Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. #!/bin/sh
  2. #ROUTER_IP=192.168.100.1
  3. # Rufwoof Jan 2021 (updated May 2019 version). Comments at end
  4. WM=jwm
  5. cd "$(realpath "${0%/*}")" #added by s243a (4 lines)
  6. CWD="$(realpath .)" #"$PWD"
  7. SFS_NAME="$(ls -1 ../puppy_*.sfs | head -n 1 | sed -r 's#^[.][.]/##g' | sed -r 's#[.]sfs##g')"
  8. Parent_WD="$(realpath "$CWD/..")"
  9. SFS_PATH="$Parent_WD/$SFS_NAME".sfs #End Adds by s243a
  10.  
  11. xterm & # added so have at least one window I can alt-tab to out of the container
  12. #[ ! -d /mnt/sda4/shared ] && mkdir /mnt/sda4/shared # as a shared folder
  13. SHARED_LOC="$CWD"/shared #For a more portable container script add shared folder relative to script path.
  14.  
  15.  
  16. #Uncomment the following to use a shared folder:
  17. #SHARED="$SHARED_LOC"
  18.  
  19. #CHANGES_LOC=/mnt/sda4/changes        # Non pre-existing ext fs work folder
  20. CHANGES_LOC="$CWD"/container #For a more portable container script add changes folder relative to script path.
  21.  
  22. #MAIN_SFS=/mnt/sda1/FATDOG811-FINAL/fd64.sfs # Where the main sfs is located
  23. MAIN_SFS="$SFS_PATH" #s243a: Replaces above line
  24.  
  25. # Xephyr parameters
  26.    XP="-fullscreen -title container -name Xephyr2 -dpi 144 -nolisten tcp"
  27. #XEPHYR="-fullscreen -name Xephyr2 -dpi 144 -nolisten tcp"  
  28. XEPHYR="$XP"
  29.  
  30. MOUNTS="--mount=bind:/dev/snd:/dev/snd \
  31.        --mount=bind:/dev/mixer:/dev/mixer \
  32.        --mount=bind:/mnt/pts:/mnt/pts"
  33. [ ! -z "${SHARED}" ] && MOUNTS="$MOUNTS -mount=bind:${SHARED}:/home/shared"        
  34.  
  35. CAPS="--caps=all,-sys_admin,-sys_boot,-sys_chroot,-sys_ptrace,-sys_time,\
  36. -sys_tty_config,-chown,-kill,-dac_override,-dac_read_search,\
  37. -fowner,-setfcap,-setpcap,-net_admin,-mknod,-sys_module,\
  38. -sys_nice,-sys_resource"
  39. #PF="${PF} --chroot=${CHANGES_LOC}/top"  
  40. PFLASK="--keepenv --no-ipcns --no-netns ${MOUNTS} ${CAPS} \
  41.        --chroot=${CHANGES_LOC}/top"
  42. declare -a options="$(getopt -o b:: --long browser-cmd::,browser-command -- "$@")"
  43. eval set --"$options"
  44. while [ $# -gt 0 ]; do
  45.   case "$1" in
  46.   -b|--browser-cmd|--browser-command)
  47.     if [ $# -gt 1 ] && [[ ! $2 = 1* ]]; then
  48.       BROWSER_CMD="$2"
  49.     else
  50.       BROWSER_CMD=""
  51.     fi
  52.     ;;
  53.   --)
  54.     shift
  55.     break
  56.     ;;
  57.   *)
  58.     shift
  59.     ;;
  60.   esac
  61. done
  62. #[ -z ${BROWSER_CMD+x} ] && BROWSER_CMD=/opt/Ungoogled_Chromium-portable/LAUNCH
  63.  
  64. function umountall(){
  65.   if [ ! -z "$PID" ]; then
  66.     kill PID
  67.   else
  68.     killall Xephyr
  69.   fi
  70.   cd ${CHANGES_LOC}
  71.   #umount top sfs
  72.   umount -l top/dev/shm
  73.   umount -l top/dev/pts
  74.   umount -l top/dev
  75.   umount -l top
  76.   umount -l sfs
  77.   rm -rf changes
  78.   rmdir top sfs
  79.   [ -d "$SHARED/flags" ] && [ ! -z "$HOSTGRAB" ] && kill $HOSTGRAB
  80.   rm /tmp/container.run
  81. }
  82.  
