x11docker crash when using --podman with --share=""

[kevinsmia1939]

Operating System: openSUSE Tumbleweed 20210223 KDE Plasma Version: 5.21.0 KDE Frameworks Version: 5.79.0 Qt Version: 5.15.2 Kernel Version: 5.10.16-1-default OS Type: 64-bit Graphics Platform: X11 Processors: 8 × Intel® Core™ i7-3770 CPU @ 3.40GHz Memory: 7.5 GiB of RAM Graphics Processor: Mesa DRI Intel® HD Graphics 4000

If --share="" is remove, x11docker does not crash. Create Dockerfile with this content

FROM ubuntu:18.04
RUN apt-get -y update
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install avogadro openbox
CMD ["avogadro"]

Build image podman build . -t avogadro

Start container, x11docker --wm --size "1280x800" --clipboard --home="" --share="" --podman --verbose -- -- avogadro

Error

cat: /proc/sys/kernel/unprivileged_userns_clone: No such file or directory
==> /home/kev/.cache/x11docker/avogadro-10558694368/share/stderr <==

==> /home/kev/.cache/x11docker/avogadro-10558694368/share/stdout <==

==> /home/kev/.cache/x11docker/avogadro-10558694368/share/container.log <==

==> /home/kev/.cache/x11docker/avogadro-10558694368/message.log <==

x11docker note: Option --podman: experimental option.
  Please report issues at: https://github.com/mviereck/x11docker/issues/255

DEBUGNOTE[21:55:58,819]: check_host(): ps can watch root processes: yes
x11docker[21:55:58,824]: Image name: avogadro
  Container command: 

DEBUGNOTE[21:55:58,840]: host user: kev 1000:100 /home/kev
DEBUGNOTE[21:55:58,984]: storeinfo(): cache=/home/kev/.cache/x11docker/avogadro-10558694368
DEBUGNOTE[21:55:58,989]: storeinfo(): stdout=/home/kev/.cache/x11docker/avogadro-10558694368/share/stdout
DEBUGNOTE[21:55:58,993]: storeinfo(): stderr=/home/kev/.cache/x11docker/avogadro-10558694368/share/stderr
DEBUGNOTE[21:55:59,006]: storeinfo(): x11dockerpid=2693
DEBUGNOTE[21:55:59,038]: 
x11docker version: 6.7.0
docker version:    podman version 2.2.1
Host system:       "openSUSE Tumbleweed"
Host architecture: amd64 (x86_64)
Command:           '/usr/bin/x11docker' '--wm' '--size' '1280x800' '--clipboard' '--home=' '--share=' '--podman' '--verbose' '--' '--' 'avogadro' 
Parsed options:     --wm '' --size '1280x800' --clipboard --home '' --share '' --podman --verbose -- '--' 'avogadro'
DEBUGNOTE[21:55:59,040]: Dependency check for --xephyr: 0
DEBUGNOTE[21:55:59,043]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[21:55:59,044]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[21:55:59,046]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[21:55:59,048]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[21:55:59,049]: Dependencies of --xephyr already checked: 0 
x11docker note: Using X server option --xephyr

DEBUGNOTE[21:55:59,051]: storeinfo(): xserver=--xephyr
x11docker note: Sharing picture clips with option --clipboard
  is only possible with options --xpra, --xpra-xwayland and --hostdisplay.

DEBUGNOTE[21:55:59,066]: container user: kev 1000:100 /home/kev
x11docker[21:55:59,073]: Sharing directory /home/kev/.local/share/x11docker/avogadro
  with container as its home directory /home/kev

==> /home/kev/.cache/x11docker/avogadro-10558694368/xinit.log <==

==> /home/kev/.cache/x11docker/avogadro-10558694368/share/stderr <==

==> /home/kev/.cache/x11docker/avogadro-10558694368/share/stdout <==

==> /home/kev/.cache/x11docker/avogadro-10558694368/share/container.log <==

==> /home/kev/.cache/x11docker/avogadro-10558694368/message.log <==

x11docker note: Option --podman: experimental option.
  Please report issues at: https://github.com/mviereck/x11docker/issues/255

DEBUGNOTE[21:55:58,819]: check_host(): ps can watch root processes: yes
x11docker[21:55:58,824]: Image name: avogadro
  Container command: 

DEBUGNOTE[21:55:58,840]: host user: kev 1000:100 /home/kev
DEBUGNOTE[21:55:58,984]: storeinfo(): cache=/home/kev/.cache/x11docker/avogadro-10558694368
DEBUGNOTE[21:55:58,989]: storeinfo(): stdout=/home/kev/.cache/x11docker/avogadro-10558694368/share/stdout
DEBUGNOTE[21:55:58,993]: storeinfo(): stderr=/home/kev/.cache/x11docker/avogadro-10558694368/share/stderr
DEBUGNOTE[21:55:59,006]: storeinfo(): x11dockerpid=2693
DEBUGNOTE[21:55:59,038]: 
x11docker version: 6.7.0
docker version:    podman version 2.2.1
Host system:       "openSUSE Tumbleweed"
Host architecture: amd64 (x86_64)
Command:           '/usr/bin/x11docker' '--wm' '--size' '1280x800' '--clipboard' '--home=' '--share=' '--podman' '--verbose' '--' '--' 'avogadro' 
Parsed options:     --wm '' --size '1280x800' --clipboard --home '' --share '' --podman --verbose -- '--' 'avogadro'
DEBUGNOTE[21:55:59,040]: Dependency check for --xephyr: 0
DEBUGNOTE[21:55:59,043]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[21:55:59,044]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[21:55:59,046]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[21:55:59,048]: Dependencies of --xephyr already checked: 0 
DEBUGNOTE[21:55:59,049]: Dependencies of --xephyr already checked: 0 
x11docker note: Using X server option --xephyr

DEBUGNOTE[21:55:59,051]: storeinfo(): xserver=--xephyr
x11docker note: Sharing picture clips with option --clipboard
  is only possible with options --xpra, --xpra-xwayland and --hostdisplay.

