. 138 Tini=
  1191. 139 }
  1192. 140
  1193. 141 [ -z "$Imagecommand$Entrypoint" ] && warning 'No image command specified and no CMD or ENTRYPOINT found in image.'
  1194. 142
  1195. 143 # create container.CMD.sh (shared with container and given as image command to docker run)
  1196. 144 { echo '#! /bin/sh'
  1197. 145 echo '# created startscript for docker run: container.CMD.sh'
  1198. 146 echo '# runs as unprivileged user in container'
  1199. 147 echo '
  1200. 148 warning() {
  1201. 149 echo "$*:WARNING" >>$Messagefile
  1202. 150 }
  1203. 151 note() {
  1204. 152 echo "$*:NOTE" >>$Messagefile
  1205. 153 }
  1206. 154 verbose() {
  1207. 155 echo "$*:VERBOSE" >>$Messagefile
  1208. 156 }
  1209. 157 debugnote() {
  1210. 158 echo "$*:DEBUGNOTE" >>$Messagefile
  1211. 159 }
  1212. 160 error() {
  1213. 161 echo "$*:ERROR" >>$Messagefile
  1214. 162 exit 1
  1215. 163 }
  1216. 164 stdout() {
  1217. 165 echo "$*:STDOUT" >>$Messagefile
  1218. 166 }'
  1219. 167 echo 'Messagefile=/x11docker/message.fifo'
  1220. 168 echo ''
  1221. 169 echo '# wait for container setup script do be ready'
  1222. 170 echo 'Zeit=$(date +%s)'
  1223. 171 echo 'for Count in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50; do'
  1224. 172 echo ' [ -e /x11docker.setupready ] && break'
  1225. 173 echo ' verbose "Waiting since $(($(date +%s) - $Zeit))s for container setup to be ready"'
  1226. 174 echo ' sleep $(awk "BEGIN { print $Count*0.2 }")'
  1227. 175 echo 'done'
  1228. 176 echo ''
  1229. 177 echo 'verbose -d "Running unprivileged user commands in container"'
  1230. 178 echo ''
  1231. 179 echo Imagecommand="\"$Imagecommand\""
  1232. 180 echo Entrypoint="\"$Entrypoint\""
  1233. 181 echo ''
  1234. 182 echo 'verbose "Container system:'
  1235. 183 echo '$(cat /etc/os-release)"'
  1236. 184 echo ''
  1237. 185 } >> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/container.CMD.sh
  1238. 186 {
  1239. 187 echo ''
  1240. 188 echo '# x11docker variable settings'
  1241. 189 echo export USER="daniel"
  1242. 190 echo 'export HOME="/home/daniel"'
  1243. 191 echo 'export DISPLAY=:0'
  1244. 192 echo '[ -e /tmp/.X11-unix/X0 ] || ln -s /X0 /tmp/.X11-unix'
  1245. 193 echo 'export XAUTHORITY=/x11docker/Xclientcookie'
  1246. 194 echo 'Dbus=""'
  1247. 195 echo 'verbose -d "Running dbus user session with: ${Dbus:-(none)}"'
  1248. 196 echo ''
  1249. 197 echo "[ -e \"\$XDG_RUNTIME_DIR\" ] || {"
  1250. 198 echo ' export XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR'
  1251. 199 echo ' mkdir -v -m 700 -p $XDG_RUNTIME_DIR'
  1252. 200 echo ' export XDG_RUNTIME_DIR'
  1253. 201 echo '}'
  1254. 202 echo ''
  1255. 203 echo 'export XDG_SESSION_TYPE=x11'
  1256. 204 echo ''
  1257. 205 echo ''
  1258. 206 echo '# xpra environment settings'
  1259. 207 echo 'export UBUNTU_MENUPROXY= QT_X11_NO_NATIVE_MENUBAR=1 MWNOCAPTURE=true MWNO_RIT=true MWWM=allwm'
  1260. 208 echo ''
  1261. 209 echo 'bash --version >/dev/null 2>&1 && export SHELL=/bin/bash || export SHELL=/bin/sh'
  1262. 210 echo 'export TERM=xterm'
  1263. 211 echo '[ -e /x11docker.LANG ] && export LANG="$(cat /x11docker.LANG)"'
  1264. 212 echo '[ -e "/usr/share/zoneinfo/GB" ] || export TZ=UTC-01'
  1265. 213 echo '[ "$(date -Ihours)" != "2018-09-02T10+01:00" ] && export TZ=UTC-01'