  83. # Avoid double click 2 instances
  84. N=`date +%s` # Seconds since January 1970
  85. if [ -f /tmp/container.run ];then
  86.         L=`cat /tmp/container.run`
  87.         D=`expr $N - $L`
  88.         if [ $D -lt 2 ];then
  89.             exit # quick 2 launches (doubled clicked ignore second click)
  90.         fi
  91. fi
  92.  
  93. trap 'umountall' 1
  94.  
  95.  
  96.  
  97. echo $N >/tmp/container.run
  98.  
  99. # Create a separate X instance so isolated from the main real root X
  100. T=`ps -ef | grep Xephyr2 | wc -l`
  101. if [ $T -ne 2 ];then
  102.         Xephyr :2 ${XP} &
  103. else
  104.         exit # Xephyr2 already running
  105. fi
  106.  
  107. if [ ! -z "${ROUTER_IP}" ]; then
  108.   iptables -A INPUT -s ${ROUTER_IP} -j DROP     # Drop access to router admin
  109. fi
  110.  
  111. # Prepare and launch 'container' and shared folder
  112.  
  113. if [ ! -z "$SHARED" ]; then
  114.   [ ! -d $SHARED ] && mkdir $SHARED
  115.   [ ! -d ${SHARED}/flags ] && mkdir ${SHARED}/flags
  116. fi
  117.  
  118. # Create a changes folder, sfs mount point for main.sfs and top layer
  119. # folders and aufs mount to combine changes and sfs folders -> top
  120. mkdir -p "${CHANGES_LOC}"
  121. cd "${CHANGES_LOC}"
  122. # Check for possible hangover - such as if restarted X and clean out if so
  123. if [ -d top ] || [ -d sfs ] || [ -d changes ]; then
  124.         umount top sfs
  125.         rm -rf changes
  126.         rmdir top sfs
  127. fi
  128. mkdir top sfs changes
  129.  
  130. #s243a: added append_mnt_id_awk (bellow). See: https://forum.puppylinux.com/viewtopic.php?f=136&t=1932
  131. append_mnt_id_awk='
  132. function get_mnt_id(mnt_pt,loop){
  133.  if (length(mnt_pt) > 0 && length(loop)>0){
  134.    cmd="cat /proc/self/mountinfo | sort | grep '" loop "' | grep " mnt_pt " | head -n 1"
  135.  } else if (length(mnt_pt) > 0){
  136.    cmd="cat /proc/self/mountinfo | sort | grep '" mnt_pt "' | head -n 1"
  137.  } else if (length(loop)>0){
  138.    cmd="cat /proc/self/mountinfo | sort | grep '" loop "' | head -n 1"
  139.  }
  140.  while ((cmd | getline )){
  141.    mnt_id=$1
  142.    break  
  143.  }
  144.  close(cmd)
  145.  return mnt_id
  146. }
  147. {
  148.  mnt_pt=$1
  149.  loop=$2
  150.  mnt_id=get_mnt_id(mnt_pt,loop)
  151.  print mnt_id "|" mnt_pt "|" loop
  152. }'
  153. loop=$(losetup -a | grep  "${MAIN_SFS}"  | sed "s/:.*$//" )
  154. if [ ! -z "$loop" ]; then #
  155.   sfs_MP="$(findmnt -o TARGET,SOURCE -D -n | grep $loop\$ | awk "$append_mnt_id_awk" | sort -t '|' -k1 | cut -d'|' -f2 | head -n 1)"
  156. else
  157.   sfs_MP="${CHANGES_LOC}"/sfs
  158.   mount -r -t squashfs ${MAIN_SFS} "$sfs_MP"
  159. fi
  160. cd ${CHANGES_LOC}
  161. mount -t aufs -o br=changes:"$sfs_MP" none top
  162. cp /var/lib/dbus/machine-id top/var/lib/dbus/machine-id
  163. cp /etc/resolv.conf top/etc/resolv.conf
  164. ln -s top/var/lib/dbus/machine-id top/etc/machine-id
  165.  
  166. #http://www.linuxfromscratch.org/lfs/view/6.1/chapter06/devices.html
  167. #mount -n -t tmpfs none top/dev
  168. #mknod -m 622 top/dev/console c 5 1
  169. #mknod -m 666 top/dev/null c 1 3
  170. #mknod -m 666 top/dev/zero c 1 5
  171. #mknod -m 666 top/dev/ptmx c 5 2
  172. #mknod -m 666 top/dev/tty c 5 0
  173. #mknod -m 444 top/dev/random c 1 8
  174. #mknod -m 444 top/dev/urandom c 1 9
  175. #chown root:tty top/dev/{console,ptmx,tty}
  176. #ln -s top/proc/self/fd /dev/fd
  177. #ln -s top/proc/self/fd/0 /dev/stdin
  178. #ln -s top/proc/self/fd/1 /dev/stdout
  179. #ln -s top/proc/self/fd/2 /dev/stderr
  180. #ln -s top/proc/kcore /dev/core
  181. #mkdir top/dev/pts
  182. #mkdir top/dev/shm
  183. #mount -n -t devpts -o gid=4,mode=620 none /dev/pts
  184. #mount -n -t tmpfs none /dev/shm
  185.  
