search

mviereck / x11docker

Run GUI applications and desktops in docker and podman containers. Focus on security.
MIT License
5.62k stars 378 forks source link

x11docker ERROR: Option --user: Unknown host user or invalid user number 'user'. Non-host users can be specified with an UID only, not with a name. #270

Closed thisisjaymedina closed 4 years ago

thisisjaymedina commented 4 years ago

This issue occurs every time I attempt to run a container. The log file is empty every time I try to run the container as well. I installed Docker via Community Repo (using Manjaro), and X11Docker via AUR.

Please feel free to let me know information I can provide to help resolve this issue. Thank you for creating this very helpful tool, I can't wait to start using it.

mviereck commented 4 years ago

Could you please run with --verbose and show me the output? This output would be same same as it should appear in the logfile.

Edit: could you show me output of logname, too? It should show your user name, and x11docker uses it. If that is wrong, maybe try another terminal emulator.

thisisjaymedina commented 4 years ago

Hi @mviereck, thank you for responding so quickly!

Here's the output from Konsole (as much as buffer could capture): 346 $(tail "${2:-}")"; 347 [ "$Errorkeys" ] && grep -i -q -E "$Errorkeys" < "${2:-}" && error "waitforlogentry(): ${1:-}: Found error message in logfile. 348 Last lines of logfile $(basename ${2:-}): 349 $(tail "${2:-}")"; 350 rocknroll || { 351 debugnote "waitforlogentry(): ${1:-}: Stopped waiting for ${3:-} in $(basename ${2:-}) due to terminating signal."; 352 return 1 353 }; 354 done; 355 debugnote "waitforlogentry(): ${1:-}: Found log entry \"${3:-}\" in $(basename ${2:-})."; 356 return 0 357 }' 358 echo 'calculate() {' 359 echo ' LC_ALL=C printf %.3f\n "$((10*9 $@))e-9"' 360 echo '}' 361 echo ' 362 warning() { 363 echo "$:WARNING" | sed "s/\$/ /" >>$Messagefile 364 } 365 note() { 366 echo "$:NOTE" | sed "s/\$/ /" >>$Messagefile 367 } 368 verbose() { 369 echo "$:VERBOSE" | sed "s/\$/ /" >>$Messagefile 370 } 371 debugnote() { 372 echo "$:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile 373 } 374 error() { 375 echo "$:ERROR" | sed "s/\$/ /" >>$Messagefile 376 exit 64 377 } 378 stdout() { 379 echo "$:STDOUT" | sed "s/\$/ /" >>$Messagefile 380 }' 381 echo 'Messagefile=/x11docker/message.fifo' 382 echo 'Storeinfofile=/x11docker/store.info' 383 echo 'Timetosaygoodbyefile=/x11docker/timetosaygoodbye' 384 echo '' 385 echo 'waitforlogentry containerrc $Storeinfofile containerrootrc=ready infinity' 386 echo 'debugnote "Running containerrc: Unprivileged user commands in container"' 387 echo '' 388 echo "Containercommand=\"$Containercommand\"" 389 echo "Entrypoint=\"$Entrypoint\"" 390 echo '' 391 echo 'verbose "containerrc: Container system:' 392 echo '$(cat /etc/os-release 2>&1 ||:)"' 393 echo '' 394 } >> /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/containerrc 395 { 396 echo '' 397 echo '# USER and HOME' 398 echo 'Containeruser="$(storeinfo dump containeruser)"' 399 echo 'Containeruserhome="/home.tmp/jaymedina"' 400 echo 'export USER="$Containeruser"' 401 echo 'export HOME="$Containeruserhome"' 402 echo '' 403 echo '# XDG_RUNTIME_DIR' 404 echo 'Containeruseruid=$(id -u $Containeruser)' 405 echo 'export XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR' 406 echo '[ -e /run/user/$Containeruseruid ] && ln -s /run/user/$Containeruseruid $XDG_RUNTIME_DIR || mkdir -p -m700 $XDG_RUNTIME_DIR' 407 echo '' 408 echo '# Copy files from /etc/skel into empty HOME' 409 echo '[ -d /etc/skel ] && [ -z "$(ls -A "$Containeruserhome" 2>/dev/null | grep -v gnupg)" ] && {' 410 echo ' debugnote "containerrc: HOME is empty. Copying from /etc/skel"' 411 echo ' cp -n -R /etc/skel/. $Containeruserhome' 412 echo ' :' 413 echo '} || {' 414 echo ' debugnote "containerrc: HOME is not empty. Not copying from /etc/skel"' 415 echo '}' 416 echo '' 417 echo '# Create softlink to X unix socket' 418 echo '[ -e /tmp/.X11-unix/X105 ] || ln -s /X105 /tmp/.X11-unix' 419 echo '' 420 echo 'unset WAYLAND_DISPLAY' 421 echo '' 422 echo 'export XDG_SESSION_TYPE=x11' 423 echo '' 424 echo '' 425 echo 'export TERM=xterm' 426 echo 'storeinfo test locale && export LANG="$(storeinfo dump locale)"' 427 echo '[ -e "/usr/share/zoneinfo/America/Chicago" ] || export TZ=UTC+05' 428 echo '[ "$(date -Ihours)" != "2020-08-04T15-05:00" ] && export TZ=UTC+05' 429 echo '[ "$DEBIAN_FRONTEND" = noninteractive ] && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND' 430 echo '[ "$DEBIAN_FRONTEND" = newt ] && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND' 431 echo '# container environment (--env)' 432 echo "export 'container=docker'" 433 echo "export 'NO_AT_BRIDGE=1'" 434 echo "export 'GTK_CSD=0'" 435 echo "export 'GTK_OVERLAY_SCROLLING=0'" 436 echo "export 'MWWM=allwm'" 437 echo "export 'MWNO_RIT=true'" 438 echo "export 'MWNOCAPTURE=true'" 439 echo "export 'QT_X11_NO_NATIVE_MENUBAR=1'" 440 echo "export 'UBUNTU_MENUPROXY='" 441 echo "export 'XAUTHORITY=/x11docker/Xauthority.client'" 442 echo "export 'DISPLAY=:105'" 443 echo "export 'XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR'" 444 echo '' 445 echo 'env >> /x11docker/container.environment' 446 echo 'verbose "Container environment:' 447 echo '$(env | sort)"' 448 echo '' 449 echo 'cd "$HOME"' 450 [ "$Workdir" ] && echo "[ -d \"$Workdir\" ] && cd \"$Workdir\" # WORKDIR in image" 451 echo '' 452 echo "debugnote \"containerrc: Running container command: 453 \$Dbus $Entrypoint $Containercommand 454 \"" 455 echo '' 456 echo 'exec 1>&6 2>&7 6>&- 7>&-' 457 echo "$Exec \$Dbus $Entrypoint $Containercommand >>/x11docker/stdout 2>>/x11docker/stderr" 458 echo "storeinfo cmdexitcode=\$?" 