#!/bin/sh
# Rufwoof Jan 2021 (updated May 2019 version). Comments at end
cd "$(realpath "${0%/*}")" #added by s243a (4 lines)
CWD="$(realpath .)" #"$PWD"
SFS_NAME="$(ls -1 ../*iron*.sfs | head -n 1 | sed -r 's#^[.][.]/##g' | sed -r 's#[.]sfs##g')"
Parent_WD="$(realpath "$CWD/..")"
SFS_PATH="$Parent_WD/$SFS_NAME".sfs #End Adds by s243a
xterm & # added so have at least one window I can alt-tab to out of the container
#[ ! -d /mnt/sda4/shared ] && mkdir /mnt/sda4/shared # as a shared folder
SHARED_LOC="$CWD"/shared #For a more portable container script add shared folder relative to script path.
[ ! -d "$SHARED_LOC" ] && mkdir "$SHARED_LOC" # as a shared folder
#CHANGES_LOC=/mnt/sda4/changes # Non pre-existing ext fs work folder
CHANGES_LOC="$CWD"/container #For a more portable container script add changes folder relative to script path.
#MAIN_SFS=/mnt/sda1/FATDOG811-FINAL/fd64.sfs # Where the main sfs is located
MAIN_SFS="$SFS_PATH" #s243a: Replaces above line
# Xephyr parameters
XP="-fullscreen -title container -name Xephyr2 -dpi 144 -nolisten tcp"
# pflask parameters
#PF="--mount=bind:\"$SHARED_LOC\":/home/shared"
#PF="${PF} --keepenv"
PF="${PF} --no-ipcns --no-netns"
#PF="${PF} --mount=bind:/mnt/sda4/shared:/home/shared" #s243a: Was duplicate
PF="${PF} --mount=bind:/etc/resolv.conf:/etc/resolv.conf" # dns (internet) s243a: why bind rather than copy?
PF="${PF} --mount=bind:/dev/snd:/dev/sd"
PF="${PF} --mount=bind:/dev/mixer:/dev/mixer"
PF="${PF} --caps=all,-sys_admin,-sys_boot,-sys_chroot,-sys_ptrace,"
PF="${PF}-sys_time,-sys_tty_config,-chown,-kill,-dac_override,"
PF="${PF}-dac_read_search,-fowner,-setfcap,-setpcap,-net_admin,"
PF="${PF}-mknod,-sys_module,-sys_nice,-sys_resource"
PF="${PF} --chroot=${CHANGES_LOC}/top"
# Avoid double click 2 instances
N=`date +%s` # Seconds since January 1970
if [ -f /tmp/container.run ];then
L=`cat /tmp/container.run`
D=`expr $N - $L`
if [ $D -lt 2 ];then
exit # quick 2 launches (doubled clicked ignore second click)
fi
fi
echo $N >/tmp/container.run
# Create a separate X instance so isolated from the main real root X
T=`ps -ef | grep Xephyr2 | wc -l`
if [ $T -ne 2 ];then
Xephyr :2 ${XP} &
else
exit # Xephyr2 already running
fi
# Create a changes folder, sfs mount point for main.sfs and top layer
# folders and aufs mount to combine changes and sfs folders -> top
mkdir -p "${CHANGES_LOC}"
cd "${CHANGES_LOC}"
# Check for possible hangover - such as if restarted X and clean out if so
if [ -d top ] || [ -d sfs ] || [ -d changes ]; then
umount top sfs
rm -rf changes
rmdir top sfs
fi
mkdir top sfs changes
#s243a: added append_mnt_id_awk (bellow). See: https://forum.puppylinux.com/viewtopic.php?f=136&t=1932
append_mnt_id_awk='
function get_mnt_id(mnt_pt,loop){
if (length(mnt_pt) > 0 && length(loop)>0){
cmd="cat /proc/self/mountinfo | sort | grep '" loop "' | grep " mnt_pt " | head -n 1"
} else if (length(mnt_pt) > 0){
cmd="cat /proc/self/mountinfo | sort | grep '" mnt_pt "' | head -n 1"
} else if (length(loop)>0){
cmd="cat /proc/self/mountinfo | sort | grep '" loop "' | head -n 1"
}
while ((cmd | getline )){
mnt_id=$1
break
}
close(cmd)
return mnt_id
}
{
mnt_pt=$1
loop=$2
mnt_id=get_mnt_id(mnt_pt,loop)
print mnt_id "|" mnt_pt "|" loop
}'