  1266. 214 echo '[ "$DEBIAN_FRONTEND" = noninteractive ] && unset DEBIAN_FRONTEND'
  1267. 215 echo '[ "$DEBIAN_FRONTEND" = newt ] && unset DEBIAN_FRONTEND'
  1268. 216 echo '# custom environment (--env)'
  1269. 217 echo export PULSE_SERVER=unix:/x11docker/pulseaudio.socket
  1270. 218 echo export PULSE_COOKIE=/x11docker/pulseaudio.cookie
  1271. 219 echo ''
  1272. 220 echo 'env >> /x11docker/environment'
  1273. 221 echo 'sed -i "/\(PWD=\|_=\)/d" /x11docker/environment'
  1274. 222 echo 'verbose "Container environment:'
  1275. 223 echo '$(env | sort)"'
  1276. 224 echo 'verbose "Copy of environment stored in /x11docker/environment"'
  1277. 225 echo ''
  1278. 226 echo 'cd "$HOME"'
  1279. 227 Workdir=$(docker inspect --format='{{.Config.WorkingDir}}' erichough/kodi 2>>'/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log'| rmcr)
  1280. 228 [ "$Workdir" ] && echo "[ -d \"$Workdir\" ] && cd \"$Workdir\" # WORKDIR in image"
  1281. 229 echo ''
  1282. 230 echo verbose -d "Running image command: $Tini \$Dbus $Entrypoint $Imagecommand"
  1283. 231 echo "$Exec $Tini \$Dbus $Entrypoint $Imagecommand >>/x11docker/stdout 2>>/x11docker/stderr"
  1284. 232 echo '# Ready for docker run'
  1285. 233 } >> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/container.CMD.sh
  1286. 234
  1287. 235 nl -ba >> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/x11docker.log < /home/daniel/.cache/x11docker/X50-erichough-kodi/share/container.CMD.sh
  1288. 236
  1289. 237 read Containerid < <(docker run -d --tty --rm --name=x11docker_X0_992973_erichough-kodi \
  1290. 238 --user=1000:1000 --env USER=daniel \
  1291. 239 --userns=host \
  1292. 240 --cap-drop ALL \
  1293. 241 --volume '/usr/bin/docker-init':'/x11docker/tini':ro \
  1294. 242 --security-opt no-new-privileges \
  1295. 243 --security-opt label=type:container_runtime_t \
  1296. 244 --group-add 29 \
  1297. 245 --group-add 44 \
  1298. 246 --tmpfs /run --tmpfs /run/lock \
  1299. 247 --entrypoint=env \
  1300. 248 --env container=docker \
  1301. 249 -v '/home/daniel/.cache/x11docker/X50-erichough-kodi/share':'/x11docker':rw \
  1302. 250 -v '/home/daniel/.local/share/x11docker/erichough-kodi':'/home/daniel':rw \
  1303. 251 -e DISPLAY=:0 -e XAUTHORITY=/x11docker/Xclientcookie \
  1304. 252 -v '/tmp/.X11-unix/X0':'/X0':rw \
  1305. 253 --device=/dev/dri:/dev/dri:rw \
  1306. 254 -v /dev/dri:/dev/dri:rw \
  1307. 255 --device=/dev/vga_arbiter:/dev/vga_arbiter:rw \
  1308. 256 -v /dev/vga_arbiter:/dev/vga_arbiter:rw \
  1309. 257 --ipc=host \
  1310. 258 --net=host \
  1311. 259 -v /home/daniel/.cache/x11docker/X50-erichough-kodi/pulseclient.conf:/etc/pulse/client.conf:ro \
  1312. 260 --workdir '/tmp' \
  1313. 261 --env PULSE_SERVER=unix:/x11docker/pulseaudio.socket \
  1314. 262 --env PULSE_COOKIE=/x11docker/pulseaudio.cookie \
  1315. 263 -- erichough/kodi /bin/sh - /x11docker/container.CMD.sh 2>>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log | rmcr)
  1316. 264
  1317. 265 verbose -d "Container ID: $Containerid"
  1318. 266 [ "$Containerid" ] || {
  1319. 267 rmcr '/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log'
  1320. 268 error "Startup of docker failed. Did not receive a container ID.