459 } >> /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/containerrc 460 ######## End of containerrc ######## 461 462 # Write containerrc into x11docker.log 463 nl -ba >> /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/x11docker.log < /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/containerrc 464 465 # Send signal to run X and wait for X to be ready 466 storeinfo readyforX=ready 467 waitforlogentry 'dockerrc' /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/xinit.log 'xinitrc is ready' 'xinit: giving up|unable to connect to X server|Connection refused|server error|Only console users are allowed' 468 469 rocknroll || exit 64 470 471 472 rocknroll || exit 64 473 474 475 #### run docker image #### 476 read Containerid < <(docker run --tty --rm --detach \ 477 --name x11docker_X105_jess-tor-browser_73276867269 \ 478 --user 1000:1000 \ 479 --env USER=jaymedina \ 480 --userns host \ 481 --cap-drop ALL \ 482 --security-opt no-new-privileges \ 483 --security-opt label=type:container_runtime_t \ 484 --volume '/usr/bin/docker-init':'/usr/local/bin/init':ro \ 485 --tmpfs /run --tmpfs /run/lock \ 486 --volume '/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share':'/x11docker':rw \ 487 --volume '/tmp/.X11-unix/X105':'/X105':rw \ 488 --workdir '/tmp' \ 489 --entrypoint env \ 490 --env 'container=docker' \ 491 --env 'NO_AT_BRIDGE=1' \ 492 --env 'GTK_CSD=0' \ 493 --env 'GTK_OVERLAY_SCROLLING=0' \ 494 --env 'MWWM=allwm' \ 495 --env 'MWNO_RIT=true' \ 496 --env 'MWNOCAPTURE=true' \ 497 --env 'QT_X11_NO_NATIVE_MENUBAR=1' \ 498 --env 'UBUNTU_MENUPROXY=' \ 499 --env 'XAUTHORITY=/x11docker/Xauthority.client' \ 500 --env 'DISPLAY=:105' \ 501 --env 'XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR' \ 502 -- jess/tor-browser /usr/local/bin/init -- /bin/sh - /x11docker/containerrc 2>>/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log | rmcr) 503 ########################## 504 505 506 [ "$Containerid" ] || { 507 error "Startup of docker failed. Did not receive a container ID. 508
509 Last lines of container log: 510 $(rmcr < /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log | tail)" 511 } 512 storeinfo containerid="$Containerid" 513 # Wait for container to be ready 514 for ((Count=1 ; Count<=40 ; Count++)); do 515 docker exec x11docker_X105_jess-tor-browser_73276867269 sh -c : 2>&1 | rmcr >>/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log && { debugnote 'dockerrc: Container is up and running.' ; break ; } || debugnote "dockerrc: Container not ready on $Count. attempt, trying again." 516 rocknroll || exit 64 517 mysleep 0.1 518 done 519 520 # Wait for pid 1 in container 521 for ((Count=1 ; Count<=40 ; Count++)); do 522 Pid1pid="$(docker inspect --format '{{.State.Pid}}' x11docker_X105_jess-tor-browser_73276867269 2>>/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log | rmcr)" 523 debugnote "dockerrc: $Count. check for PID 1: $Pid1pid" 524 checkpid "$Pid1pid" && break 525 rocknroll || exit 64 526 mysleep 0.1 527 done 528 [ -z "$Pid1pid" ] && error "dockerrc(): Did not receive PID of PID1 in container. 529 Maybe the container immediately stopped forunknown reasons. 530 Output of \"docker ps | grep x11docker\": 531 $(docker ps | grep x11docker) 532
533 Content of container log: 534 $(rmcr < /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log )" 535 storeinfo pid1pid="$Pid1pid" 536 537 # Get IP of container 538 Containerip="$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' x11docker_X105_jess-tor-browser_73276867269 2>>/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log)" 539 storeinfo containerip=$Containerip 540 541 # Check log for startup failure 542 Failure="$(rmcr < /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log | grep -v grep | grep -E 'Error response from daemon|OCI runtime exec' ||:)" 543 [ "$Failure" ] && { 544 echo "$Failure" >>/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log 545 error "Got error message from docker daemon: 546 $Failure 547 548 Last lines of logfile: 549 " 550 } 551 552 debugnote 'dockerrc(): Starting containerrootrc with privileged docker exec' 553 # copy containerrootrc inside of container to avoid possible noexec of host home. 554 docker exec --privileged --tty x11docker_X105_jess-tor-browser_73276867269 sh -c 'cp /x11docker/containerrootrc /tmp/containerrootrc ; chmod 644 /tmp/containerrootrc' 2>&1 | rmcr >>/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log 555 # run container root setup. containerrc will wait until setup script is ready. 556 docker exec --privileged --tty -u root x11docker_X105_jess-tor-browser_73276867269 /bin/sh /tmp/containerrootrc 2>&1 | rmcr >>/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log 557 558 storeinfo dockerrc=ready 559 560 [ "$Containerid" ] || [ "$Wmcontainerid" ] && { 561 # wait for signal of finish() 562 read Signal </home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/dockerrc.stopfifo 563 [ "$Signal" = "stop" ] && { 564 [ "$Containerid" ] && docker stop $Containerid >> /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log 2>&1 & 565 [ "$Wmcontainerid" ] && docker stop $Wmcontainerid >> /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log 2>&1 & 566 [ "$Dockerlogspid" ] && kill $Dockerlogspid >> /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/container.log 2>&1 & 567 } 568 } & storepid $! dockerstopshell 569 exit 0