loop=$(losetup -a | grep "${MAIN_SFS}" | sed "s/:.*$//" )
if [ ! -z "$loop" ]; then #
sfs_MP="$(findmnt -o TARGET,SOURCE -D -n | grep 'loop5$' | awk "$append_mnt_id_awk" | sort -t '|' -k1 | cut -d'|' -f2 | head -n 1)"
else
sfs_MP="${CHANGES_LOC}"/sfs
mount -r -t squashfs ${MAIN_SFS} "$sfs_MP"
fi
cd ${CHANGES_LOC}
mount -t aufs -o br=changes:"$sfs_MP" none top
# # create a script to run inside the chroot (i.e. must be a script, not a bin)
# s243a: puppy doesn't have lxqt-panel
# echo "lxqt-panel &" >>top/init
# echo "openbox" >>top/init
echo '
#!/bin/sh
export DISPLAY=:2
. /etc/DISTRO_SPECS
if [ "$DISTRO_ARCHDIR" ] ; then
ARCHDIR="/$DISTRO_ARCHDIR"
fi
ldconfig
iconvconfig
#update-pango-querymodules
#Failed to create file /usr/lib/i86/-linux-gnu/pango/1.8.0/modules.cache.8P0KX0 No such file or directory
gdk-pixbuf-query-loaders --update-cache
update-mime-database -V /usr/share/mime/
status_func $?
UPDATE_MIME_DATABASE_DONE=1
source /etc/profile
fixmenus #probably not necessary
keymap-set --update
userresources=$HOME/.Xresources
usermodmap=$HOME/.Xmodmap
sysresources=/usr/lib/X11/xinit/Xresources
sysmodmap=/usr/lib/X11/xinit/.Xmodmap
# merge in defaults and keymaps
if [ -f $sysresources ]; then
xrdb -merge -nocpp $sysresources
fi
if [ -f $sysmodmap ]; then
xmodmap $sysmodmap
fi
if [ -f $userresources ]; then
xrdb -merge -nocpp $userresources
fi
if [ -f $usermodmap ]; then
xmodmap $usermodmap
fi
setxkbmap -option keypad:pointerkeys
DISPLAY=:2 jwm &
DISPLAY=:2 roxfiler &
DISPLAY=:2 xterm -e iron
' >top/init
chmod +x top/init
# The big Xephyr capabilities dropped chroot switch
DISPLAY=:2 empty -f unshare -m pflask ${PF} -- /init
#DISPLAY=:2 pflask ${PF} -- /init
wait # above backgrounds, so we wait until that ends
# Clean up
killall Xephyr
cd ${CHANGES_LOC}
umount top sfs
umount -l top
umount -l sfs
rm -rf changes
#rmdir top sfs
rm /tmp/container.run
############################################################################
# FOR FATDOG 811 ... (Draft Modifications by s243a for other platforms)
#
# Aufs mounts changes (initial empty rw folder), main sfs, that combined
# is visible/accessed via folder 'top', that we chroot into
#
# chroot with chroot capability dropped (to prevent chroot out of the chroot)
# using another X session (Xephyr) to isolate it from the main X session.
# We chroot using pflask as that makes things easier into the top folder
# applying further restrictions. We use the main sfs as our base for the
# chroot, so very low overheads.
#
# alt-F4 closes the Xephyr container (if not then ctrl-shift to unfocus
# mouse/keyboard.
# alt Tab to step to another window in main system, but if use
# xdotool keydown alt key Tab;xdotool keyup alt .... it doesn't
# work (as intended i.e. it's locked into the "container").
# seamonkey from menu doesn't work, run seamonkey from within urxvt
# We use DISPLAY :2 for the Xephyr server
#
# Requires empty, pflask and a ext filesystem to create/work within
#
# I use fatdog multi-session save type frugal boot, and periodically I've
# re-merged the save files into fd64.sfs so my fd64.sfs isn't the standard
# version (merging changes and not copying fd64.sfs to ram helps keep ram
# usage low).
############################################################################