  1321. 269
  1322. 270 Last lines of container log:
  1323. 271 $(tail /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log)"
  1324. 272 }
  1325. 273 echo $Containerid >> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.id
  1326. 274 docker logs -f $Containerid 2>&1 | rmcr >> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log &
  1327. 275
  1328. 276 # wait for container to be ready
  1329. 277 for ((Count=1 ; Count<=20 ; Count++)); do
  1330. 278 docker exec x11docker_X0_992973_erichough-kodi sh -c : 2>&1 | rmcr >>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log && { verbose -d 'Container is up and running.' ; break ; } || verbose -d "Container not ready on $Count. attempt, trying again."
  1331. 279 sleep 0.2
  1332. 280 done
  1333. 281 Failure="$(cat /home/daniel/.cache/x11docker/X50-erichough-kodi/container.log | rmcr | grep -v grep | grep -E 'Error response from daemon|OCI runtime exec' ||:)"
  1334. 282 [ "$Failure" ] && {
  1335. 283 echo "$Failure" >>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log
  1336. 284 error "Got error message from docker daemon:
  1337. 285 $Failure"
  1338. 286 }
  1339. 287
  1340. 288 docker inspect --format '{{ .NetworkSettings.IPAddress }}' x11docker_X0_992973_erichough-kodi 2>>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log | rmcr >> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.ip
  1341. 289 verbose -d "Container IP: $(cat /home/daniel/.cache/x11docker/X50-erichough-kodi/container.ip)"
  1342. 290
  1343. 291 docker inspect --format '{{.State.Pid}}' x11docker_X0_992973_erichough-kodi 2>>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log | rmcr >> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.pid1pid
  1344. 292 verbose -d "Host PID of container PID 1: $(cat /home/daniel/.cache/x11docker/X50-erichough-kodi/container.pid1pid)"
  1345. 293
  1346. 294 # get PID of container
  1347. 295 Containerpid=$(ps ax | grep $Containerid | grep -v grep | grep -v ' logs' | awk '{print $1}')
  1348. 296 verbose -d "Container PID: $Containerpid"
  1349. 297 echo $Containerpid >> /home/daniel/.cache/x11docker/X50-erichough-kodi/container.pid
  1350. 298
  1351. 299 rmcr '/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log'
  1352. 300
  1353. 301 docker exec --tty -u root x11docker_X0_992973_erichough-kodi /bin/sh /x11docker/container.rootsetup.sh 2>&1 | rmcr >>/home/daniel/.cache/x11docker/X50-erichough-kodi/container.log
  1354. 302 exit 0
  1355.  
  1356. x11docker[449.44]: Generated xtermrc:
  1357. 1 #! /bin/bash
  1358. 2 touchxtermready() {
  1359. 3 bash -c 'touch /home/daniel/.cache/x11docker/X50-erichough-kodi/xtermready'
  1360. 4 trap - EXIT
  1361. 5 exit
  1362. 6 }
  1363. 7 trap touchxtermready EXIT
  1364. 8 export TERM=xterm SHELL=/bin/bash
  1365. 9 bash -c "bash /home/daniel/.cache/x11docker/X50-erichough-kodi/dockerrc "
  1366. 10 exit
  1367.  