x11docker[15:34:39,726]: Generated containerrootrc: 1 #! /bin/sh 2 3 # containerrootrc 4 # This Script is executed as root in container. 5 # - Create container user 6 # - Time zone 7 # - Install NVIDIA driver if requested 8 # - Set up init system services and DBus for --init=systemd|openrc|runit|sysvinit 9 10 # redirect output to have it available before 'docker logs' starts. --init=runit (void) would eat up the output at all for unknown reasons. 11 exec 1>>/x11docker/container.log 2>&1 12 13 storeinfo () 14 { 15 [ -e "$Storeinfofile" ] || return 1; 16 case "${1:-}" in 17 dump) 18 grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//" 19 ;; 20 drop) 21 sed -i "/^${2:-}=/d" $Storeinfofile 22 ;; 23 test) 24 grep -q "^${2:-}=" $Storeinfofile 25 ;; 26 ) 27 debugnote "storeinfo(): ${1:-}"; 28 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 29 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile 30 }; 31 echo "${1:-}" >> $Storeinfofile 32 ;; 33 esac 34 } 35 rocknroll () 36 { 37 [ -s "$Timetosaygoodbyefile" ] && return 1; 38 [ -e "$Timetosaygoodbyefile" ] || return 1; 39 return 0 40 } 41 42 warning() { 43 echo "$:WARNING" | sed "s/\$/ /" >>$Messagefile 44 } 45 note() { 46 echo "$:NOTE" | sed "s/\$/ /" >>$Messagefile 47 } 48 verbose() { 49 echo "$:VERBOSE" | sed "s/\$/ /" >>$Messagefile 50 } 51 debugnote() { 52 echo "$:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile 53 } 54 error() { 55 echo "$:ERROR" | sed "s/\$/ /" >>$Messagefile 56 exit 64 57 } 58 stdout() { 59 echo "$:STDOUT" | sed "s/\$/ /" >>$Messagefile 60 } 61 Messagefile=/x11docker/message.fifo 62 Storeinfofile='/x11docker/store.info' 63 Timetosaygoodbyefile=/x11docker/timetosaygoodbye 64 65 debugnote 'Running containerrootrc: Setup as root in container' 66 67 # Check type of libc 68 ldd --version 2>&1 | grep -q 'musl libc' && Containerlibc='musl' 69 ldd --version 2>&1 | grep -q -E 'GLIBC|GNU libc' && Containerlibc='glibc' 70 debugnote "containerrootrc: Container libc: $Containerlibc" 71 72 # Prepare X environment 73 # Create some system dirs with needed permissions 74 mkdir -v -p /var/lib/dbus /var/run/dbus 75 mkdir -v -p -m 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix 76 chmod -c 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix 77 export DISPLAY=:105 XAUTHORITY=/x11docker/Xauthority.client 78 79 # Time zone 80 [ ! -d /usr/share/zoneinfo ] && [ "$Containerlibc" = "glibc" ] && { 81 mkdir -p /usr/share/zoneinfo/America 82 cp '/x11docker/libc.localtime' '/usr/share/zoneinfo/America/Chicago' 83 } 84 [ -e '/usr/share/zoneinfo/America/Chicago' ] && ln -f -s '/usr/share/zoneinfo/America/Chicago' /etc/localtime 85 86 # Container system 87 Containersystem="$(grep '^ID=' /etc/os-release 2>/dev/null | cut -d= -f2 || echo 'unknown')" 88 verbose "Container system ID: $Containersystem" 89 90 # Environment variables 91 export 'container=docker' 92 export 'NO_AT_BRIDGE=1' 93 export 'GTK_CSD=0' 94 export 'GTK_OVERLAY_SCROLLING=0' 95 export 'MWWM=allwm' 96 export 'MWNO_RIT=true' 97 export 'MWNOCAPTURE=true' 98 export 'QT_X11_NO_NATIVE_MENUBAR=1' 99 export 'UBUNTU_MENUPROXY=' 100 export 'XAUTHORITY=/x11docker/Xauthority.client' 101 export 'DISPLAY=:105' 102 export 'XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR' 103 104 # Check container user 105 Containeruser="$(storeinfo dump containeruser)" 106 107 Containeruserhome='/home.tmp/jaymedina' 108 # Create user entry in /etc/passwd (and delete possibly existing same uid) 109 cat /etc/passwd | grep -v ':1000:' > /tmp/passwd 110 111 # Disable possible /etc/shadow passwords for other users 112 sed -i 's%:x:%:-:%' /tmp/passwd 113 bash --version >/dev/null 2>&1 && Containerusershell=/bin/bash || Containerusershell=/bin/sh 114 Containeruserentry="jaymedina:x:1000:1000:jaymedina,,,:/home.tmp/jaymedina:$Containerusershell" 115 debugnote "containerrootrc: $Containeruserentry" 116 echo "$Containeruserentry" >> /tmp/passwd 117 118 rm /etc/passwd 119 mv /tmp/passwd /etc/passwd || warning 'Unable to change /etc/passwd. That may be a security risk.' 120 121 # Create password entry for container user in /etc/shadow 122 rm -v /etc/shadow || warning 'Cannot change /etc/shadow. That may be a security risk.' 123 echo "jaymedina:sac19FwGGTx/A:17293:0:99999:7:::" > /etc/shadow 124 echo 'root::17219:0:99999:7:::' >> /etc/shadow 125 126 # Create user group entry (and delete possibly existing same gid) 127 cat /etc/group | grep -v ':1000:' > /tmp/group 128 echo "jaymedina:x:1000:" >> /tmp/group 129 mv /tmp/group /etc/group 130 131 # Create /etc/sudoers, delete /etc/sudoers.d. Overwrite possible sudo setups in image. 132 [ -e /etc/sudoers.d ] && rm -v -R /etc/sudoers.d 133 [ -e /etc/sudoers ] && rm -v /etc/sudoers 134 echo '# /etc/sudoers created by x11docker' > /etc/sudoers 135 echo 'root ALL=(ALL) ALL' >> /etc/sudoers 136 137 # Restrict PAM configuration of su and sudo 138 mkdir -p /etc/pam.d 139 [ -e /etc/pam.d/sudo ] && rm -v /etc/pam.d/sudo 140 case "$Containersystem" in 141 fedora) 142 echo '#%PAM-1.0' > /etc/pam.d/su 143 echo 'auth sufficient pam_rootok.so' >> /etc/pam.d/su 144 echo 'account sufficient pam_succeed_if.so uid = 0 use_uid quiet' >> /etc/pam.d/su 145 echo 'session include system-auth' >> /etc/pam.d/su 146 ;; 147 ) 148 echo '#%PAM-1.0' > /etc/pam.d/su 149 echo 'auth sufficient pam_rootok.so' >> /etc/pam.d/su # allow root to switch user without a password 150 echo '@include common-auth' >> /etc/pam.d/su 151 echo '@include common-account' >> /etc/pam.d/su 152 echo '@include common-session' >> /etc/pam.d/su 153 ;; 154 esac 155 156 # Set up container user groups 157 # Create HOME 158 mkdir -p $Containeruserhome 159 chown $Containeruser:$(id -g $Containeruser) "$Containeruserhome" 160 ls -la $Containeruserhome 161 162 rocknroll || exit 64 163 164 165 # disable getty in inittab 166 [ -e /etc/inittab ] && sed -i 's/.getty/##getty disabled by x11docker## \0/' /etc/inittab 167 168 169 rocknroll || exit 64 170 171 storeinfo containerrootrc=ready 172

