commit 8d630e29b72120013b2f576241f2861164fec123 parent e70bce2f23fb17fd0a91aec1c34f202490e54495 Author: ccx <ccx@te2000.cz> Date: Sun, 17 Mar 2024 00:14:32 +0000 Add runscript for containerized Xorg Diffstat:
| A | service_scripts/xorg/run | | | 86 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1 file changed, 86 insertions(+), 0 deletions(-)
diff --git a/service_scripts/xorg/run b/service_scripts/xorg/run @@ -0,0 +1,86 @@ +#!/command/execlineb -P +fdmove -c 2 1 + +s6-envdir env +multisubstitute { + importas -i -u CONTAINER_NAME CONTAINER_NAME + importas -i -u CONTAINER_USER CONTAINER_USER + importas -i -u vtN + define XDG_RUNTIME_DIR /run/X +} +export XDG_RUNTIME_DIR $XDG_RUNTIME_DIR +backtick -in CONTAINER_USER_HOME { homeof $CONTAINER_USER } +multisubstitute { + importas -i -u CONTAINER_USER_HOME CONTAINER_USER_HOME + define CONTAINER_TMPFS /run/containers/${CONTAINER_NAME}.${CONTAINER_USER} + define -s tmpfs_dirs "home run tmp inbox run/inbox tmp/.X11-unix" + importas -D ns -s -C -u CONTAINER_MNT_DIRS CONTAINER_MNT_DIRS +} + +getpid NS_PID +foreground { + importas -i NS_PID NS_PID + if { test -d /run/cgroup } + if { mkdir -p /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME} } + redirfd -w 1 /run/cgroup/containers/${CONTAINER_USER}/${CONTAINER_NAME}/cgroup.procs + printf "%s" ${NS_PID} +} + +if { rm -rf ${CONTAINER_TMPFS} } +if { mkdir -p ${CONTAINER_TMPFS}/${tmpfs_dirs} ${CONTAINER_TMPFS}/mnt/${CONTAINER_MNT_DIRS} } +if { chmod 1770 ${CONTAINER_TMPFS}/${tmpfs_dirs} } +if { chown root:${CONTAINER_USER} ${CONTAINER_TMPFS}/${tmpfs_dirs} } + +# Xauthority +if { truncate -s 0 ${CONTAINER_TMPFS}${XDG_RUNTIME_DIR}/Xauthority } +if { chmod 600 ${CONTAINER_TMPFS}${XDG_RUNTIME_DIR}/Xauthority } +if { chown ${CONTAINER_USER}:${CONTAINER_USER} ${CONTAINER_TMPFS}${XDG_RUNTIME_DIR}/Xauthority } +if { chown ${CONTAINER_USER}:${CONTAINER_USER} ${CONTAINER_TMPFS}${XDG_RUNTIME_DIR} } +if { + pipeline { + if { printf "add :%d . " ${vtN} } + if { redirfd -r 0 /dev/urandom xxd -p -l 16 } + } + xauth -f ${XDG_RUNTIME_DIR}/Xauthority source - +} + +# # Create default resolv.conf +# if { redirfd -w 1 ${CONTAINER_TMPFS}/run/resolv.conf printf "nameserver 127.0.0.1\n" } +# if { chown ${CONTAINER_USER}:${CONTAINER_USER} ${CONTAINER_TMPFS}/run/resolv.conf } + +if { mount -a --fstab data/fstab } + +# Put UID/GID/GIDLIST into environment for use by s6-applyuidgid below +s6-envuidgid ${CONTAINER_USER} + + +env + HOST=${CONTAINER_NAME} + #RUN_CHOWN=${UID}:${GID} + NS_EXTRA=" + if { mount -o bind,ro /etc/passwd ./etc/passwd } + if { mount -o bind,ro /etc/group ./etc/group } + if { mount -o bind /dev/input ./dev/init } + if { cp -a /dev/tty${vtN} ./dev/tty${vtN} } + if { chmod 660 ./dev/tty${vtN} } + if { chown root:xorg ./dev/tty${vtN} } +" + +emptyenv -c +ns_run data/root +/mnt/ns/current/command/applyuidgid-caps -U "" +env HOME=${CONTAINER_USER_HOME} USER=${CONTAINER_USER} + +s6-setsid +s6-envuidgid xorg applyuidgid-caps -U "" +Xorg + -displayfd 5 + -nolisten local + -nolisten tcp + -quiet + -logfile ${XDG_RUNTIME_DIR}/log + -auth ${XDG_RUNTIME_DIR}/Xauthority + -tst + -retro + -novtswitch + vt${vtN} :${vtN}