DEBUGNOTE[21:55:59,066]: container user: kev 1000:100 /home/kev
x11docker[21:55:59,073]: Sharing directory /home/kev/.local/share/x11docker/avogadro
  with container as its home directory /home/kev

==> /home/kev/.cache/x11docker/avogadro-10558694368/xinit.log <==

==> /home/kev/.cache/x11docker/avogadro-10558694368/message.log <==
DEBUGNOTE[21:55:59,087]: waitforlogentry(): tailstderr: Waiting for logentry "x11docker=ready" in store.info
DEBUGNOTE[21:55:59,088]: waitforlogentry(): tailstdout: Waiting for logentry "x11docker=ready" in store.info
DEBUGNOTE[21:55:59,099]: storepid(): Stored pid '3218' of 'watchpidlist':  3218 pts/4    00:00:00 bash
DEBUGNOTE[21:55:59,110]: storepid(): Stored pid '3231' of 'watchmessagefifo':  3231 pts/4    00:00:00 bash
x11docker[21:55:59,151]: Virtual screen size: 1280x800

x11docker[21:55:59,155]: Physical screen size:
  Screen 0: minimum 8 x 8, current 1920 x 1080, maximum 32767 x 32767

x11docker[21:55:59,163]: Detected host window manager: openbox --sm-disable --config-file /home/kev/.cache/x11docker/avogadro-10558694368/share/openbox-nomenu.rc

DEBUGNOTE[21:55:59,187]: storeinfo(): DISPLAY=:120
DEBUGNOTE[21:55:59,191]: storeinfo(): XAUTHORITY=/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client
DEBUGNOTE[21:55:59,196]: storeinfo(): XSOCKET=/tmp/.X11-unix/X120
DEBUGNOTE[21:55:59,200]: storeinfo(): XDG_RUNTIME_DIR=/run/user/1000
DEBUGNOTE[21:55:59,204]: storeinfo(): Xenv= DISPLAY=:120 XAUTHORITY=/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X120 XDG_RUNTIME_DIR=/run/user/1000
DEBUGNOTE[21:55:59,220]: X server command:
  /usr/bin/Xephyr :120  \
  -retro \
  +extension RANDR \
  +extension RENDER \
  +extension GLX \
  +extension XVideo \
  +extension DOUBLE-BUFFER \
  +extension SECURITY \
  +extension DAMAGE \
  +extension X-Resource \
  -extension XINERAMA -xinerama \
  -extension MIT-SHM \
  +extension Composite +extension COMPOSITE \
  -extension XTEST -tst \
  -dpms \
  -s off \
  -auth /home/kev/.cache/x11docker/avogadro-10558694368/Xauthority.server \
  -nolisten tcp \
  -dpi 96 \
  -resizeable \
  -noxv \
  -screen 1280x800 \

