Skip to content

Commit

Permalink
--init=openrc|runit|sysvinit: use login instead of su if agetty is av…
Browse files Browse the repository at this point in the history
…ailable #417
  • Loading branch information
mviereck committed Feb 26, 2022
1 parent f956287 commit 333e645
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 31 deletions.
29 changes: 12 additions & 17 deletions TODO.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,20 @@
x11docker ToDo notes

## Work in progress
- --xc --user=root fails

- centralize argument checks
- change global "no" to ""
- --xc=backend
- --xc: Sysbox and runc both in use
- --pulseaudio=host: check possible tcp setup

- `--interactive --init=runit|openrc|sysvinit`: no job control in shell
- --init=openrc|runit: elogind fails
- check elogind with cgroupv2. maybe drop --sharecgroup and set up in container only

- sommelier
- --gpu=virgl
- --backend=systemd-nspawn
- --backend=systemd-nspawn|lxc|lxd|runc
- check empty XDG_RUNTIME_DIR e.g. with --user, --hostuser
- --weston2-xwayland?

Expand All @@ -23,19 +33,15 @@ x11docker ToDo notes
- use xauth and others from image if not available on host
- missing: Xorg, Weston/Kwin on console, xpra-xwayland
- --xpra-xwayland --xc: xpra client fails with keyboard error

- deprecate --sharecgroup?

## Issues to fix
- sysbox: warning on capabilities
- --build: download files for COPY/ADD (x11docker/check, x11docker/xserver)
- x11docker/fvwm: openrc package broken? no `rc-update`, no dbus
- `--remove`: give note about not removed files in `~./config/x11docker` and `/etc/x11docker`
- `--update`: Check if installs not into `/usr/bin` or `/usr/local/bin`. Do not install other files then.
Maybe change to $1 mode without `--`

## Checks
- check elogind with cgroupv2
- check all `--init=` in all backends rootful and rootless.
- checked:
- rootful docker: all
Expand All @@ -46,17 +52,12 @@ x11docker ToDo notes
- `--user`: Check in all rootless modes, maybe disallow except for `--user=root`.
- `--user=root --home` in rootless docker and nerdctl: Set up HOME in host user ~/x11docker?
- `--backend=podman` rootless: disallow `--home` for different `--user`.
- `--init=systemd`: cgroupv2 support #349

## Old issues to fix
- `--kwin-xwayland`: broken? Xwayland says: "missing wl_shell protocol". Deprecated yet.
- `--gpu --webcam` adds user to group `video` twice.
- docker-for-win: DOS newline mess in `error()` #219.
- docker-for-win: Double entries in log.
- `--install`/`--update`: first install shows entire `CHANGELOG.md`. Should only show most recent release notes.
- replace `find` in `containerrootrc`, missing in fedora images.
- error message window in Wayland fails: xterm: no display. x11docker should use `konsole` or `xfce4-terminal`.
- `--env`: check escapestring results in `containerrc`, some ugly strings are not escaped well

## Nice to fix
- `--init=systemd`: check systemd warnings on x11docker services
Expand All @@ -65,7 +66,6 @@ x11docker ToDo notes
- `--runtime=kata-runtime`: `x11docker/lxde` needs `--init=systemd`, why? Sort of `menud` issue.
- `--runtime=kata-runtime --nxagent`: ALT-GR works wrong.
- `myrealpath()`: If `realpath` is missing, the path argument is returned without resolving.
- `--interactive --init=runit|openrc|sysvinit`: no job control in shell
- `--interactive` not possible without `winpty` in WSL and Cygwin
- `--interactive --enforce-i` fails. Issue is subshell containershell & in main, would work without it.
- `--group-add`: gid 101 for both possible: `messagebus` and `systemd-journal`, works nonetheless.
Expand All @@ -75,9 +75,6 @@ x11docker ToDo notes
## Nice to fix (images)
- `x11docker/check`: Print several checks in terminal before running gui
- `x11docker/fluxbox` on arch host: background can miss, sometimes no context menu. Where is the difference to other hosts?
- `--sudouser`: `su` to root in void containers fails.
- `elogind` in alpine: `su` does not take effect. missing policykit? pam corrupted by x11docker?
- `elogind` in void container: loginctl is empty. ck-list-sessions, too.

## 3rd party bugs
- `kwin_wayland` needs `CAP_SYS_RESOURCE` even if running nested
Expand All @@ -90,9 +87,7 @@ x11docker ToDo notes

