API tools faq
paste
Advertisement
rsuhendro

x11docker sudo

rsuhendro
Jun 20th, 2019
827
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.51 KB | None | 0 0
raw download clone embed print report
  1. $ x11docker --debug --desktop --home --sudouser -c x11docker/xfce
  2. DEBUGNOTE[552.38]: ps can watch root processes: yes
  3. x11docker WARNING: User hendro is member of group docker.
  4. That allows unprivileged processes on host to gain root privileges.
  5.  
  6. DEBUGNOTE[552.81]:
  7. x11docker version: 6.0.0-beta
  8. docker version: Docker version 18.09.6, build 481bc77
  9. Host system: Ubuntu 18.04.2 LTS
  10. Command: '/usr/bin/x11docker' '--debug' '--desktop' '--home' '--sudouser' '-c' 'x11docker/xfce'
  11. Parsed options: --debug --desktop --home --sudouser -c -- 'x11docker/xfce'
  12. DEBUGNOTE[552.82]: Dependency check for --xephyr: 0
  13. DEBUGNOTE[552.83]: Dependency check for --xephyr: 0
  14. DEBUGNOTE[552.84]: Dependency check for --xephyr: 0
  15. DEBUGNOTE[552.85]: Dependency check for --xephyr: 0
  16. DEBUGNOTE[552.87]: Dependency check for --xephyr: 0
  17. DEBUGNOTE[552.88]: Dependency check for --xephyr: 0
  18. x11docker note: Using X server option --xephyr
  19.  
  20. x11docker note: Sharing picture clips with option --clipboard
  21. is only possible with options --xpra, --xpra-xwayland and --hostdisplay.
  22.  
  23. x11docker note: Xephyr is a quite stable nested X server.
  24. Less stable, but resizeable is nxagent with option --nxagent.
  25.  
  26. DEBUGNOTE[552.92]: Stored background pid 20561 of tailstdout
  27. DEBUGNOTE[552.93]: Waiting for file content in /home/hendro/.cache/x11docker/x11docker-xfce-829b49/container.pid1pid
  28. DEBUGNOTE[552.94]: Stored background pid 20582 of tailstderr
  29. DEBUGNOTE[552.96]: Stored background pid 20602 of watchpidlist
  30. DEBUGNOTE[552.97]: Stored background pid 20612 of watchmessagefifo
  31. DEBUGNOTE[553.13]: New X environment:
  32. DISPLAY=:100 XAUTHORITY=/home/hendro/.cache/x11docker/x11docker-xfce-829b49/share/Xclientcookie XSOCKET=/tmp/.X11-unix/X100 X11DOCKER_CACHE=/home/hendro/.cache/x11docker/x11docker-xfce-829b49
  33. DEBUGNOTE[553.15]: X server command:
  34. /usr/bin/Xephyr :100 -screen 1824x984 \
  35. -dpms -s off -retro \
  36. +extension RANDR +extension RENDER +extension GLX \
  37. +extension XVideo +extension DOUBLE-BUFFER \
  38. -extension X-Resource +extension SECURITY +extension DAMAGE \
  39. -extension XINERAMA -xinerama -extension MIT-SHM \
  40. -auth /home/hendro/.cache/x11docker/x11docker-xfce-829b49/Xservercookie \
  41. -nolisten tcp \
  42. +extension Composite +extension COMPOSITE \
  43. -extension XTEST -tst -dpi 96
  44. DEBUGNOTE[553.27]: Users and terminal:
  45. x11docker was started by: hendro
  46. As host user serves (running X, storing cache): hendro
  47. Container user will be: hendro
  48. Container user password: x11docker
  49. Getting permission to run docker with: bash -c
  50. Running X and other user commands with: bash -c
  51. Terminal for password frontend: bash -c
  52. Running on console: no
  53. Running over SSH: no
  54. DEBUGNOTE[553.29]: Found tini binary: /usr/bin/docker-init
  55. x11docker WARNING: Option --sudouser severly reduces container security.