x11docker[15:34:39,752]: Generated xinitrc: 1 #! /bin/sh 2 disable_xhost () 3 { 4 local Line=; 5 command -v xhost > /dev/null || { 6 warning "Command 'xhost' not found. 7 Can not check for possibly allowed network access to X. 8 Please install 'xhost'."; 9 return 1 10 }; 11 xhost 2>&1 | tail -n +2 /dev/stdin | while read -r Line; do 12 debugnote "xhost: Removing entry $Line"; 13 xhost -$Line; 14 done; 15 xhost -; 16 [ "$(xhost 2>&1 | wc -l)" -gt "1" ] && { 17 warning "Remaining xhost permissions found on display ${DISPLAY:-} 18 $(xhost 2>&1 )"; 19 return 1 20 }; 21 xhost 2>&1 | grep "access control disabled" && { 22 warning "Failed to restrict xhost permissions. 23 Access to display ${DISPLAY:-} is allowed for everyone."; 24 return 1 25 }; 26 return 0 27 } 28 pspid () 29 { 30 LC_ALL=C ps -p "${1:-}" 2> /dev/null | grep -v 'TIME' 31 } 32 rocknroll () 33 { 34 [ -s "$Timetosaygoodbyefile" ] && return 1; 35 [ -e "$Timetosaygoodbyefile" ] || return 1; 36 return 0 37 } 38 storeinfo () 39 { 40 [ -e "$Storeinfofile" ] || return 1; 41 case "${1:-}" in 42 dump) 43 grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//" 44 ;; 45 drop) 46 sed -i "/^${2:-}=/d" $Storeinfofile 47 ;; 48 test) 49 grep -q "^${2:-}=" $Storeinfofile 50 ;; 51 ) 52 debugnote "storeinfo(): ${1:-}"; 53 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 54 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile 55 }; 56 echo "${1:-}" >> $Storeinfofile 57 ;; 58 esac 59 } 60 storepid () 61 { 62 case "${1:-}" in 63 dump) 64 grep -w "${2:-}" "$Storepidfile" | cut -d' ' -f1 65 ;; 66 test) 67 grep -q -w "${2:-}" "$Storepidfile" 68 ;; 69 ) 70 echo "${1:-NOPID}" "${2:-NONAME}" >> "$Storepidfile"; 71 debugnote "storepid(): Stored pid '${1:-}' of '${2:-}': $(pspid ${1:-} ||:)" 72 ;; 73 esac 74 } 75 76 warning() { 77 echo "$:WARNING" | sed "s/\$/ /" >>$Messagefile 78 } 79 note() { 80 echo "$:NOTE" | sed "s/\$/ /" >>$Messagefile 81 } 82 verbose() { 83 echo "$:VERBOSE" | sed "s/\$/ /" >>$Messagefile 84 } 85 debugnote() { 86 echo "$:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile 87 } 88 error() { 89 echo "$:ERROR" | sed "s/\$/ /" >>$Messagefile 90 exit 64 91 } 92 stdout() { 93 echo "$:STDOUT" | sed "s/\$/ /" >>$Messagefile 94 } 95 getscreensize() { 96 CurrentXaxis="$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f1 )" 97 CurrentYaxis="$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f2 | cut -d+ -f1)" 98 } 99 checkscreensize() { 100 getscreensize 101 [ "$Xaxis" = "$CurrentXaxis" ] || return 1 102 [ "$Yaxis" = "$CurrentYaxis" ] || return 1 103 return 0 104 } 105 getprimary() { 106 xrandr | grep -q primary || xrandr --output $(xrandr | grep ' connected' | head -n1 | cut -d' ' -f1) --primary 107 echo $(xrandr | grep primary | cut -d' ' -f1) 108 } 109 110 Messagefile='/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/message.fifo' 111 Output="$(getprimary)" 112 Storeinfofile='/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/store.info' 113 Storepidfile='/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/store.pids' 114 Timetosaygoodbyefile='/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/timetosaygoodbye' 115 116 export PATH='/home/jaymedina/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/var/lib/snapd/snap/bin:/sbin:/usr/sbin:/usr/local/games:/usr/games' 117 118 Cookie='' 119 Line='' 120 Var='' 121 122 debugnote 'Running xinitrc' 123 124 export DISPLAY=:105 XAUTHORITY=/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X105 XDG_RUNTIME_DIR= 125 # background color 126 xsetroot -solid '#7F7F7F' 2>/dev/null 127 128 # create new XAUTHORITY cookies 129 :> /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client 130 131 echo 'Requesting trusted cookie from X server' 132 xauth -v -i -f /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client generate :105 . trusted timeout 3600 133 134 [ -s '/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client' ] || { 135 [ 'trusted' = 'untrusted' ] && note 'Could not create untrusted cookie. 136 Maybe your X server misses extension SECURITY.' 137 } 138 [ -s '/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client' ] || { 139 # still no cookie? try to create one without extension security 140 debugnote 'xinitrc: Failed to retrieve trusted cookie from X server. Will bake one myself.' 141 echo 'Failed to retrieve trusted cookie from X server. Will bake one myself.' 142 xauth -v -i -f /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client add :105 . 6ad19ffa7f033a83b968b79ea94a3d12 143 ls -l /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client 144 } 145 146 # Prepare cookie with localhost identification disabled by ffff, needed if X socket is shared. ffff means 'familiy wild' 147 Cookie="$(xauth -i -f /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client nlist | sed -e 's/^..../ffff/')" 148 echo "$Cookie" | xauth -v -i -f /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client nmerge - 149 150 debugnote "xinitrc: Created cookie: $(xauth -f /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client list 2>&1)" 151 ls -l /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client 152 cp /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/Xauthority.server 153 chmod 644 /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client 154 155 [ -s '/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client' ] || warning 'Cookie creation failed!' 156 export XAUTHORITY=/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client 157 [ 'yes' = 'no' ] || [ ! -s '/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client' ] && unset XAUTHORITY && warning '--xpra: X server :105 runs without cookie authentication.' 158 159 # clean xhost 160 verbose 'Disabling any possible access to new X server possibly granted by xhost' 161 disable_xhost 162 163 # Keyboard layout 164 # set keyboard layout on :105 165 verbose "Keyboard layout: 166 $(cat /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/xkb.keymap)" 167 xkbcomp /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/xkb.keymap :105 168 169 170 171 verbose "Output of xrandr on :105 172 $(xrandr)" 173 174 echo 'xinitrc: xinitrc is ready' 175 storeinfo xinitrc=ready 176 177 # wait for the end 178 read Var </home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/timetosaygoodbye.fifo