  1368. x11docker[449.45]: Generated xinitrc:
  1369. 1 #! /bin/sh
  1370. 2 Timetosaygoodbye=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/timetosaygoodbye
  1371. 3 Timetosaygoodbyefifo=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/timetosaygoodbye.fifo
  1372. 4 Sharefolder=/home/daniel/.cache/x11docker/X50-erichough-kodi/share
  1373. 5 Bgpidfile=/home/daniel/.cache/x11docker/X50-erichough-kodi/backgroundpids
  1374. 6 Winsubsystem=
  1375. 7 storepid ()
  1376. 8 {
  1377. 9 echo ${1:-} ${2:-} >> $Bgpidfile;
  1378. 10 verbose -d "Stored background pid ${1:-} of ${2:-}";
  1379. 11 disown ${1:-} 2> /dev/null || :
  1380. 12 }
  1381. 13 rocknroll ()
  1382. 14 {
  1383. 15 [ -s "$Timetosaygoodbye" ] && return 1;
  1384. 16 [ -e "$Timetosaygoodbye" ] || return 1;
  1385. 17 return 0
  1386. 18 }
  1387. 19 waitfortheend ()
  1388. 20 {
  1389. 21 case $Winsubsystem in
  1390. 22 "")
  1391. 23 while rocknroll; do
  1392. 24 bash -c "read -n1 -t1 <&8" && saygoodbye timetosaygoodbyefifo;
  1393. 25 done
  1394. 26 ;;
  1395. 27 *)
  1396. 28 while rocknroll; do
  1397. 29 sleep 2;
  1398. 30 done
  1399. 31 ;;
  1400. 32 esac
  1401. 33 }
  1402. 34 saygoodbye ()
  1403. 35 {
  1404. 36 verbose -d "time to say goodbye ($*)";
  1405. 37 [ -e "$Sharefolder" ] && {
  1406. 38 echo timetosaygoodbye >> $Timetosaygoodbye;
  1407. 39 echo timetosaygoodbye >> $Timetosaygoodbyefifo
  1408. 40 }
  1409. 41 }
  1410. 42 rmcr ()
  1411. 43 {
  1412. 44 case "${1:-}" in
  1413. 45 "")
  1414. 46 sed "s/$(printf "\r")//g"
  1415. 47 ;;
  1416. 48 *)
  1417. 49 sed -i "s/$(printf "\r")//g" "${1:-}"
  1418. 50 ;;
  1419. 51 esac
  1420. 52 }
  1421. 53 no_xhost ()
  1422. 54 {
  1423. 55 local Line=;
  1424. 56 command -v xhost > /dev/null || {
  1425. 57 warning "Command 'xhost' not found.
  1426. 58 Can not check for possibly allowed network access to X.
  1427. 59 Please install 'xhost'.";
  1428. 60 return 1
  1429. 61 };
  1430. 62 xhost 2>&1 | rmcr | tail -n +2 /dev/stdin | while read -r Line; do
  1431. 63 verbose -d "xhost: Removing entry $Line";
  1432. 64 xhost -$Line | rmcr;
  1433. 65 done;
  1434. 66 xhost - | rmcr;
  1435. 67 [ "$(xhost 2>&1 | rmcr | wc -l)" -gt "1" ] && {
  1436. 68 warning "Remaining xhost permissions found on display $DISPLAY
  1437. 69 $(xhost 2>&1 | rmcr)";
  1438. 70 return 1
  1439. 71 };
  1440. 72 return 0
  1441. 73 }
  1442. 74
  1443. 75 warning() {
  1444. 76 echo "$*:WARNING" >>$Messagefile
  1445. 77 }
  1446. 78 note() {
  1447. 79 echo "$*:NOTE" >>$Messagefile
  1448. 80 }
  1449. 81 verbose() {
  1450. 82 echo "$*:VERBOSE" >>$Messagefile
  1451. 83 }
  1452. 84 debugnote() {
  1453. 85 echo "$*:DEBUGNOTE" >>$Messagefile
  1454. 86 }
  1455. 87 error() {
  1456. 88 echo "$*:ERROR" >>$Messagefile
  1457. 89 exit 1
  1458. 90 }
  1459. 91 stdout() {
  1460. 92 echo "$*:STDOUT" >>$Messagefile
  1461. 93 }
  1462. 94 Messagefile=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/message.fifo
  1463. 95
  1464. 96 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/games:/usr/local/bin:/usr/sbin:/sbin'
  1465. 97 verbose -d 'Running xinitrc'
  1466. 98 export DISPLAY=:0 XAUTHORITY=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie XSOCKET=/tmp/.X11-unix/X0 X11DOCKER_CACHE=/home/daniel/.cache/x11docker/X50-erichough-kodi PULSE_SERVER=unix:/x11docker/pulseaudio.socket PULSE_COOKIE=/x11docker/pulseaudio.cookie
  1467. 99 # background color
  1468. 100 xsetroot -solid '#7F7F7F'
  1469. 101 # create new XAUTHORITY cookies