  56. Container gains additional capabilities to allow sudo and su.
  57. If an application breaks out of container, it can harm your system
  58. in many ways without you noticing. Password: x11docker
  59.  
  60. DEBUGNOTE[553.57]: Generated docker command:
  61. docker run --tty --rm --detach \
  62. --name x11docker_X100_829b49_x11docker-xfce \
  63. --user 1000:1000 \
  64. --env USER=hendro \
  65. --userns host \
  66. --group-add 44 \
  67. --group-add 29 \
  68. --cap-drop ALL \
  69. --cap-add AUDIT_WRITE \
  70. --cap-add CHOWN \
  71. --cap-add DAC_OVERRIDE \
  72. --cap-add FOWNER \
  73. --cap-add FSETID \
  74. --cap-add KILL \
  75. --cap-add SETGID \
  76. --cap-add SETPCAP \
  77. --cap-add SETUID \
  78. --security-opt label=type:container_runtime_t \
  79. --volume '/usr/bin/docker-init':'/x11docker/tini':ro \
  80. --tmpfs /run --tmpfs /run/lock \
  81. --volume '/home/hendro/.cache/x11docker/x11docker-xfce-829b49/share':'/x11docker':rw \
  82. --volume '/home/hendro/.local/share/x11docker/x11docker-xfce':'/home/hendro':rw \
  83. --volume '/tmp/.X11-unix/X100':'/X100':rw \
  84. --workdir '/tmp' \
  85. --entrypoint env \
  86. --env 'container=docker' \
  87. --env 'XAUTHORITY=/x11docker/Xclientcookie' \
  88. --env 'DISPLAY=:100' \
  89. -- x11docker/xfce /bin/sh - /x11docker/container.CMD.sh
  90. DEBUGNOTE[553.59]: Command at Line 3959 returned with error code 1:
  91. grep -e '^DOCKER_'
  92. 7275 - ::create_dockerrc::main::main
  93. DEBUGNOTE[553.66]: Stored background pid 20970 of containershell
  94. DEBUGNOTE[553.67]: Waiting for X server --xephyr to be ready.
  95. DEBUGNOTE[553.82]: Running xinitrc
  96. DEBUGNOTE[553.85]: Created cookie: #ffff#5175616e74756d#:100 MIT-MAGIC-COOKIE-1 14d3e1e86868ece95850ae9d69177710
  97. DEBUGNOTE[553.90]: Stored background pid 21100 of shareclipboard
  98. DEBUGNOTE[554.00]: --xephyr is ready
  99. DEBUGNOTE[554.03]: Set pid 20990 on watchlist: xinit
  100. DEBUGNOTE[554.04]: Stored background pid 20990 of xinit
  101. DEBUGNOTE[554.07]: Watching pids:
  102. 20990 pts/1 00:00:00 xinit
  103. DEBUGNOTE[554.10]: Set pid 20994 on watchlist: Xserver
  104. DEBUGNOTE[554.11]: Stored background pid 20994 of Xserver
  105. DEBUGNOTE[554.15]: Running dockerrc
  106. DEBUGNOTE[554.16]: Watching pids:
  107. 20990 pts/1 00:00:00 xinit
  108. 20994 pts/1 00:00:00 Xephyr
  109. DEBUGNOTE[554.24]: Found default runtime: runc
  110. DEBUGNOTE[556.07]: Container ID: 2caeb42b18b6f495c9521a0302c44f29dafe796558d103c100433d80be8cb27c
  111. DEBUGNOTE[556.62]: Container is up and running.
  112. DEBUGNOTE[556.68]: 1. check for PID 1: 21541
  113. DEBUGNOTE[556.72]: Host PID of container PID 1: 21541
  114. DEBUGNOTE[556.75]: Container IP: 172.17.0.3
  115. DEBUGNOTE[557.82]: Running setup as root in container
  116. DEBUGNOTE[557.85]: Container libc: glibc
  117. DEBUGNOTE[557.94]: Waiting for file creation of /home/hendro/.cache/x11docker/x11docker-xfce-829b49/xtermready
  118. /usr/bin/startxfce4: X server already running on display :100
  119. DEBUGNOTE[558.04]: Running unprivileged user commands in container
  120. xfce4-session: No GPG agent found
  121. xfce4-session: No SSH authentication agent found
  122.  