DEBUGNOTE[15:34:39,769]: storepid(): Stored pid '663668' of 'containershell': 663668 pts/2 00:00:00 bash DEBUGNOTE[15:34:39,776]: waitforlogentry(): start_xserver(): Waiting for logentry "readyforX=ready" in store.info DEBUGNOTE[15:34:39,782]: Running xtermrc: Ask for password if needed (no) DEBUGNOTE[15:34:39,805]: Running dockerrc: Setup as root or as user docker on host. DEBUGNOTE[15:34:39,903]: dockerrc: Found default Runtime: runc DEBUGNOTE[15:34:39,917]: dockerrc: All Runtimes: runc DEBUGNOTE[15:34:39,931]: dockerrc: Container Runtime: runc DEBUGNOTE[15:34:39,945]: storeinfo(): runtime=runc DEBUGNOTE[15:34:40,069]: dockerrc: Image CMD: /usr/local/bin/Browser/start-tor-browser --log /dev/stdout DEBUGNOTE[15:34:40,082]: dockerrc: Image USER: user 1 #! /bin/sh 2 3 # containerrc 4 # Created startscript for docker run used as container command. 5 # Runs as unprivileged user in container. 6 7 exec 6>&1 7>&2 8 exec >>/x11docker/container.log 2>&1 9 10 mysleep () 11 { 12 sleep "${1:-1}" 2> /dev/null || sleep 1 13 } 14 rocknroll () 15 { 16 [ -s "$Timetosaygoodbyefile" ] && return 1; 17 [ -e "$Timetosaygoodbyefile" ] || return 1; 18 return 0 19 } 20 saygoodbye () 21 { 22 debugnote "time to say goodbye ($)"; 23 [ -e "$Timetosaygoodbyefile" ] && echo timetosaygoodbye >> $Timetosaygoodbyefile; 24 [ -e "$Timetosaygoodbyefifo" ] && echo timetosaygoodbye >> $Timetosaygoodbyefifo 25 } 26 storeinfo () 27 { 28 [ -e "$Storeinfofile" ] || return 1; 29 case "${1:-}" in 30 dump) 31 grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//" 32 ;; 33 drop) 34 sed -i "/^${2:-}=/d" $Storeinfofile 35 ;; 36 test) 37 grep -q "^${2:-}=" $Storeinfofile 38 ;; 39 ) 40 debugnote "storeinfo(): ${1:-}"; 41 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 42 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile 43 }; 44 echo "${1:-}" >> $Storeinfofile 45 ;; 46 esac 47 } 48 waitforlogentry () 49 { 50 local Startzeit Uhrzeit Dauer Count=0 Schlaf; 51 local Errorkeys="${4:-}"; 52 local Warten="${5:-60}"; 53 Startzeit="$(date +%s ||:)"; 54 Startzeit="${Startzeit:-0}"; 55 [ "$Warten" = "infinity" ] && Warten=32000; 56 debugnote "waitforlogentry(): ${1:-}: Waiting for logentry \"${3:-}\" in $(basename ${2:-})"; 57 while ! grep -q "${3:-}" < "${2:-}"; do 58 Count="$(( $Count + 1 ))"; 59 Uhrzeit="$(date +%s ||:)"; 60 Uhrzeit="${Uhrzeit:-0}"; 61 Dauer="$(( $Uhrzeit - $Startzeit ))"; 62 Schlaf="$(( $Count / 10 ))"; 63 [ "$Schlaf" = "0" ] && Schlaf="0.5"; 64 mysleep "$Schlaf"; 65 [ "$Dauer" -gt "10" ] && debugnote "waitforlogentry(): ${1:-}: Waiting since ${Dauer}s for log entry \"${3:-}\" in $(basename ${2:-})"; 66 [ "$Dauer" -gt "$Warten" ] && error "waitforlogentry(): ${1:-}: Timeout waiting for entry \"${3:-}\" in $(basename ${2:-}) 67 Last lines of $(basename ${2:-}): 68 $(tail "${2:-}")"; 69 [ "$Errorkeys" ] && grep -i -q -E "$Errorkeys" < "${2:-}" && error "waitforlogentry(): ${1:-}: Found error message in logfile. 