  1470. 102 cd /home/daniel/.cache/x11docker/X50-erichough-kodi/share
  1471. 103 :> /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  1472. 104 xhost | rmcr | grep -q 'SI:localuser:daniel' || { xhost +SI:localuser:daniel | rmcr ; Xhostentry='yes' ; }
  1473. 105 verbose 'Requesting trusted cookie from X server'
  1474. 106 echo 'Requesting trusted cookie from X server'
  1475. 107 xauth -v -i -f Xclientcookie generate :0 . trusted timeout 3600 | rmcr
  1476. 108 export XAUTHORITY=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  1477. 109 [ -s '/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie' ] || {
  1478. 110 [ 'trusted' = 'untrusted' ] && note 'Could not create untrusted cookie.
  1479. 111 Maybe your X server misses extension SECURITY.'
  1480. 112 warning 'SECURITY RISK! Keylogging and remote host control
  1481. 113 may be possible! Better avoid using option --hostdisplay,
  1482. 114 rather use --xpra or --nxagent.'
  1483. 115 cp /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  1484. 116 }
  1485. 117 ls -l /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  1486. 118 [ -s '/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie' ] || {
  1487. 119 # still no cookie? try to create one without extension security
  1488. 120 verbose -d 'Failed to retrieve trusted cookie from X server. Will bake one myself.'
  1489. 121 echo 'Failed to retrieve trusted cookie from X server. Will bake one myself.'
  1490. 122 xauth -v -i -f Xclientcookie add :0 . b40602c47d1997fb24f766a08ad83e26 | rmcr
  1491. 123 ls -l /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  1492. 124 }
  1493. 125 # create prepared cookie with localhost identification disabled by ffff, needed if X socket is shared. ffff means 'familiy wild'
  1494. 126 Cookie=$(xauth -i -f Xclientcookie nlist | rmcr | sed -e 's/^..../ffff/')
  1495. 127 echo "$Cookie" | xauth -v -i -f Xclientcookie nmerge - | rmcr
  1496. 128 cp /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie /home/daniel/.cache/x11docker/X50-erichough-kodi/Xservercookie
  1497. 129 [ -s '/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie' ] || warning 'Cookie creation failed!'
  1498. 130 verbose -d "Created cookie: $(xauth -f Xclientcookie list 2>&1 | rmcr)"
  1499. 131 chmod 644 /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  1500. 132 [ '$Xhostentry' = 'yes' ] && env XAUTHORITY= xhost -SI:localuser:daniel | rmcr
  1501. 133 export XAUTHORITY=/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  1502. 134 [ 'yes' = 'no' ] || [ ! -s '/home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie' ] && unset XAUTHORITY && warning '--hostdisplay: X server :0 runs without cookie authentication.'
  1503. 135 getscreensize() {
  1504. 136 CurrentXaxis=$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f1 )
  1505. 137 CurrentYaxis=$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f2 | cut -d+ -f1)
  1506. 138 }
  1507. 139 checkscreensize() {
  1508. 140 getscreensize
  1509. 141 [ "$Xaxis" = "$CurrentXaxis" ] || return 1
  1510. 142 [ "$Yaxis" = "$CurrentYaxis" ] || return 1
  1511. 143 return 0
  1512. 144 }
  1513. 145 getprimary() {
  1514. 146 xrandr | grep -q primary || xrandr --output $(xrandr | grep ' connected' | head -n1 | cut -d' ' -f1) --primary
  1515. 147 echo $(xrandr | grep primary | cut -d' ' -f1)
  1516. 148 }
  1517. 149 Output=$(getprimary)
  1518. 150 verbose "Output of xrandr on :0
  1519. 151 $(xrandr)"
  1520. 152 touch /home/daniel/.cache/x11docker/X50-erichough-kodi/Xready
  1521. 153 waitfortheend
  1522.  