x11docker[21:55:59,318]: --init: Found tini binary: /usr/bin/catatonit

DEBUGNOTE[21:55:59,320]: storeinfo(): tini=/usr/bin/catatonit
DEBUGNOTE[21:55:59,325]: Users and terminal:
  x11docker was started by:                       kev
  As host user serves (running X, storing cache): kev
  Container user will be:                         kev
  Container user password:                        x11docker
  Getting permission to run docker with:          eval 
  Terminal for password frontend:                 bash -c
  Running in a terminal:                          yes
  Running on console:                             no
  Running over SSH:                               no
  Running sourced:                                no
  bash $-:                                        hB
DEBUGNOTE[21:55:59,327]: storeinfo(): containername=x11docker_X120_avogadro_10558694368
DEBUGNOTE[21:55:59,474]: Docker command:
  podman run --tty --detach \
  --name x11docker_X120_avogadro_10558694368 \
  --user 1000:100 \
  --userns=keep-id \
  --cap-drop ALL \
  --cap-add CHOWN \
  --security-opt no-new-privileges \
  --security-opt label=type:container_runtime_t \
  --volume '/usr/bin/catatonit':'/usr/local/bin/init':ro \
  --tmpfs /run --tmpfs /run/lock \
  --volume '/home/kev/.cache/x11docker/avogadro-10558694368/share':'/x11docker':rw \
  --volume '/home/kev/.local/share/x11docker/avogadro':'/home/kev':rw \
  --volume '':'/':rw \
  --volume '/tmp/.X11-unix/X120':'/X120':rw \
  --workdir '/tmp' \
  --entrypoint env \
  --env 'container=docker' \
  --env 'XAUTHORITY=/x11docker/Xauthority.client' \
  --env 'DISPLAY=:120' \
  --env 'USER=kev' \
  -- avogadro /usr/local/bin/init -- /bin/sh - /x11docker/containerrc
x11docker[21:55:59,586]: Generated dockerrc:
     1  #! /usr/bin/env bash
     2
     3  # dockerrc:
     4  #  This script runs as root (or member of group docker) on host.
     5  #  - inspect image
     6  #  - pull image if needed
     7  #  - create containerrc
     8  #  - set up systemd/elogind cgroup if needed
     9  #  - run window manager in container or from host if needed
    10
    11  trap '' SIGINT
    12
    13  askyesno () 
    14  { 
    15      local Choice;
    16      read -t60 -n1 -p "(timeout after 60s assuming no) [Y|n]" Choice;
    17      [ "$?" = '0' ] && { 
    18          [[ "$Choice" == [YyJj]* ]] || [ -z "$Choice" ] && return 0
    19      };
    20      return 1
    21  }
    22  checkpid () 
    23  { 
    24      [ -e "/proc/${1:-NONSENSE}" ]
    25  }
    26  escapestring () 
    27  { 
    28      echo "${1:-}" | LC_ALL=C sed -e 's/[^a-zA-Z0-9,._+@=:/-]/\\&/g; '
    29  }
    30  mysleep () 
    31  { 
    32      sleep "${1:-1}" 2> /dev/null || sleep 1
    33  }
    34  pspid () 
    35  { 
    36      LC_ALL=C ps -p "${1:-}" 2> /dev/null | grep -v 'TIME'
    37  }
    38  rmcr () 
    39  { 
    40      case "${1:-}" in 
    41          "")
    42              sed "s/$(printf "\r")//g"
    43          ;;
    44          *)
    45              sed -i "s/$(printf "\r")//g" "${1:-}"
    46          ;;
    47      esac
    48  }
    49  rocknroll () 
    50  { 
    51      [ -s "$Timetosaygoodbyefile" ] && return 1;
    52      [ -e "$Timetosaygoodbyefile" ] || return 1;
    53      return 0
    54  }
    55  saygoodbye () 
    56  { 
    57      debugnote "time to say goodbye ($*)";
    58      [ -e "$Timetosaygoodbyefile" ] && echo timetosaygoodbye >> $Timetosaygoodbyefile;
    59      [ -e "$Timetosaygoodbyefifo" ] && echo timetosaygoodbye >> $Timetosaygoodbyefifo
    60  }
    61  storeinfo () 
    62  { 
    63      [ -e "$Storeinfofile" ] || return 1;
    64      case "${1:-}" in 
    65          dump)
    66              grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//"
    67          ;;
    68          drop)
    69              sed -i "/^${2:-}=/d" $Storeinfofile
    70          ;;
    71          test)
    72              grep -q "^${2:-}=" $Storeinfofile
    73          ;;
    74          *)
    75              debugnote "storeinfo(): ${1:-}";
    76              grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 
    77                  sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile
    78              };
    79              echo "${1:-}" >> $Storeinfofile
    80          ;;
    81      esac
    82  }
    83  storepid () 
    84  { 
    85      case "${1:-}" in 
    86          dump)
    87              grep -w "${2:-}" "$Storepidfile" | cut -d' ' -f1
    88          ;;
    89          test)
    90              grep -q -w "${2:-}" "$Storepidfile"
    91          ;;
    92          *)
    93              echo "${1:-NOPID}" "${2:-NONAME}" >> "$Storepidfile";
    94              debugnote "storepid(): Stored pid '${1:-}' of '${2:-}': $(pspid ${1:-} ||:)"
    95          ;;
    96      esac
    97  }
    98  waitforlogentry () 
    99  { 
   100      local Startzeit Uhrzeit Dauer Count=0 Schlaf;
   101      local Errorkeys="${4:-}";
   102      local Warten="${5:-60}";
   103      local Error=;
   104      Startzeit="$(date +%s ||:)";
   105      Startzeit="${Startzeit:-0}";
   106      [ "$Warten" = "infinity" ] && Warten=32000;
   107      debugnote "waitforlogentry(): ${1:-}: Waiting for logentry \"${3:-}\" in $(basename ${2:-})";
   108      while ! grep -q "${3:-}" < "${2:-}"; do
   109          Count="$(( $Count + 1 ))";
   110          Uhrzeit="$(date +%s ||:)";
   111          Uhrzeit="${Uhrzeit:-0}";
   112          Dauer="$(( $Uhrzeit - $Startzeit ))";
   113          Schlaf="$(( $Count / 10 ))";
   114          [ "$Schlaf" = "0" ] && Schlaf="0.5";
   115          mysleep "$Schlaf";
   116          [ "$Dauer" -gt "10" ] && debugnote "waitforlogentry(): ${1:-}: Waiting since ${Dauer}s for log entry \"${3:-}\" in $(basename ${2:-})";
   117          [ "$Dauer" -gt "$Warten" ] && error "waitforlogentry(): ${1:-}: Timeout waiting for entry \"${3:-}\" in $(basename ${2:-})
   118    Last lines of $(basename ${2:-}):
   119  $(tail "${2:-}")";
   120          [ "$Errorkeys" ] && grep -i -q -E "$Errorkeys" < "${2:-}" && error "waitforlogentry(): ${1:-}: Found error message in logfile.
   121    Last lines of logfile $(basename ${2:-}):
   122  $(tail "${2:-}")";
   123          rocknroll || { 
   124              debugnote "waitforlogentry(): ${1:-}: Stopped waiting for ${3:-} in $(basename ${2:-}) due to terminating signal.";
   125              Error=1;
   126              break
   127          };
   128      done;
   129      [ "$Error" ] && return 1;
   130      debugnote "waitforlogentry(): ${1:-}: Found log entry \"${3:-}\" in $(basename ${2:-}).";
   131      return 0
   132  }
   133
   134  warning() {