70 Last lines of logfile $(basename ${2:-}): 71 $(tail "${2:-}")"; 72 rocknroll || { 73 debugnote "waitforlogentry(): ${1:-}: Stopped waiting for ${3:-} in $(basename ${2:-}) due to terminating signal."; 74 return 1 75 }; 76 done; 77 debugnote "waitforlogentry(): ${1:-}: Found log entry \"${3:-}\" in $(basename ${2:-})."; 78 return 0 79 } 80 calculate() { 81 LC_ALL=C printf %.3f\n "$((10*9 $@))e-9" 82 } 83 84 warning() { 85 echo "$:WARNING" | sed "s/\$/ /" >>$Messagefile 86 } 87 note() { 88 echo "$:NOTE" | sed "s/\$/ /" >>$Messagefile 89 } 90 verbose() { 91 echo "$:VERBOSE" | sed "s/\$/ /" >>$Messagefile 92 } 93 debugnote() { 94 echo "$:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile 95 } 96 error() { 97 echo "$:ERROR" | sed "s/\$/ /" >>$Messagefile 98 exit 64 99 } 100 stdout() { 101 echo "$:STDOUT" | sed "s/\$/ /" >>$Messagefile 102 } 103 Messagefile=/x11docker/message.fifo 104 Storeinfofile=/x11docker/store.info 105 Timetosaygoodbyefile=/x11docker/timetosaygoodbye 106 107 waitforlogentry containerrc $Storeinfofile containerrootrc=ready infinity 108 debugnote "Running containerrc: Unprivileged user commands in container" 109 110 Containercommand="/usr/local/bin/Browser/start-tor-browser --log /dev/stdout" 111 Entrypoint="/bin/bash" 112 113 verbose "containerrc: Container system: 114 $(cat /etc/os-release 2>&1 ||:)" 115 116 117 # USER and HOME 118 Containeruser="$(storeinfo dump containeruser)" 119 Containeruserhome="/home.tmp/jaymedina" 120 export USER="$Containeruser" 121 export HOME="$Containeruserhome" 122 123 # XDG_RUNTIME_DIR 124 Containeruseruid=$(id -u $Containeruser) 125 export XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR 126 [ -e /run/user/$Containeruseruid ] && ln -s /run/user/$Containeruseruid $XDG_RUNTIME_DIR || mkdir -p -m700 $XDG_RUNTIME_DIR 127 128 # Copy files from /etc/skel into empty HOME 129 [ -d /etc/skel ] && [ -z "$(ls -A "$Containeruserhome" 2>/dev/null | grep -v gnupg)" ] && { 130 debugnote "containerrc: HOME is empty. Copying from /etc/skel" 131 cp -n -R /etc/skel/. $Containeruserhome 132 : 133 } || { 134 debugnote "containerrc: HOME is not empty. Not copying from /etc/skel" 135 } 136 137 # Create softlink to X unix socket 138 [ -e /tmp/.X11-unix/X105 ] || ln -s /X105 /tmp/.X11-unix 139 140 unset WAYLAND_DISPLAY 141 142 export XDG_SESSION_TYPE=x11 143 144 145 export TERM=xterm 146 storeinfo test locale && export LANG="$(storeinfo dump locale)" 147 [ -e "/usr/share/zoneinfo/America/Chicago" ] || export TZ=UTC+05 148 [ "$(date -Ihours)" != "2020-08-04T15-05:00" ] && export TZ=UTC+05 149 [ "$DEBIAN_FRONTEND" = noninteractive ] && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND 150 [ "$DEBIAN_FRONTEND" = newt ] && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND 151 # container environment (--env) 152 export 'container=docker' 153 export 'NO_AT_BRIDGE=1' 154 export 'GTK_CSD=0' 155 export 'GTK_OVERLAY_SCROLLING=0' 156 export 'MWWM=allwm' 157 export 'MWNO_RIT=true' 158 export 'MWNOCAPTURE=true' 159 export 'QT_X11_NO_NATIVE_MENUBAR=1' 160 export 'UBUNTU_MENUPROXY=' 161 export 'XAUTHORITY=/x11docker/Xauthority.client' 162 export 'DISPLAY=:105' 163 export 'XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR' 164 165 env >> /x11docker/container.environment 166 verbose "Container environment: 167 $(env | sort)" 168 169 cd "$HOME" 170 [ -d "/home/user" ] && cd "/home/user" # WORKDIR in image 171 172 debugnote "containerrc: Running container command: 173 $Dbus /bin/bash /usr/local/bin/Browser/start-tor-browser --log /dev/stdout 174 " 175 176 exec 1>&6 2>&7 6>&- 7>&- 177 $Dbus /bin/bash /usr/local/bin/Browser/start-tor-browser --log /dev/stdout >>/x11docker/stdout 2>>/x11docker/stderr 178 storeinfo cmdexitcode=$? x11docker note: Found 'USER user' in image. If you want to run with user user instead of host user jaymedina, than run with --user=RETAIN.