  186.  
  187.  
  188. #echo >$SHARED/flags/host-grab
  189.  
  190. [ -d "$SHARED/flags" ] && echo >$SHARED/flags/host-grab
  191. if [ -d "$SHARED/flags" ]; then #TODO add more conditions to execute this code.  
  192.   cat <<EOF >top/tmp/hostgrab
  193.   #!/bin/bash
  194.   xsetroot -bg \#ff0000 -mod 5 5
  195.   while inotifywait -e modify /home/shared/flags; do
  196.     C=\$(tail -1 /home/shared/flags/host-grab | grep release)
  197.     if [ ! -z "\${C}" ]; then
  198.         xsetroot -bg \#0000ff -mod 5 5
  199.     else
  200.         xsetroot -bg \#ff0000 -mod 5 5
  201.     fi
  202.   done
  203. EOF
  204. chmod +x top/tmp/hostgrab
  205. fi
  206.  
  207. # # create a script to run inside the chroot (i.e. must be a script, not a bin)
  208.  
  209. # s243a: puppy doesn't have lxqt-panel
  210. # echo "lxqt-panel &" >>top/init
  211. # echo "openbox" >>top/init
  212. case "$WM" in
  213. jwm)
  214. echo '
  215. #!/bin/sh
  216. export DISPLAY=:2
  217. . /etc/DISTRO_SPECS
  218. if [ "$DISTRO_ARCHDIR" ] ; then
  219.     ARCHDIR="/$DISTRO_ARCHDIR"
  220. fi
  221. ldconfig
  222. iconvconfig
  223. #update-pango-querymodules
  224. #Failed to create file /usr/lib/i86/-linux-gnu/pango/1.8.0/modules.cache.8P0KX0 No such file or directory
  225. gdk-pixbuf-query-loaders --update-cache
  226. update-mime-database -V /usr/share/mime/
  227. status_func $?
  228. UPDATE_MIME_DATABASE_DONE=1
  229.  
  230. source /etc/profile
  231. fixmenus #probably not necessary
  232. keymap-set --update
  233. userresources=$HOME/.Xresources
  234. usermodmap=$HOME/.Xmodmap
  235. sysresources=/usr/lib/X11/xinit/Xresources
  236. sysmodmap=/usr/lib/X11/xinit/.Xmodmap
  237.  
  238. # merge in defaults and keymaps
  239.  
  240. if [ -f $sysresources ]; then
  241.    xrdb -merge -nocpp $sysresources
  242. fi
  243.  
  244. if [ -f $sysmodmap ]; then
  245.    xmodmap $sysmodmap
  246. fi
  247.  
  248. if [ -f $userresources ]; then
  249.    xrdb -merge -nocpp $userresources
  250. fi
  251.  