  1523. x11docker[449.45]: Stored background pid 9513 of containershell
  1524.  
  1525.  
  1526. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xinit.log <==
  1527. Requesting trusted cookie from X server
  1528. Ignoring locks on authority file Xclientcookie
  1529. authorization id is 699
  1530. Ignoring locks and writing authority file Xclientcookie
  1531. -rw------- 1 daniel daniel 54 Sep 2 10:44 /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  1532.  
  1533. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/message.log <==
  1534. x11docker[449.46]: Running xinitrc
  1535.  
  1536.  
  1537. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/xinit.log <==
  1538. Ignoring locks on authority file Xclientcookie
  1539. 1 entries read in: 0 new, 1 replacement
  1540. Ignoring locks and writing authority file Xclientcookie
  1541.  
  1542. ==> /home/daniel/.cache/x11docker/X50-erichough-kodi/message.log <==
  1543. x11docker[449.47]: Requesting trusted cookie from X server
  1544.  
  1545. x11docker[449.48]: Created cookie: #ffff#4c6f756e67652d5043#:0 MIT-MAGIC-COOKIE-1 5bb51f91969c8abccbd6dffa7e07a858
  1546.  
  1547. x11docker[449.49]: Output of xrandr on :0
  1548. Screen 0: minimum 320 x 200, current 1920 x 1080, maximum 8192 x 8192
  1549. XWAYLAND0 connected primary 1920x1080+0+0 (normal left inverted right x axis y axis) 1040mm x 580mm
  1550. 1920x1080 59.96*+
  1551.  
  1552. x11docker[449.56]: Waiting since 0s for --hostdisplay to be ready.
  1553.  
  1554. x11docker ERROR: Error during startup of X server --hostdisplay.
  1555. Last lines of xinit log:
  1556. and start again.
  1557. (EE)
  1558. Requesting trusted cookie from X server
  1559. Ignoring locks on authority file Xclientcookie
  1560. authorization id is 699
  1561. Ignoring locks and writing authority file Xclientcookie
  1562. -rw------- 1 daniel daniel 54 Sep 2 10:44 /home/daniel/.cache/x11docker/X50-erichough-kodi/share/Xclientcookie
  1563. Ignoring locks on authority file Xclientcookie
  1564. 1 entries read in: 0 new, 1 replacement
  1565. Ignoring locks and writing authority file Xclientcookie
  1566.  
  1567.  
  1568.  
  1569. Type 'x11docker --help' for usage information
  1570. For debugging, run x11docker in terminal and/or enable option '--verbose'
  1571. or look afterwards at logfile /home/daniel/.cache/x11docker/x11docker.log
  1572. Please report issues at https://github.com/mviereck/x11docker
  1573.  
  1574. x11docker[453.48]: Terminating x11docker.
  1575.  
  1576. x11docker[453.49]: time to say goodbye (finish-subshell)
  1577.  
  1578. x11docker[453.49]: time to say goodbye (xinit)
  1579.  
  1580. x11docker[453.50]: Terminating x11docker.
  1581.  
  1582. x11docker[453.52]: time to say goodbye (timetosaygoodbyefifo)
  1583.  
  1584. x11docker[453.52]: Terminating 9513 (containershell) x11docker: 9513 pts/0 00:00:00 x11docker
  1585.  
  1586. x11docker[453.54]: Terminating 9513 (containershell) x11docker:
  1587.  
  1588. x11docker[453.59]: Terminating 9427 (watchpidlist) x11docker: 9427 pts/0 00:00:00 x11docker
  1589.  
  1590. x11docker[453.61]: time to say goodbye (finish)
  1591.  
  1592. x11docker[453.61]: Exitcode 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!