   135    echo "$*:WARNING"   | sed "s/\$/ /" >>$Messagefile
   136  }
   137  note() {
   138    echo "$*:NOTE"      | sed "s/\$/ /" >>$Messagefile
   139  }
   140  verbose() {
   141    echo "$*:VERBOSE"   | sed "s/\$/ /" >>$Messagefile
   142  }
   143  debugnote() {
   144    echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile
   145  }
   146  error() {
   147    echo "$*:ERROR"     | sed "s/\$/ /" >>$Messagefile
   148    exit 64
   149  }
   150  stdout() {
   151    echo "$*:STDOUT"    | sed "s/\$/ /" >>$Messagefile
   152  }
   153
   154  Containercommand=""
   155  Imagename="avogadro"
   156  Messagefile='/home/kev/.cache/x11docker/avogadro-10558694368/share/message.fifo'
   157  Newxenv=' DISPLAY=:120 XAUTHORITY=/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X120 XDG_RUNTIME_DIR=/run/user/1000'
   158  export PATH='/home/kev/bin:/usr/local/bin:/usr/bin:/bin:/sbin:/usr/sbin:/usr/local/games:/usr/games'
   159  Storeinfofile='/home/kev/.cache/x11docker/avogadro-10558694368/share/store.info'
   160  Storepidfile='/home/kev/.cache/x11docker/avogadro-10558694368/store.pids'
   161  Timetosaygoodbyefile='/home/kev/.cache/x11docker/avogadro-10558694368/share/timetosaygoodbye'
   162  Timetosaygoodbyefifo='/home/kev/.cache/x11docker/avogadro-10558694368/share/timetosaygoodbye.fifo'
   163  Xserver='--xephyr'
   164  Workdir=''
   165
   166  Containerarchitecture=
   167  Containerid=
   168  Containerip=
   169  Dockerlogspid=''
   170  Dockerpull=
   171  Exec=
   172  Entrypoint=
   173  Failure=
   174  Imageuser=
   175  Inspect=
   176  Line=
   177  Pid1pid=
   178  Runtime=
   179  Signal=
   180  Windowmanagermode=
   181  Windowmanagercommand=
   182  Wmcontainerid=
   183  Wmdockercommand=
   184  debugnote 'Running dockerrc: Setup as root or as user docker on host.'
   185
   186
   187  # Check whether docker daemon is running, get docker info
   188  podman info >>/home/kev/.cache/x11docker/avogadro-10558694368/docker.info 2>>/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log  || {
   189    error "Calling docker daemon failed.
   190    Is docker daemon running at all?
   191    Try to start docker daemon with:   systemctl start docker
   192    Last lines of log:
   193  $(rmcr < '/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log' | tail)"
   194  }
   195
   196  # Check default runtime
   197  Runtime="$( { grep 'Default Runtime' < '/home/kev/.cache/x11docker/avogadro-10558694368/docker.info' ||: ;} | awk '{print $3}' )"
   198  debugnote "dockerrc: Found default Runtime: $Runtime"
   199  debugnote "dockerrc: All $(grep 'Runtimes' < '/home/kev/.cache/x11docker/avogadro-10558694368/docker.info' ||: )"
   200  [ "$Runtime" != '' ] && {
   201    case $Runtime in
   202      kata-runtime)  warning 'Found default docker runtime kata-runtime.
   203    Please run x11docker with --runtime=kata-runtime to avoid issues.' ;;
   204      nvidia) [ 'no' = 'yes' ] &&  warning 'Option --gpu: Found default docker runtime nvidia.
   205    Please run x11docker with --runtime=nvidia to avoid issues.' ;;
   206      runc|crun|oci) ;;
   207      *) note "Found unknown container runtime: $Runtime
   208    Please report at:  https://github.com/mviereck/x11docker" ;;
   209    esac
   210  }
   211  debugnote "dockerrc: Container Runtime: $Runtime"
   212  storeinfo "runtime=$Runtime"
   213
   214  # Refresh images.list for x11docker-gui
   215  podman images 2>>/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log | grep -v REPOSITORY | awk '{print $1 ":" $2}' >>/home/kev/.cache/x11docker/docker.imagelist.sort
   216  rmcr /home/kev/.cache/x11docker/docker.imagelist.sort
   217  while read -r Line ; do
   218    grep -q "<none>" <<<$Line || echo $Line >> /home/kev/.cache/x11docker/docker.imagelist
   219  done < <(sort < /home/kev/.cache/x11docker/docker.imagelist.sort)
   220  rm /home/kev/.cache/x11docker/docker.imagelist.sort
   221
   222  # Check if image avogadro is available locally
   223  Dockerpull=no
   224  grep -x -q 'avogadro' < /home/kev/.cache/x11docker/docker.imagelist || grep -x -q 'avogadro:latest' < /home/kev/.cache/x11docker/docker.imagelist || {
   225    podman inspect avogadro >>/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log 2>&1 || {
   226      echo 'Image avogadro not found locally.' >&2
   227      echo 'Do you want to pull it from docker hub?' >&2
   228      askyesno && Dockerpull=yes || error "Image 'avogadro' not available locally and not pulled from docker hub."
   229    }
   230  }
   231
   232  rocknroll || exit 64
   233
   234  [ "$Dockerpull" = 'yes' ] && {
   235    note "Pulling image 'avogadro' from docker hub"
   236     podman pull avogadro 1>&2 || error "Pulling docker image 'avogadro' seems to have failed!"
   237  }
   238
   239  rocknroll || exit 64
   240
   241  Inspect="$(podman inspect avogadro --format='{{.Config.Entrypoint}}{{.Config.Cmd}}[{{.Config.User}}][{{.Config.WorkingDir}}][{{.Architecture}}]')"
   242
   243  # Check architecture
   244  Containerarchitecture="$(cut -d[ -f6 <<< "$Inspect" | cut -d] -f1)"
   245  debugnote "dockerrc: Image architecture: $Containerarchitecture"
   246  # Check CMD
   247  [ -z "$Containercommand" ] && {
   248    # extract image command from image if not given on cli
   249    Containercommand="$(cut -d] -f2 <<< "$Inspect" | cut -d[ -f2)"
   250    debugnote "dockerrc: Image CMD: $Containercommand"
   251    echo "$Containercommand" | grep -q /x11docker/containerrc && error 'Recursion error: Found CMD /x11docker/containerrc in image.
   252    Did you use docker commit with an x11docker container?
   253    Please build new images with a Dockerfile instead of using docker commit,
   254    or provide a different container command.'
   255  }
   256
   257  # Check USER
   258  Imageuser="$(cut -d[ -f4 <<< "$Inspect" | cut -d] -f1)"
   259  debugnote "dockerrc: Image USER: $Imageuser"
   260  [ "$Imageuser" ] && note "Found 'USER $Imageuser' in image.
   261    If you want to run with user $Imageuser instead of host user kev,
   262    than run with --user=RETAIN."
   263  storeinfo containeruser="kev"
   264
   265  # Check ENTRYPOINT
   266  Entrypoint="$(cut -d] -f1 <<< "$Inspect" | cut -d[ -f2)"
   267  debugnote "dockerrc: Image ENTRYPOINT: $Entrypoint"
   268  echo "$Entrypoint" | grep -qE 'tini|init|systemd' && {
   269    note "There seems to be an init system in ENTRYPOINT of image:
   270      $Entrypoint
   271    Will disable it as x11docker already runs an init with option --tini.
   272    To allow this ENTRYPOINT, run x11docker with option --init=none."
   273    Entrypoint=
   274  }
   275
   276  # Check WORKDIR