DEBUGNOTE[15:34:40,113]: storeinfo(): containeruser=jaymedina DEBUGNOTE[15:34:40,125]: dockerrc: Image ENTRYPOINT: /bin/bash DEBUGNOTE[15:34:40,138]: dockerrc: Image WORKDIR: /home/user x11docker note: Found 'WORKDIR /home/user' in image.
You can change it with option --workdir=DIR.

DEBUGNOTE[15:34:40,169]: storeinfo(): readyforX=ready DEBUGNOTE[15:34:40,184]: waitforlogentry(): dockerrc: Waiting for logentry "xinitrc is ready" in xinit.log DEBUGNOTE[15:34:40,298]: waitforlogentry(): start_xserver(): Found log entry "readyforX=ready" in store.info. DEBUGNOTE[15:34:40,309]: waitforlogentry(): xpra: Waiting for logentry "xinitrc=ready" in store.info DEBUGNOTE[15:34:40,316]: storepid(): Stored pid '663998' of 'xpraloop': 663998 pts/2 00:00:00 bash

==> /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/xinit.log <==

/usr/lib/Xorg.wrap: Only console users are allowed to run the X server

==> /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/message.log <== DEBUGNOTE[15:34:40,646]: waitforlogentry(): start_docker(): Waiting for logentry "dockerrc=ready" in store.info x11docker ERROR: waitforlogentry(): dockerrc: Found error message in logfile. Last lines of logfile xinit.log:

/usr/lib/Xorg.wrap: Only console users are allowed to run the X server

Type 'x11docker --help' for usage information Debug options: '--verbose' (full log) or '--debug' (log excerpt). Logfile will be: /home/jaymedina/.cache/x11docker/x11docker.log Please report issues at https://github.com/mviereck/x11docker