  252. if [ -f $usermodmap ]; then
  253.    xmodmap $usermodmap
  254. fi
  255. setxkbmap -option keypad:pointerkeys
  256. DISPLAY=:2 jwm &
  257. DISPLAY=:2 roxfiler &
  258. '"$(if [ ! -z "$BROWSER_CMD" ]; then
  259.  echo "DISPLAY=:2 xterm -e $BROWSER_CMD"
  260.   fi )"'
  261. ' >top/init
  262. ;;
  263. cwm)
  264. cat <<EOF >top/init
  265. #!/bin/sh
  266. $(if [ -d "$SHARED/flags" ]; then
  267. echo '/tmp/hostgrab &
  268. /usr/bin/help &'
  269. fi )
  270. cwm -c /root/.cwmrc
  271. EOF
  272. cat <<EOF >top/usr/bin/help
  273. #!/bin/sh
  274. message() {
  275.     Xdialog --title Information --msgbox "\$1" 0 0
  276. }
  277. M="This is a Xephyr X session window where cwm is the window manager.\n"
  278. M="\${M}cwm is great for laptops (nearly all OpenBSD developer use cwm) and is relatively easy to learn.\n"
  279. M="\${M}Whilst you run as 'root' within Xephyr, root is actually a highly restricted userid that is running\n"
  280. M="\${M}in a contained environment, as such some programs may not run as expected.\n"
  281. M="\${M}\nLeft mouse press on desktop shows windows menu, right mouse press for applications menu\n"
  282. M="\${M}(a gap is left around the screen edges so the desktop is still accessible even if a window is maximised)\n\n"
  283. M="\${M}Ctrl Alt Enter : terminal. Alt m : toggles maximise. Ctrl Alt x : close window. Alt ? : Open exec launcher\n"
  284. M="\${M}\nCtrl Shift : toggles mouse/keyboard focus (desktop changes between red and blue)\n"
  285. M="\${M}Alt Tab : if desktop is red - steps between main session windows\n"
  286. M="\${M}OR if desktop is blue - steps between windows within the Xephyr container\n"
  287. M="\${M}\nWHEN THE DESKTOP IS BLUE (mouse/keyboard locked into Xephyr) ...\n"
  288. M="\${M}Alt middle mouse drag: resizes window. Alt left mouse drag : moves window\n"
  289. M="\${M}\nWHEN THE DESKTOP IS RED (mouse/keyboard unlocked from Xephyr) ...\n"
  290. M="\${M}you can use usual main system controls such as Alt-F1 for menu, Alt-F4 to close the Xephyr ...etc.\n"
  291. M="\${M}\nRevisit this list again at any time by running 'help', or search online for the cwm manual"
  292. message "\${M}"
  293. EOF
  294. chmod +x top/usr/bin/help
  295. ;;
  296. esac
  297.  
  298. for a_autostart in dunst.desktop firewallstatus.desktop flsynclient.desktop freememapplet.desktop netmon_wce.desktop powerapplet.desktop retrovol.desktop; do
  299.   mv top/root/.config/autostart/"$a_autostart" top/root/.config/autostart/"$a_autostart"-disable
  300. done
  301.  
  302.  
  303. chmod +x top/init
  304. # The big Xephyr capabilities dropped chroot switch
  305. DISPLAY=:2 empty -f unshare -m pflask ${PFLASK} -- /init
  306. PID=$!
  307.  
  308. if [ -d "$SHARED/flags" ]; then
  309.   function _hostgrabstate() {
  310.  
  311.     local WID=""
  312.  
  313.     while [ -z "${WID}" ]; do
  314.         WID=$(wmctrl -lp | grep Xephyr | cut -d ' ' -f 1)
  315.         sleep 1
  316.     done
  317.     sleep 2
  318.     xprop -id ${WID} -spy WM_NAME >>$SHARED/flags/host-grab
  319.   }
  320.   _hostgrabstate &
  321.   HOSTGRAB=$!
  322. fi
  323.  
  324. #DISPLAY=:2 pflask ${PF} -- /init
  325. wait $PID # above backgrounds, so we wait until that ends
  326.  
  327. # Clean up
  328.  
  329.  
  330. umountall
  331. #rmdir top sfs
  332.  
  333.  
  334. ############################################################################
  335. # FOR FATDOG 811 ... (Draft Modifications by s243a for other platforms)
  336. #
  337. # Aufs mounts changes (initial empty rw folder), main sfs, that combined
  338. # is visible/accessed via folder 'top', that we chroot into
  339. #
  340. # chroot with chroot capability dropped (to prevent chroot out of the chroot)
  341. # using another X session (Xephyr) to isolate it from the main X session.
  342. # We chroot using pflask as that makes things easier into the top folder
  343. # applying further restrictions. We use the main sfs as our base for the
  344. # chroot, so very low overheads.
  345. #
  346. # alt-F4    closes the Xephyr container (if not then ctrl-shift to unfocus
  347. #           mouse/keyboard.
  348. # alt Tab   to step to another window in main system, but if use
  349. #           xdotool keydown alt key Tab;xdotool keyup alt .... it doesn't
  350. #           work (as intended i.e. it's locked into the "container").
  351. # seamonkey from menu doesn't work, run seamonkey from within urxvt
  352. # We use DISPLAY :2 for the Xephyr server
  353. #
  354. # Requires empty, pflask and a ext filesystem to create/work within
  355. #
  356. # I use fatdog multi-session save type frugal boot, and periodically I've
  357. # re-merged the save files into fd64.sfs so my fd64.sfs isn't the standard
  358. # version (merging changes and not copying fd64.sfs to ram helps keep ram
  359. # usage low).
  360. ############################################################################
  361.