   277  Workdir="$(cut -d[ -f5 <<< "$Inspect" | cut -d] -f1)"
   278  debugnote "dockerrc: Image WORKDIR: $Workdir"
   279  [ "$Workdir" ] && note "Found 'WORKDIR $Workdir' in image. 
   280    You can change it with option --workdir=DIR."
   281
   282  [ -z "$Containercommand$Entrypoint" ] && error 'No container command specified and no CMD or ENTRYPOINT found in image.'
   283
   284  ######## Create containerrc ########
   285
   286  { echo '#! /bin/sh'
   287    echo ''
   288    echo '# containerrc'
   289    echo '# Created startscript for docker run used as container command.'
   290    echo '# Runs as unprivileged user in container.'
   291    echo ''
   292    echo ''
   293    echo 'mysleep () 
   294  { 
   295      sleep "${1:-1}" 2> /dev/null || sleep 1
   296  }'
   297    echo 'rocknroll () 
   298  { 
   299      [ -s "$Timetosaygoodbyefile" ] && return 1;
   300      [ -e "$Timetosaygoodbyefile" ] || return 1;
   301      return 0
   302  }'
   303    echo 'saygoodbye () 
   304  { 
   305      debugnote "time to say goodbye ($*)";
   306      [ -e "$Timetosaygoodbyefile" ] && echo timetosaygoodbye >> $Timetosaygoodbyefile;
   307      [ -e "$Timetosaygoodbyefifo" ] && echo timetosaygoodbye >> $Timetosaygoodbyefifo
   308  }'
   309    echo 'storeinfo () 
   310  { 
   311      [ -e "$Storeinfofile" ] || return 1;
   312      case "${1:-}" in 
   313          dump)
   314              grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//"
   315          ;;
   316          drop)
   317              sed -i "/^${2:-}=/d" $Storeinfofile
   318          ;;
   319          test)
   320              grep -q "^${2:-}=" $Storeinfofile
   321          ;;
   322          *)
   323              debugnote "storeinfo(): ${1:-}";
   324              grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 
   325                  sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile
   326              };
   327              echo "${1:-}" >> $Storeinfofile
   328          ;;
   329      esac
   330  }'
   331    echo 'waitforlogentry () 
   332  { 
   333      local Startzeit Uhrzeit Dauer Count=0 Schlaf;
   334      local Errorkeys="${4:-}";
   335      local Warten="${5:-60}";
   336      local Error=;
   337      Startzeit="$(date +%s ||:)";
   338      Startzeit="${Startzeit:-0}";
   339      [ "$Warten" = "infinity" ] && Warten=32000;
   340      debugnote "waitforlogentry(): ${1:-}: Waiting for logentry \"${3:-}\" in $(basename ${2:-})";
   341      while ! grep -q "${3:-}" < "${2:-}"; do
   342          Count="$(( $Count + 1 ))";
   343          Uhrzeit="$(date +%s ||:)";
   344          Uhrzeit="${Uhrzeit:-0}";
   345          Dauer="$(( $Uhrzeit - $Startzeit ))";
   346          Schlaf="$(( $Count / 10 ))";
   347          [ "$Schlaf" = "0" ] && Schlaf="0.5";
   348          mysleep "$Schlaf";
   349          [ "$Dauer" -gt "10" ] && debugnote "waitforlogentry(): ${1:-}: Waiting since ${Dauer}s for log entry \"${3:-}\" in $(basename ${2:-})";
   350          [ "$Dauer" -gt "$Warten" ] && error "waitforlogentry(): ${1:-}: Timeout waiting for entry \"${3:-}\" in $(basename ${2:-})
   351    Last lines of $(basename ${2:-}):
   352  $(tail "${2:-}")";
   353          [ "$Errorkeys" ] && grep -i -q -E "$Errorkeys" < "${2:-}" && error "waitforlogentry(): ${1:-}: Found error message in logfile.
   354    Last lines of logfile $(basename ${2:-}):
   355  $(tail "${2:-}")";
   356          rocknroll || { 
   357              debugnote "waitforlogentry(): ${1:-}: Stopped waiting for ${3:-} in $(basename ${2:-}) due to terminating signal.";
   358              Error=1;
   359              break
   360          };
   361      done;
   362      [ "$Error" ] && return 1;
   363      debugnote "waitforlogentry(): ${1:-}: Found log entry \"${3:-}\" in $(basename ${2:-}).";
   364      return 0
   365  }'
   366    echo '
   367  warning() {
   368    echo "$*:WARNING"   | sed "s/\$/ /" >>$Messagefile
   369  }
   370  note() {
   371    echo "$*:NOTE"      | sed "s/\$/ /" >>$Messagefile
   372  }
   373  verbose() {
   374    echo "$*:VERBOSE"   | sed "s/\$/ /" >>$Messagefile
   375  }
   376  debugnote() {
   377    echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile
   378  }
   379  error() {
   380    echo "$*:ERROR"     | sed "s/\$/ /" >>$Messagefile
   381    exit 64
   382  }
   383  stdout() {
   384    echo "$*:STDOUT"    | sed "s/\$/ /" >>$Messagefile
   385  }'
   386    echo 'Messagefile=/x11docker/message.fifo'
   387    echo 'Storeinfofile=/x11docker/store.info'
   388    echo 'Timetosaygoodbyefile=/x11docker/timetosaygoodbye'
   389    echo ''
   390    echo 'waitforlogentry containerrc $Storeinfofile containerrootrc=ready  infinity'
   391    echo 'debugnote "Running containerrc: Unprivileged user commands in container"'
   392    echo ''
   393    echo "Containercommand=\"$Containercommand\""
   394    echo "Entrypoint=\"$Entrypoint\""
   395    echo ''
   396    echo 'verbose "containerrc: Container system:'
   397    echo '$(cat /etc/os-release 2>&1 ||:)"'
   398    echo ''
   399  } >> /home/kev/.cache/x11docker/avogadro-10558694368/share/containerrc
   400  {
   401    echo ''
   402    echo '# USER and HOME'
   403    echo 'Containeruser="$(storeinfo dump containeruser)"'
   404    echo 'Containeruserhome="/home/kev"'
   405    echo 'export USER="$Containeruser"'
   406    echo 'export HOME="$Containeruserhome"'
   407    echo ''
   408    echo '# XDG_RUNTIME_DIR'
   409    echo 'Containeruseruid=$(id -u $Containeruser)'
   410    echo 'export XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR'
   411    echo '[ -e /run/user/$Containeruseruid ] && ln -s /run/user/$Containeruseruid $XDG_RUNTIME_DIR || mkdir -p -m700 $XDG_RUNTIME_DIR'
   412    echo ''
   413    echo '# Copy files from /etc/skel into empty HOME'
   414    echo '[ -d /etc/skel ] && [ -z "$(ls -A "$Containeruserhome" 2>/dev/null | grep -v -E "gnupg")" ] && {'
   415    echo '  debugnote "containerrc: HOME is empty. Copying from /etc/skel"'
   416    echo '  cp -n -R /etc/skel/. $Containeruserhome'
   417    echo '  :'
   418    echo '} || {'
   419    echo '  debugnote "containerrc: HOME is not empty. Not copying from /etc/skel"'
   420    echo '}'
   421    echo ''
   422    echo '# Create softlink to X unix socket'
   423    echo '[ -e /tmp/.X11-unix/X120 ] || ln -s /X120 /tmp/.X11-unix'
   424    echo ''
   425    echo 'unset WAYLAND_DISPLAY'
   426    echo ''
   427    echo 'export XDG_SESSION_TYPE=x11'
   428    echo ''
   429    echo ''
   430    echo 'export TERM=xterm'
   431    echo 'storeinfo test locale && export LANG="$(storeinfo dump locale)"'
