--hostuser: fixes for --backen=host|proot #437

CHANGELOG.md

@@ -17,6 +17,8 @@ Project website: https://github.com/mviereck/x11docker
  - `--nxagent`: Fix for `--xc`.
  - `--update*`, `--install`, `--cleanup`: Fix error messages, exit once done.
    [(#435)](https://github.com/mviereck/x11docker/issues/435)
+ - `--hostuser`: Fixes for `--backend=host|proot`
+   [(#437)](https://github.com/mviereck/x11docker/issues/437)
 
 ## [7.1.4](https://github.com/mviereck/x11docker/releases/tag/v7.1.4) - 2022-03-27 
 ### Added

x11docker

@@ -7223,11 +7223,16 @@ start_container() {             # docker run
     no)
       case "$Backend" in
         host)
-          #echo $Hostuser $Containeruser $Containeruserhome $Cachefolder
-          bash "$Containerrc" & Pid1pid=$!
+          case "$Startuser" in
+            "$Containeruser")          bash "$Containerrc"  & Pid1pid=$! ;;
+            *) su "$Containeruser" -c "bash '$Containerrc'" & Pid1pid=$! ;;
+          esac
         ;;
         proot|chroot)
-          eval $Backendcommand & Pid1pid=$!
+          case "$Startuser" in
+            "$Containeruser")          eval $Backendcommand  & Pid1pid=$!;;
+            *) su "$Containeruser" -c      "$Backendcommand" & Pid1pid=$! ;;
+          esac
         ;;
         docker|podman|nerdctl)
           #read Containerid < <(eval $Backendcommand 2>> $Containerlogfile | rmcr)
@@ -7238,10 +7243,16 @@ start_container() {             # docker run
     yes)
       case "$Backend" in
         host)
-          bash "$Containerrc" <&0 & Pid1pid=$!
+          case "$Startuser" in
+            "$Containeruser")          bash "$Containerrc"  <&0 & Pid1pid=$! ;;
+            *) su "$Containeruser" -c "bash '$Containerrc'" <&0 & Pid1pid=$! ;;
+          esac
         ;;
         proot|chroot)
-          eval $Backendcommand <&0 & Pid1pid=$!
+          case "$Startuser" in
+            "$Containeruser")          eval $Backendcommand  <&0 & Pid1pid=$!;;
+            *) su "$Containeruser" -c      "$Backendcommand" <&0 & Pid1pid=$! ;;
+          esac
         ;;
         docker|podman|nerdctl)
           [ "$Winpty" ] && {
@@ -7650,7 +7661,7 @@ $(rmcr < "$Containerlogfile" | tail)"
   they would have been installed and started directly on the host system."
       check_optionset "--backend=$Backend" "--cap-default --hostipc --ipc --limit --network --newprivileges --no-setup --runtime --sharecgroup --user" ||:
       check_optionset "--backend=$Backend" "--user" || error "--backend=$Backend: Option --user is not allowed.
-  Option --hostuser might serve you."
+  Please try option --hostuser instead."
       # set defaults. Some might look misleading just to avoid later messages, but not affecting the setup.
       Network="host"
       Shareipc="host"
@@ -7690,7 +7701,7 @@ Fallback: using command '$Containercommand' and enabling option --interactive."
       check_optionset "--backend=$Backend" "--alsa --cap-default --group-add --hostipc --ipc --limit --home --name --network --newprivileges --no-entrypoint --no-setup \
                        --printer --pulseaudio --runasroot --runtime --share --sharecgroup --sudouser --webcam" ||:
       check_optionset "--backend=$Backend" "--user" || error "--backend=$Backend: Option --user is not allowed.
-  Option --hostuser might serve you."
+  Please try option --hostuser instead."
       # set defaults. Some might look misleading just to avoid later messages, but not affecting the setup.
       Sharealsa="no"
       Capdropall="yes"
@@ -7993,7 +8004,7 @@ check_hostxenv() {              # check environment variables for host X display
   [ -z "$XAUTHORITY" ]   && [ -e "$Hostuserhome/.Xauthority" ] && XAUTHORITY="$Hostuserhome/.Xauthority"
   [ -z "$XAUTHORITY" ]   && [ "$Runsoverssh" = "yes" ] && [ -e "$Hostuserhome/.Xauthority" ] && XAUTHORITY="$Hostuserhome/.Xauthority"
   [ "${XAUTHORITY:-}" ]  && {
-    unpriv "xauth -i -f '${XAUTHORITY:-}' nlist '$Hostdisplay' 2>/dev/null | sed -e 's/^..../ffff/' | xauth -f '$Hostxauthority' nmerge - 2>/dev/null"
+    xauth -i -f "${XAUTHORITY:-}" nlist "$Hostdisplay" 2>/dev/null | sed -e 's/^..../ffff/' | unpriv "xauth -f '$Hostxauthority' nmerge - 2>/dev/null"
     chown "$Hostuser" "$Hostxauthority"
     chmod 600 "$Hostxauthority"
     export XAUTHORITY
@@ -10203,6 +10214,7 @@ main() {
   check_hostuser                 # find unprivileged host user                    # --hostuser
   create_cachefiles              # create cache files owned by unprivileged user  # --cachebasedir
   setup_verbosity                # create [and show] summary logfile              # --verbose
+  check_containerhomebasedir     # check base dir for --home and possible rootfs  # --homebasedir
   check_backend                                                                   # --backend
 
   # Special x11docker jobs
@@ -10232,7 +10244,6 @@ main() {
   check_containeruser            # unprivileged user in container                 # --user
   check_xcontainer               # check if x11docker/xserver can/will be used    # --xc
   check_xserver                  # check chosen X server or auto-choose one
-  check_containerhomebasedir     # check base dir for --home and possible rootfs  # --homebasedir
   check_options_interferences    # check options, change settings if needed
   check_containerhome            # create persistent container home               # --home
   check_xdg_runtime_dir
@@ -10342,7 +10353,7 @@ $(nl -ba <$Cmdrc)"
     waitforlogentry 'start_container()' $Xinitlogfile 'xinitrc is ready' "$Xiniterrorcodes"
     rocknroll || timetosaygoodbye main
     # xinit(?) sets variables to new display for host applications, too. This undoes it.
-    unpriv "dbus-update-activation-environment --systemd DISPLAY='$DISPLAY' XAUTHORITY='$XAUTHORITY'" >> "$Xinitlogfile" 2>&1
+    unpriv "dbus-update-activation-environment --systemd DISPLAY='$DISPLAY' XAUTHORITY='$XAUTHORITY'" >> "$Xinitlogfile" 2>&1 ||:
 
     [ "$Runfromhost" ] && {                                                       # --runfromhost
       while read Line; do