  123. (xfce4-session:104): xfce4-session-WARNING **: 23:19:18.111: xfsm_manager_load_session: Something wrong with /home/hendro/.cache/sessions/xfce4-session-2caeb42b18b6:100, Does it exist? Permissions issue?
  124.  
  125. (xfsettingsd:125): libupower-glib-WARNING **: 23:19:18.189: Couldn't connect to proxy: Could not connect: No such file or directory
  126.  
  127. (xfsettingsd:125): libupower-glib-CRITICAL **: 23:19:18.189: up_client_get_lid_is_closed: assertion 'UP_IS_CLIENT (client)' failed
  128.  
  129. (xfsettingsd:125): GLib-GObject-WARNING **: 23:19:18.189: invalid (NULL) pointer instance
  130.  
  131. (xfsettingsd:125): GLib-GObject-CRITICAL **: 23:19:18.189: g_signal_connect_data: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed
  132. DEBUGNOTE[558.21]: Running image command: /x11docker/tini -- startxfce4
  133.  
  134. (xfwm4:114): xfwm4-WARNING **: 23:19:18.243: Error opening /dev/dri/card0: No such file or directory
  135.  
  136. ** (xfdesktop:122): WARNING **: 23:19:18.261: Thumbnailer failed calling GetFlavors
  137.  
  138. (xfce4-session:104): xfce4-session-WARNING **: 23:19:18.368: failed to run script: Failed to execute child process ?/usr/bin/pm-is-supported? (No such file or directory)
  139.  
  140. (xfce4-session:104): xfce4-session-WARNING **: 23:19:18.370: failed to run script: Failed to execute child process ?/usr/bin/pm-is-supported? (No such file or directory)
  141. DEBUGNOTE[558.97]: Stored background pid 21541 of containerpid1
  142. DEBUGNOTE[558.98]: Set pid 21541 on watchlist: containerpid1
  143. DEBUGNOTE[559.06]: Watching pids:
  144. 20990 pts/1 00:00:00 xinit
  145. 20994 pts/1 00:00:00 Xephyr
  146. 21541 pts/0 00:00:00 tini
  147. DEBUGNOTE[560.08]: Process tree of container:
  148. tini(21541)-+-Thunar(22276)-+-{Thunar}(22302)
  149. | |-{Thunar}(22307)
  150. | |-{Thunar}(22326)
  151. | |-{Thunar}(22347)
  152. | |-{Thunar}(22348)
  153. | |-{Thunar}(22349)
  154. | |-{Thunar}(22350)
  155. | |-{Thunar}(22351)
  156. | |-{Thunar}(22352)
  157. | |-{Thunar}(22353)
  158. | `-{Thunar}(22354)
  159. |-dbus-daemon(22239)
  160. |-dbus-launch(22232)
  161. |-sh(22192)---xfce4-session(22218)---{xfce4-session}(22284)
  162. |-xfce4-panel(22273)-+-panel-2-actions(22346)
  163. | |-panel-6-systray(22344)
  164. | `-{xfce4-panel}(22345)
  165. |-xfconfd(22256)
  166. |-xfdesktop(22280)-+-{xfdesktop}(22313)
  167. | |-{xfdesktop}(22314)
  168. | `-{xfdesktop}(22343)
  169. |-xfsettingsd(22294)---{xfsettingsd}(22319)
  170. `-xfwm4(22268)
  171. DEBUGNOTE[560.19]: Process tree of x11docker:
  172. bash(20195)-+-bash(20561)---tail(21997)
  173. |-bash(20582)---tail(20583)
  174. |-bash(20602)
  175. |-bash(20612)
  176. |-bash(20970)---bash(22423)---pstree(22424)
  177. |-tail(20560)
  178. `-xinit(20990)-+-Xephyr(20994)-+-{Xephyr}(21000)
  179. | |-{Xephyr}(21001)
  180. | |-{Xephyr}(21002)
  181. | |-{Xephyr}(21003)
  182. | |-{Xephyr}(21004)
  183. | |-{Xephyr}(21005)
  184. | |-{Xephyr}(21006)
  185. | `-{Xephyr}(21007)
  186. `-sh(21019)-+-bash(21100)---sleep(22413)
  187. `-bash(21134)
  188.  