   432    echo '[ -e "/usr/share/zoneinfo/Asia/Bangkok" ] || export TZ=UTC-07'
   433    echo '[ "$(date -Ihours)" != "2021-03-01T21+07:00" ] && export TZ=UTC-07'
   434    echo '[ "$DEBIAN_FRONTEND" = noninteractive ] && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND'
   435    echo '[ "$DEBIAN_FRONTEND" = newt ]           && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND'
   436    echo '# container environment (--env)'
   437    echo "export 'container=docker'"
   438    echo "export 'XAUTHORITY=/x11docker/Xauthority.client'"
   439    echo "export 'DISPLAY=:120'"
   440    echo "export 'USER=kev'"
   441    echo ''
   442    echo 'env >> /x11docker/container.environment'
   443    echo 'verbose "Container environment:'
   444    echo '$(env | sort)"'
   445    echo ''
   446    echo 'cd "$HOME"'
   447    [ "$Workdir" ] && echo "[ -d \"$Workdir\" ] && cd \"$Workdir\"    # WORKDIR in image"
   448    echo ''
   449    echo 'tail -f /x11docker/stdout     2>/dev/null &'
   450    echo 'tail -f /x11docker/stderr >&2 2>/dev/null &'
   451    echo "exec \$Dbus sh /x11docker/cmdrc >>/x11docker/stdout 2>>/x11docker/stderr"
   452  } >> /home/kev/.cache/x11docker/avogadro-10558694368/share/containerrc
   453  ######## End of containerrc ########
   454
   455  # Write containerrc into x11docker.log
   456  nl -ba >> /home/kev/.cache/x11docker/avogadro-10558694368/share/x11docker.log < /home/kev/.cache/x11docker/avogadro-10558694368/share/containerrc
   457
   458  ######## Create cmdrc ########
   459  { echo '#! /bin/sh'
   460    echo '# Created startscript for cmdrc containing final container command'
   461    echo ''
   462    echo 'storeinfo () 
   463  { 
   464      [ -e "$Storeinfofile" ] || return 1;
   465      case "${1:-}" in 
   466          dump)
   467              grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//"
   468          ;;
   469          drop)
   470              sed -i "/^${2:-}=/d" $Storeinfofile
   471          ;;
   472          test)
   473              grep -q "^${2:-}=" $Storeinfofile
   474          ;;
   475          *)
   476              debugnote "storeinfo(): ${1:-}";
   477              grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 
   478                  sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile
   479              };
   480              echo "${1:-}" >> $Storeinfofile
   481          ;;
   482      esac
   483  }'
   484    echo '
   485  warning() {
   486    echo "$*:WARNING"   | sed "s/\$/ /" >>$Messagefile
   487  }
   488  note() {
   489    echo "$*:NOTE"      | sed "s/\$/ /" >>$Messagefile
   490  }
   491  verbose() {
   492    echo "$*:VERBOSE"   | sed "s/\$/ /" >>$Messagefile
   493  }
   494  debugnote() {
   495    echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile
   496  }
   497  error() {
   498    echo "$*:ERROR"     | sed "s/\$/ /" >>$Messagefile
   499    exit 64
   500  }
   501  stdout() {
   502    echo "$*:STDOUT"    | sed "s/\$/ /" >>$Messagefile
   503  }'
   504    echo 'Messagefile=/x11docker/message.fifo'
   505    echo "debugnote \"cmdrc: Running container command: 
   506    $Entrypoint $Containercommand
   507    \""
   508    echo ''
   509    echo "$Entrypoint $Containercommand  "
   510    echo ''
   511    echo '[ -h "$Homesoftlink" ] && rm $Homesoftlink'
   512    echo "storeinfo cmdexitcode=\$?"
   513  } >> /home/kev/.cache/x11docker/avogadro-10558694368/share/cmdrc
   514  ######## End of cmdrc ########
   515
   516  # Write cmdrc into x11docker.log
   517  nl -ba >> /home/kev/.cache/x11docker/avogadro-10558694368/share/x11docker.log < /home/kev/.cache/x11docker/avogadro-10558694368/share/cmdrc
   518
   519  # Send signal to run X and wait for X to be ready
   520  storeinfo readyforX=ready
   521  waitforlogentry 'dockerrc' /home/kev/.cache/x11docker/avogadro-10558694368/xinit.log 'xinitrc is ready' 'xinit: giving up|unable to connect to X server|Connection refused|server error|Only console users are allowed'
   522
   523  rocknroll || exit 64
   524
   525  # run window manager (in image or from host)
   526  Windowmanagermode="container"
   527  Windowmanagercommand="x11docker/openbox sh -c 'openbox --sm-disable --config-file /etc/x11docker/openbox-nomenu.rc'"
   528  Wmdockercommand="podman run --detach \
   529    --name x11docker_X120_avogadro_10558694368_WM \
   530    --user 1999:1999 \
   531    --cap-drop=ALL   --security-opt=no-new-privileges   --security-opt label=type:container_runtime_t \
   532    --volume '/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client':'/x11docker/Xauthority.client':rw \
   533    --volume '/tmp/.X11-unix/X120':'/tmp/.X11-unix/X120':rw \
   534    --env 'XAUTHORITY=/x11docker/Xauthority.client' \
   535    --env 'DISPLAY=:120'"
   536  [ "$Windowmanagermode" = "container" ] && {
   537    podman inspect "$(cut -d' ' -f1 <<<"$Windowmanagercommand")" >>/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log 2>&1 && {
   538      Wmdockercommand="$Wmdockercommand \
   539    -- $Windowmanagercommand"
   540      debugnote "dockerrc: Window manager container: Generated docker command:
   541  $Wmdockercommand"
   542      note "Option --wm: Starting window manager image: x11docker/openbox sh -c 'openbox --sm-disable --config-file /etc/x11docker/openbox-nomenu.rc'"
   543      Wmcontainerid="$(eval $Wmdockercommand)"
   544      [ "$Wmcontainerid" ] && {
   545        debugnote "dockerrc: Window manager container: $Wmcontainerid"
   546        for ((Count=1 ; Count<=10 ; Count++)); do
   547          Pid1pid="$(podman inspect --format '{{.State.Pid}}' $Wmcontainerid 2>>/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log | rmcr)"
   548          debugnote "dockerrc: Window manager container: $Count. check for PID 1: $Pid1pid"
   549          checkpid "$Pid1pid" && break
   550          rocknroll || exit 64
   551          mysleep 0.2
   552        done
   553      }
   554      checkpid "$Pid1pid" && storepid "$Pid1pid" wmcontainerpid1
   555      checkpid "$Pid1pid" || { note "Option --wm: Failed to run window manager image: $Windowmanagercommand." && Windowmanagermode=host ; }
   556    } || {
   557      note "Option --wm: Did not find window manager image
   558        $(cut -d' ' -f1 <<<"$Windowmanagercommand")
   559    to provide a containerized window manager. Please run:
   560        docker pull x11docker/openbox
   561    If you want to use a host window manager instead and avoid this warning,
   562    use option                         --wm=host  or  --wm=COMMAND
   563    or provide a local image with e.g. --wm=x11docker/fvwm
   564    To run without a window manager:   --wm=none  or  --desktop