## Improvements
- `--cleanup`: avoid hardcoded paths
- avoid losing hostexe from process tree
- dependency wiki: Cygwin packages
- `capsh`: replace `su` with `capsh`? (missing in alpine) But how to trigger login?
- `x11docker/check`: palinopsia: check video RAM size with `glxinfo`, adjust requested RAM size.
- further checks of `/etc/pam.d`
- further checks of multimonitor behaviour
Expand Down
40 changes: 26 additions & 14 deletions x11docker
Original file line number Diff line number Diff line change
Expand Up @@ -3812,7 +3812,7 @@ create_xcontainercommand() { # option --xc: create docker command for X in co
--pull=never \\
--init \\
--name $Xcontainername \\
--user ${Containeruseruid:-$Hostuseruid}:${Containerusergid:-$Hostusergid} \\
--user ${Hostuseruid}:${Hostusergid} \\
--env HOME=/tmp \\
--cap-drop ALL \\
--security-opt=no-new-privileges \\
Expand Down Expand Up @@ -4698,6 +4698,7 @@ check_containerhome() { # option --home: check HOME of container user.
case "$Sharehome" in
host)
Containeruserhomebasefolder="/home"
[ "$Containeruser" = "root" ] && Containeruserhomebasefolder="/"
# A change can break existing configs, e.g. playonlinux
# Containeruserhomebasefolder="/home.x11docker"
[ "$Persistanthomevolume" = "$Containeruserhosthome" ] && {
Expand All @@ -4709,6 +4710,7 @@ check_containerhome() { # option --home: check HOME of container user.
no)
# Containeruserhomebasefolder="/home.tmp"
Containeruserhomebasefolder="/home"
[ "$Containeruser" = "root" ] && Containeruserhomebasefolder="/"
;;
volume)
Containeruserhomebasefolder="/home.volume/$Persistanthomevolume"
Expand Down Expand Up @@ -5847,6 +5849,17 @@ done
# /etc/profile.d
"
case "$Initsystem" in
systemd|openrc|sysvinit|runit)
echo "
install -m 666 /dev/null /etc/profile.d/90-x11docker-containerrc.sh
echo '
echo > /etc/profile.d/90-x11docker-containerrc.sh
exec /bin/sh $(convertpath share "$Containerrc")
' >> /etc/profile.d/90-x11docker-containerrc.sh
"
;;
esac
while read Line; do
echo "echo 'export $Line' >> /etc/profile.d/10-x11docker-env.sh"
done <<< $(store_runoption dump env)
Expand Down Expand Up @@ -6132,6 +6145,11 @@ export XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR
# Check for dbus user daemon command
echo "command -v dbus-run-session >/dev/null && Dbus=dbus-run-session || note \"Option --dbus: dbus seems to be not installed.
Cannot run a DBus user session. Please install package dbus in image.\""
case "$Initsystem" in
systemd|sysvinit|openrc|runit)
echo "Dbus="
;;
esac
}
echo "export DISPLAY='$Newdisplay' XAUTHORITY=$(convertpath share "$Xclientcookie")"
case "$Xserver" in
Expand Down Expand Up @@ -6231,7 +6249,6 @@ Timetosaygoodbyefile=$(convertpath share "$Timetosaygoodbyefile")
echo "
debugnote \"cmdrc: Running container command:
$Containerentrypoint $Containercommand\"
note \"Container command: $Containerentrypoint $Containercommand\"
"
case "$Backend" in
host|chroot)
Expand Down Expand Up @@ -6294,17 +6311,14 @@ chmod +x /usr/local/bin/x11docker-su
echo \"#! /bin/sh
# Run agetty to get a valid console.
# Needed at least for --interactive.
# Runs x11docker-su.
# Runs x11docker-su or agetty with login
# Called at different places depending on init system.
. /usr/local/bin/x11docker-message
debugnote 'Running x11docker-agetty'
"
case "$Initsystem" in
systemd)
systemd|openrc|sysvinit|runit)
echo "
#su \$Containeruser -c 'mkdir -p \$Containeruserhome/.config/systemd/user/default.target.wants' ### FIXME fails for unknown reasons, authentication issue
#mkdir -p -m 777 \$Containeruserhome/.config/systemd/user/default.target.wants
#ln -s /etc/systemd/user/x11docker-containerrc.service \$Containeruserhome/.config/systemd/user/default.target.wants/x11docker-containerrc.service
[ -e /sbin/agetty ] && exec agetty --autologin \$Containeruser console
"
;;
Expand All @@ -6316,7 +6330,7 @@ debugnote 'Running x11docker-agetty'
esac
echo "
debugnote 'x11docker-agetty: agetty not found.'
note '/sbin/agetty not found. Startup can fail.
note '/sbin/agetty not found. Startup can fail, --interactive can misbehave.
Please install package util-linux in image.'
exec /usr/local/bin/x11docker-su
\" >/usr/local/bin/x11docker-agetty
Expand Down Expand Up @@ -6526,7 +6540,7 @@ rootrc_prepare_init_openrc() {
echo "
# --init=openrc
# Tell openrc that it runs in docker container
# Tell openrc that it runs in a container
sed -e 's/#rc_sys=\"\"/rc_sys=\"$Backend\"/g' -i /etc/rc.conf
# Create and enable x11docker service containing container command
Expand All @@ -6536,7 +6550,7 @@ depend() {
after *
}
start() {
ebegin 'Starting containerrc'
ebegin 'Starting x11docker-agetty'
/usr/local/bin/x11docker-agetty
openrc-shutdown --poweroff 0
shutdown 0
Expand All @@ -6545,12 +6559,11 @@ start() {
eend \$?
}
\" > /etc/init.d/x11docker.service
chmod +x /etc/init.d/x11docker.service
rc-update add x11docker.service default
# DBus service
echo '#!/sbin/openrc-run
[ -e /etc/init.d/dbus ] || echo '#!/sbin/openrc-run
start() {
ebegin \"Starting D-BUS system messagebus\"
/usr/bin/dbus-uuidgen --ensure=/etc/machine-id
Expand Down Expand Up @@ -6582,6 +6595,7 @@ rc-update add dbus default
rootrc_prepare_init_runit() {
echo "
# --init=runit
# create and enable x11docker service containing container command
mkdir -p /etc/sv/x11docker
mkdir -p /etc/runit/runsvdir/default
Expand Down Expand Up @@ -6678,8 +6692,6 @@ rootrc_prepare_init_systemd() {
echo "
# --init=systemd
echo '/bin/sh $(convertpath share "$Containerrc")' > /etc/profile.d/90-x11docker-containerrc.sh
# remove failing and annoying services
Unservicelist='
apt-daily.service
Expand Down

0 comments on commit 333e645

Please sign in to comment.