  189. (xfce4-session:104): GLib-WARNING **: 23:19:38.169: GError set over the top of a previous GError or uninitialized memory.
  190. This indicates a bug in someone's code. You must ensure an error is NULL before it's set.
  191. The overwriting error message was: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
  192.  
  193. (xfce4-session:104): xfce4-session-WARNING **: 23:19:38.171: failed to run script: Failed to execute child process ?/usr/bin/pm-is-supported? (No such file or directory)
  194.  
  195. (xfce4-session:104): xfce4-session-WARNING **: 23:19:38.174: failed to run script: Failed to execute child process ?/usr/bin/pm-is-supported? (No such file or directory)
  196.  
  197. (xfce4-session:104): Gtk-CRITICAL **: 23:19:38.190: IA__gtk_widget_set_visible: assertion 'GTK_IS_WIDGET (widget)' failed
  198.  
  199. (Thunar:120): Gtk-CRITICAL **: 23:19:39.549: gtk_main_quit: assertion 'main_loops != NULL' failed
  200.  
  201. (xfce4-session:104): GLib-GObject-CRITICAL **: 23:19:39.561: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
  202. DEBUGNOTE[580.09]: watchpidlist: PID 21541 has terminated
  203. DEBUGNOTE[580.10]: time to say goodbye (watchpidlist 21541)
  204. DEBUGNOTE[580.12]: time to say goodbye (watchpidlist)
  205. DEBUGNOTE[580.14]: time to say goodbye (timetosaygoodbyefifo)
  206. DEBUGNOTE[581.12]: time to say goodbye (main)
  207. DEBUGNOTE[581.13]: Terminating x11docker.
  208. DEBUGNOTE[581.14]: List of stored background processes:
  209. 20561 tailstdout
  210. 20582 tailstderr
  211. 20602 watchpidlist
  212. 20612 watchmessagefifo
  213. 20970 containershell
  214. 21100 shareclipboard
  215. 20990 xinit
  216. 20994 Xserver
  217. 21541 containerpid1
  218. DEBUGNOTE[581.18]: Checking: 21541 (containerpid1):
  219. DEBUGNOTE[581.22]: Checking: 20994 (Xserver):
  220. DEBUGNOTE[581.25]: Checking: 20990 (xinit):
  221. DEBUGNOTE[581.28]: Checking: 21100 (shareclipboard):
  222. DEBUGNOTE[581.32]: Checking: 20970 (containershell):
  223. DEBUGNOTE[581.35]: Checking: 20612 (watchmessagefifo):
  224. DEBUGNOTE[581.38]: Checking: 20602 (watchpidlist):
  225. DEBUGNOTE[581.42]: Checking: 20582 (tailstderr): 20582 pts/1 00:00:00 bash
  226. DEBUGNOTE[581.45]: Checking: 20561 (tailstdout): 20561 pts/1 00:00:00 bash
  227. DEBUGNOTE[581.45]: time to say goodbye (finish)
  228. DEBUGNOTE[581.46]: Exitcode 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!