   565    Fallback: Will try to run a host window manager: openbox --sm-disable --config-file /home/kev/.cache/x11docker/avogadro-10558694368/share/openbox-nomenu.rc"
   566      Windowmanagermode=host
   567    }
   568  }
   569  [ "$Windowmanagermode" = "host" ] && {
   570    command -v openbox --sm-disable --config-file /home/kev/.cache/x11docker/avogadro-10558694368/share/openbox-nomenu.rc >/dev/null || note 'Did not find a host window manager.
   571    Please pull image x11docker/openbox or provide a recommended one:
   572    xfwm4 metacity marco openbox sawfish'
   573    note 'Option --wm: Starting host window manager: openbox --sm-disable --config-file /home/kev/.cache/x11docker/avogadro-10558694368/share/openbox-nomenu.rc'
   574    [ "$(id -u)" = '0' ]  && su kev -c 'env  DISPLAY=:120 XAUTHORITY=/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X120 XDG_RUNTIME_DIR=/run/user/1000 openbox --sm-disable --config-file /home/kev/.cache/x11docker/avogadro-10558694368/share/openbox-nomenu.rc >>/home/kev/.cache/x11docker/avogadro-10558694368/xinit.log 2>&1 & storepid $! windowmanager' || \
   575                                                 env  DISPLAY=:120 XAUTHORITY=/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X120 XDG_RUNTIME_DIR=/run/user/1000 openbox --sm-disable --config-file /home/kev/.cache/x11docker/avogadro-10558694368/share/openbox-nomenu.rc >>/home/kev/.cache/x11docker/avogadro-10558694368/xinit.log 2>&1 & storepid $! windowmanager
   576  }
   577
   578  rocknroll || exit 64
   579
   580
   581  #### run docker image ####
   582  read Containerid < <(podman run --tty --detach \
   583    --name x11docker_X120_avogadro_10558694368 \
   584    --user 1000:100 \
   585    --userns=keep-id \
   586    --cap-drop ALL \
   587    --cap-add CHOWN \
   588    --security-opt no-new-privileges \
   589    --security-opt label=type:container_runtime_t \
   590    --volume '/usr/bin/catatonit':'/usr/local/bin/init':ro \
   591    --tmpfs /run --tmpfs /run/lock \
   592    --volume '/home/kev/.cache/x11docker/avogadro-10558694368/share':'/x11docker':rw \
   593    --volume '/home/kev/.local/share/x11docker/avogadro':'/home/kev':rw \
   594    --volume '':'/':rw \
   595    --volume '/tmp/.X11-unix/X120':'/X120':rw \
   596    --workdir '/tmp' \
   597    --entrypoint env \
   598    --env 'container=docker' \
   599    --env 'XAUTHORITY=/x11docker/Xauthority.client' \
   600    --env 'DISPLAY=:120' \
   601    --env 'USER=kev' \
   602    -- avogadro /usr/local/bin/init -- /bin/sh - /x11docker/containerrc | rmcr)
   603  ##########################
   604
   605
   606  [ "$Containerid" ] || {
   607      error "Startup of docker failed. Did not receive a container ID.
   608      
   609    Last lines of container log:
   610  $(rmcr < /home/kev/.cache/x11docker/avogadro-10558694368/share/container.log | tail)"
   611  }
   612  storeinfo containerid="$Containerid"
   613  # Wait for container to be ready
   614  for ((Count=1 ; Count<=40 ; Count++)); do
   615    podman exec x11docker_X120_avogadro_10558694368 sh -c : 2>&1 | rmcr >>/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log && { debugnote 'dockerrc: Container is up and running.' ; break ; } || debugnote "dockerrc: Container not ready on $Count. attempt, trying again."
   616    rocknroll || exit 64
   617    mysleep 0.1
   618  done
   619
   620  # Wait for pid 1 in container
   621  for ((Count=1 ; Count<=40 ; Count++)); do
   622    Pid1pid="$(podman inspect --format '{{.State.Pid}}' x11docker_X120_avogadro_10558694368 2>>/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log | rmcr)"
   623    debugnote "dockerrc: $Count. check for PID 1: $Pid1pid"
   624    checkpid "$Pid1pid" && break
   625    rocknroll || exit 64
   626    mysleep 0.1
   627  done
   628  [ "$Pid1pid" = "0" ] && Pid1pid=""
   629  [ -z "$Pid1pid" ] && error "dockerrc(): Did not receive PID of PID1 in container.
   630    Maybe the container immediately stopped for unknown reasons.
   631    Just in case, check if host and image architecture are compatible:
   632    Host architecture: amd64 (x86_64), image architecture: $Containerarchitecture.
   633    Output of \"docker ps | grep x11docker\":
   634  $(podman ps | grep x11docker)
   635    
   636    Content of container log:
   637  $(rmcr < /home/kev/.cache/x11docker/avogadro-10558694368/share/container.log | uniq )"
   638  storeinfo pid1pid="$Pid1pid"
   639
   640  # Get IP of container
   641  Containerip="$(podman inspect --format '{{ .NetworkSettings.IPAddress }}' x11docker_X120_avogadro_10558694368 2>>/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log)"
   642  storeinfo containerip=$Containerip
   643
   644  # Check log for startup failure
   645  Failure="$(rmcr < /home/kev/.cache/x11docker/avogadro-10558694368/share/container.log | grep -v grep | grep -E 'Error response from daemon|OCI runtime exec' ||:)"
   646  [ "$Failure" ] && {
   647    echo "$Failure" >>/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log
   648    error "Got error message from docker daemon:
   649  $Failure
   650
   651    Last lines of logfile:
   652  $(tail /home/kev/.cache/x11docker/avogadro-10558694368/share/container.log)"
   653  }
   654
   655  debugnote 'dockerrc(): Starting containerrootrc with privileged docker exec'
   656  # copy containerrootrc inside of container to avoid possible noexec of host home.
   657  podman exec --privileged x11docker_X120_avogadro_10558694368 sh -c 'cp /x11docker/containerrootrc /tmp/containerrootrc ; chmod 644 /tmp/containerrootrc' 2>&1 | rmcr >>/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log
   658  # run container root setup. containerrc will wait until setup script is ready.
   659  podman exec --privileged -u root x11docker_X120_avogadro_10558694368 /bin/sh /tmp/containerrootrc 2>&1 | rmcr >>/home/kev/.cache/x11docker/avogadro-10558694368/share/container.log
   660
   661  storeinfo dockerrc=ready
   662
   663  [ "$Containerid" ] || [ "$Wmcontainerid" ] && {
   664    # wait for signal of finish()
   665    read Signal </home/kev/.cache/x11docker/avogadro-10558694368/dockerrc.stopfifo
   666    [ "$Signal" = "stop" ] && {
   667      [ "$Containerid" ]   && podman stop $Containerid     >> /home/kev/.cache/x11docker/avogadro-10558694368/share/container.log 2>&1 &
   668      [ "$Wmcontainerid" ] && podman stop $Wmcontainerid   >> /home/kev/.cache/x11docker/avogadro-10558694368/share/container.log 2>&1 &
   669      [ "$Dockerlogspid" ] && kill $Dockerlogspid              >> /home/kev/.cache/x11docker/avogadro-10558694368/share/container.log 2>&1 &
   670    }
   671  } & storepid $! dockerstopshell
   672  exit 0