DEBUGNOTE[15:34:40,660]: time to say goodbye (error) DEBUGNOTE[15:34:40,665]: storeinfo(): error=64 DEBUGNOTE[15:34:40,674]: time to say goodbye (finish-subshell) DEBUGNOTE[15:34:40,829]: waitforlogentry(): xpra: Stopped waiting for xinitrc=ready in store.info due to terminating signal. DEBUGNOTE[15:34:41,034]: time to say goodbye (watchpidlist) DEBUGNOTE[15:34:41,049]: waitforlogentry(): tailstdout: Stopped waiting for x11docker=ready in store.info due to terminating signal. DEBUGNOTE[15:34:41,049]: waitforlogentry(): tailstderr: Stopped waiting for x11docker=ready in store.info due to terminating signal. DEBUGNOTE[15:34:41,162]: waitforlogentry(): start_docker(): Stopped waiting for dockerrc=ready in store.info due to terminating signal. DEBUGNOTE[15:34:41,175]: watchpidlist(): Setting pid NOPID on watchlist: pid1pid DEBUGNOTE[15:34:41,187]: storepid(): Stored pid 'NOPID' of 'pid1pid': DEBUGNOTE[15:34:41,208]: watchpidlist(): Setting pid 664017 on watchlist: xinit DEBUGNOTE[15:34:41,229]: storepid(): Stored pid '664017' of 'xinit': 664017 ? 00:00:00 xinit DEBUGNOTE[15:34:41,306]: Process tree of x11docker: bash(662364)-+-bash(662841)---tail(662843) |-bash(662842)---tail(662845) |-bash(662844)---tail(664096) |-bash(662846)---tail(664097) |-bash(663668)---bash(664147)---pstree(664148) `-su(664015)---bash(664016)---xinit(664017)---Xorg.wrap(664018)

DEBUGNOTE[15:34:41,311]: storeinfo(): Stored info: cache=/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269 stdout=/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/stdout stderr=/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/stderr x11dockerpid=662364 xserver=--xpra DISPLAY=:105 XAUTHORITY=/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X105 XDG_RUNTIME_DIR= Xenv= DISPLAY=:105 XAUTHORITY=/home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X105 XDG_RUNTIME_DIR= tini=/usr/bin/docker-init containername=x11docker_X105_jess-tor-browser_73276867269 runtime=runc containeruser=jaymedina readyforX=ready xtermrc=ready error=64 DEBUGNOTE[15:34:41,317]: storepid(): Stored pids: 662876 watchpidlist 662883 watchmessagefifo 663668 containershell 663998 xpraloop NOPID pid1pid 664017 xinit DEBUGNOTE[15:34:41,320]: storeinfo(): x11docker=ready

==> /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/xinit.log <== xinit: giving up xinit: unable to connect to X server: Connection refused xinit: server error

==> /home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/message.log <== DEBUGNOTE[15:34:55,335]: time to say goodbye (main) DEBUGNOTE[15:34:55,340]: Terminating x11docker. DEBUGNOTE[15:34:55,344]: time to say goodbye (finish) DEBUGNOTE[15:34:55,380]: finish(): Checking pid 664017 (xinit): (already gone) DEBUGNOTE[15:34:55,402]: finish(): Checking pid NOPID (pid1pid): (already gone) DEBUGNOTE[15:34:55,434]: finish(): Checking pid 663998 (xpraloop): (already gone) DEBUGNOTE[15:34:55,466]: finish(): Checking pid 663668 (containershell): (already gone) DEBUGNOTE[15:34:55,496]: finish(): Checking pid 662883 (watchmessagefifo): (already gone) DEBUGNOTE[15:34:55,525]: finish(): Checking pid 662876 (watchpidlist): (already gone) DEBUGNOTE[15:34:55,613]: x11docker exit code: 64

x11docker.log

Attached file of full log above (I hope). Log file referenced here: home/jaymedina/.cache/x11docker/jess-tor-browser-73276867269/xinit.log does not exist. The directory /jess-tor-browser-72327... isn't there.

mviereck commented 4 years ago

Your log shows a different error message than the ticket title:


x11docker ERROR: waitforlogentry(): dockerrc: Found error message in logfile. 
  Last lines of logfile xinit.log: 

/usr/lib/Xorg.wrap: Only console users are allowed to run the X server

  Type 'x11docker --help' for usage information
  Debug options: '--verbose' (full log) or '--debug' (log excerpt).
  Logfile will be: /home/jaymedina/.cache/x11docker/x11docker.log
  Please report issues at https://github.com/mviereck/x11docker

x11docker also gives a hint how to solve this:


x11docker note: Option --xpra: Xvfb not found. 
  Will try to use dummy video driver Xdummy.
  If you encounter xpra startup errors, please install 'Xvfb'.
  You can look for the package name of this command at: 
 https://github.com/mviereck/x11docker/wiki/dependencies#table-of-all-packages

Both messages should appear even without --verbose. Do they appear?

Please install Xvfb and try again.

thisisjaymedina commented 4 years ago

Sorry about that, looks like I conflated the error from the DX11 overlay. I installed Xvrfb and it worked! Thank you so much for your help. Apologies once again for confusing error messages.

mviereck commented 4 years ago

Great that it works now! You're welcome.