diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b927208..746fc142 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ Project website: https://github.com/mviereck/x11docker - `--nxagent`: Fix for `--xc`. - `--update*`, `--install`, `--cleanup`: Fix error messages, exit once done. [(#435)](https://github.com/mviereck/x11docker/issues/435) + - `--hostuser`: Fixes for `--backend=host|proot` + [(#437)](https://github.com/mviereck/x11docker/issues/437) ## [7.1.4](https://github.com/mviereck/x11docker/releases/tag/v7.1.4) - 2022-03-27 ### Added diff --git a/x11docker b/x11docker index 050ea9f4..023ac54c 100755 --- a/x11docker +++ b/x11docker @@ -7223,11 +7223,16 @@ start_container() { # docker run no) case "$Backend" in host) - #echo $Hostuser $Containeruser $Containeruserhome $Cachefolder - bash "$Containerrc" & Pid1pid=$! + case "$Startuser" in + "$Containeruser") bash "$Containerrc" & Pid1pid=$! ;; + *) su "$Containeruser" -c "bash '$Containerrc'" & Pid1pid=$! ;; + esac ;; proot|chroot) - eval $Backendcommand & Pid1pid=$! + case "$Startuser" in + "$Containeruser") eval $Backendcommand & Pid1pid=$!;; + *) su "$Containeruser" -c "$Backendcommand" & Pid1pid=$! ;; + esac ;; docker|podman|nerdctl) #read Containerid < <(eval $Backendcommand 2>> $Containerlogfile | rmcr) @@ -7238,10 +7243,16 @@ start_container() { # docker run yes) case "$Backend" in host) - bash "$Containerrc" <&0 & Pid1pid=$! + case "$Startuser" in + "$Containeruser") bash "$Containerrc" <&0 & Pid1pid=$! ;; + *) su "$Containeruser" -c "bash '$Containerrc'" <&0 & Pid1pid=$! ;; + esac ;; proot|chroot) - eval $Backendcommand <&0 & Pid1pid=$! + case "$Startuser" in + "$Containeruser") eval $Backendcommand <&0 & Pid1pid=$!;; + *) su "$Containeruser" -c "$Backendcommand" <&0 & Pid1pid=$! ;; + esac ;; docker|podman|nerdctl) [ "$Winpty" ] && { @@ -7650,7 +7661,7 @@ $(rmcr < "$Containerlogfile" | tail)" they would have been installed and started directly on the host system." check_optionset "--backend=$Backend" "--cap-default --hostipc --ipc --limit --network --newprivileges --no-setup --runtime --sharecgroup --user" ||: check_optionset "--backend=$Backend" "--user" || error "--backend=$Backend: Option --user is not allowed. - Option --hostuser might serve you." + Please try option --hostuser instead." # set defaults. Some might look misleading just to avoid later messages, but not affecting the setup. Network="host" Shareipc="host" @@ -7690,7 +7701,7 @@ Fallback: using command '$Containercommand' and enabling option --interactive." check_optionset "--backend=$Backend" "--alsa --cap-default --group-add --hostipc --ipc --limit --home --name --network --newprivileges --no-entrypoint --no-setup \ --printer --pulseaudio --runasroot --runtime --share --sharecgroup --sudouser --webcam" ||: check_optionset "--backend=$Backend" "--user" || error "--backend=$Backend: Option --user is not allowed. - Option --hostuser might serve you." + Please try option --hostuser instead." # set defaults. Some might look misleading just to avoid later messages, but not affecting the setup. Sharealsa="no" Capdropall="yes" @@ -7993,7 +8004,7 @@ check_hostxenv() { # check environment variables for host X display [ -z "$XAUTHORITY" ] && [ -e "$Hostuserhome/.Xauthority" ] && XAUTHORITY="$Hostuserhome/.Xauthority" [ -z "$XAUTHORITY" ] && [ "$Runsoverssh" = "yes" ] && [ -e "$Hostuserhome/.Xauthority" ] && XAUTHORITY="$Hostuserhome/.Xauthority" [ "${XAUTHORITY:-}" ] && { - unpriv "xauth -i -f '${XAUTHORITY:-}' nlist '$Hostdisplay' 2>/dev/null | sed -e 's/^..../ffff/' | xauth -f '$Hostxauthority' nmerge - 2>/dev/null" + xauth -i -f "${XAUTHORITY:-}" nlist "$Hostdisplay" 2>/dev/null | sed -e 's/^..../ffff/' | unpriv "xauth -f '$Hostxauthority' nmerge - 2>/dev/null" chown "$Hostuser" "$Hostxauthority" chmod 600 "$Hostxauthority" export XAUTHORITY @@ -10203,6 +10214,7 @@ main() { check_hostuser # find unprivileged host user # --hostuser create_cachefiles # create cache files owned by unprivileged user # --cachebasedir setup_verbosity # create [and show] summary logfile # --verbose + check_containerhomebasedir # check base dir for --home and possible rootfs # --homebasedir check_backend # --backend # Special x11docker jobs @@ -10232,7 +10244,6 @@ main() { check_containeruser # unprivileged user in container # --user check_xcontainer # check if x11docker/xserver can/will be used # --xc check_xserver # check chosen X server or auto-choose one - check_containerhomebasedir # check base dir for --home and possible rootfs # --homebasedir check_options_interferences # check options, change settings if needed check_containerhome # create persistent container home # --home check_xdg_runtime_dir @@ -10342,7 +10353,7 @@ $(nl -ba <$Cmdrc)" waitforlogentry 'start_container()' $Xinitlogfile 'xinitrc is ready' "$Xiniterrorcodes" rocknroll || timetosaygoodbye main # xinit(?) sets variables to new display for host applications, too. This undoes it. - unpriv "dbus-update-activation-environment --systemd DISPLAY='$DISPLAY' XAUTHORITY='$XAUTHORITY'" >> "$Xinitlogfile" 2>&1 + unpriv "dbus-update-activation-environment --systemd DISPLAY='$DISPLAY' XAUTHORITY='$XAUTHORITY'" >> "$Xinitlogfile" 2>&1 ||: [ "$Runfromhost" ] && { # --runfromhost while read Line; do