x11docker[21:55:59,626]: Generated containerrootrc:
     1  #! /bin/sh
     2
     3  # containerrootrc
     4  # This Script is executed as root in container.
     5  # - Create container user
     6  # - Time zone
     7  # - Install NVIDIA driver if requested
     8  # - Set up init system services and DBus for --init=systemd|openrc|runit|sysvinit
     9
    10  # redirect output to have it available before 'docker logs' starts. --init=runit (void) would eat up the output at all for unknown reasons.
    11  exec 1>>/x11docker/container.log 2>&1
    12
    13  storeinfo () 
    14  { 
    15      [ -e "$Storeinfofile" ] || return 1;
    16      case "${1:-}" in 
    17          dump)
    18              grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//"
    19          ;;
    20          drop)
    21              sed -i "/^${2:-}=/d" $Storeinfofile
    22          ;;
    23          test)
    24              grep -q "^${2:-}=" $Storeinfofile
    25          ;;
    26          *)
    27              debugnote "storeinfo(): ${1:-}";
    28              grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 
    29                  sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile
    30              };
    31              echo "${1:-}" >> $Storeinfofile
    32          ;;
    33      esac
    34  }
    35  rocknroll () 
    36  { 
    37      [ -s "$Timetosaygoodbyefile" ] && return 1;
    38      [ -e "$Timetosaygoodbyefile" ] || return 1;
    39      return 0
    40  }
    41
    42  warning() {
    43    echo "$*:WARNING"   | sed "s/\$/ /" >>$Messagefile
    44  }
    45  note() {
    46    echo "$*:NOTE"      | sed "s/\$/ /" >>$Messagefile
    47  }
    48  verbose() {
    49    echo "$*:VERBOSE"   | sed "s/\$/ /" >>$Messagefile
    50  }
    51  debugnote() {
    52    echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile
    53  }
    54  error() {
    55    echo "$*:ERROR"     | sed "s/\$/ /" >>$Messagefile
    56    exit 64
    57  }
    58  stdout() {
    59    echo "$*:STDOUT"    | sed "s/\$/ /" >>$Messagefile
    60  }
    61  Messagefile=/x11docker/message.fifo
    62  Storeinfofile='/x11docker/store.info'
    63  Timetosaygoodbyefile=/x11docker/timetosaygoodbye
    64
    65  debugnote 'Running containerrootrc: Setup as root in container'
    66
    67  Error=''
    68  for Line in cat chmod chown cut cd cp date echo env export grep id ln ls mkdir mv printf rm sed sh sleep tail touch; do
    69    command -v "$Line" || {
    70      warning "ERROR: Command not found in image: $Line"
    71      Error=1
    72    }
    73  done
    74  [ "$Error" ] && error 'Commands for container setup missing in image.
    75    You can try with option --no-setup to avoid this error.'
    76
    77  # Check type of libc
    78  ldd --version 2>&1 | grep -q 'musl libc' && Containerlibc='musl'
    79  ldd --version 2>&1 | grep -q -E 'GLIBC|GNU libc'  && Containerlibc='glibc'
    80  debugnote "containerrootrc: Container libc: $Containerlibc"
    81
    82  # Prepare X environment
    83  # Create some system dirs with needed permissions
    84  mkdir -v -p /var/lib/dbus /var/run/dbus
    85  mkdir -v -p -m 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix
    86  chmod -c 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix
    87  export DISPLAY=:120 XAUTHORITY=/x11docker/Xauthority.client
    88
    89  # workaround: autostart of xrandr for some desktops like deepin, cinnamon and gnome to fix wrong autoresize
    90  echo '#! /bin/sh
    91  Output=$(xrandr | grep ' connected' | cut -d" " -f1)
    92  Mode=1280x800
    93  xrandr --output $Output --mode $Mode\n' > /usr/local/bin/x11docker-xrandr
    94  chmod +x /usr/local/bin/x11docker-xrandr
    95  mkdir -p /etc/xdg/autostart
    96  echo '[Desktop Entry]
    97  Encoding=UTF-8
    98  Version=0.9.4
    99  Type=Application
   100  Name=x11docker-xrandr
   101  Comment=
   102  Exec=/usr/local/bin/x11docker-xrandr
   103  ' > /etc/xdg/autostart/x11docker-xrandr.desktop
   104
   105  # Time zone
   106  [ ! -d /usr/share/zoneinfo ] && [ "$Containerlibc" = "glibc" ] && {
   107    mkdir -p /usr/share/zoneinfo/Asia
   108    cp '/x11docker/libc.localtime' '/usr/share/zoneinfo/Asia/Bangkok'
   109  }
   110  [ -e '/usr/share/zoneinfo/Asia/Bangkok' ] && ln -f -s '/usr/share/zoneinfo/Asia/Bangkok' /etc/localtime
   111
   112  # Container system
   113  Containersystem="$(grep '^ID=' /etc/os-release 2>/dev/null | cut -d= -f2 || echo 'unknown')"
   114  verbose "Container system ID: $Containersystem"
   115
   116  # Environment variables
   117  export 'container=docker'
   118  export 'XAUTHORITY=/x11docker/Xauthority.client'
   119  export 'DISPLAY=:120'
   120  export 'USER=kev'
   121
   122  # Check container user
   123  Containeruser="$(storeinfo dump containeruser)"
   124
   125  Containeruserhome='/home/kev'
   126  # Create user entry in /etc/passwd (and delete possibly existing same uid)
   127  cat /etc/passwd | grep -v ':1000:' > /tmp/passwd
   128
   129  # Disable possible /etc/shadow passwords for other users
   130  sed -i 's%:x:%:-:%' /tmp/passwd
   131  bash --version >/dev/null 2>&1 && Containerusershell=/bin/bash || Containerusershell=/bin/sh
   132  Containeruserentry="kev:x:1000:100:kev,,,:/home/kev:$Containerusershell"
   133  debugnote "containerrootrc: $Containeruserentry"
   134  echo "$Containeruserentry" >> /tmp/passwd
   135
   136  rm /etc/passwd
   137  mv /tmp/passwd /etc/passwd || warning 'Unable to change /etc/passwd. That may be a security risk.'
   138
   139  # Create password entry for container user in /etc/shadow
   140  rm -v /etc/shadow || warning 'Cannot change /etc/shadow. That may be a security risk.'
   141  echo "kev:sac19FwGGTx/A:17293:0:99999:7:::" > /etc/shadow
   142  echo 'root:*:17219:0:99999:7:::' >> /etc/shadow
   143
   144  # Create user group entry (and delete possibly existing same gid)
   145  cat /etc/group | grep -v ':100:'    > /tmp/group
   146  echo "users:x:100:" >> /tmp/group
   147  mv /tmp/group /etc/group
   148
   149  # Create /etc/sudoers, delete /etc/sudoers.d. Overwrite possible sudo setups in image.
   150  [ -e /etc/sudoers.d ] && rm -v -R /etc/sudoers.d
   151  [ -e /etc/sudoers ]   && rm -v /etc/sudoers
   152  echo '# /etc/sudoers created by x11docker' > /etc/sudoers
   153  echo 'Defaults  env_reset'                >> /etc/sudoers
   154  echo 'root ALL=(ALL) ALL'                 >> /etc/sudoers
   155
   156  # Restrict PAM configuration of su and sudo
   157  mkdir -p /etc/pam.d
   158  [ -e /etc/pam.d/sudo ] && rm -v /etc/pam.d/sudo
   159  case "$Containersystem" in
   160    fedora)
   161      echo '#%PAM-1.0' > /etc/pam.d/su
   162      echo 'auth     sufficient pam_rootok.so'  >> /etc/pam.d/su
   163      echo 'account  sufficient pam_succeed_if.so uid = 0 use_uid quiet'  >> /etc/pam.d/su
   164      echo 'session  include system-auth'       >> /etc/pam.d/su
   165    ;;
   166    *)
   167      echo '#%PAM-1.0' > /etc/pam.d/su
   168      echo 'auth sufficient pam_rootok.so' >> /etc/pam.d/su  # allow root to switch user without a password
   169      echo '@include common-auth'          >> /etc/pam.d/su
   170      echo '@include common-account'       >> /etc/pam.d/su
   171      echo '@include common-session'       >> /etc/pam.d/su
   172    ;;
   173  esac
   174
   175  # Set up container user groups
   176  # Create HOME
   177  mkdir -p $Containeruserhome
   178  chown $Containeruser:$(id -g $Containeruser) "$Containeruserhome"
   179  ls -la $Containeruserhome
   180
   181  rocknroll || exit 64
   182
   183
   184  # disable getty in inittab
   185  [ -e /etc/inittab ] && sed -i 's/.*getty/##getty disabled by x11docker## \0/' /etc/inittab
   186
   187
   188  rocknroll || exit 64
   189
   190  storeinfo containerrootrc=ready
   191

x11docker[21:55:59,635]: Generated xinitrc:
     1  #! /bin/sh
     2  disable_xhost () 
     3  { 
     4      local Line=;
     5      command -v xhost > /dev/null || { 
     6          warning "Command 'xhost' not found.
     7    Can not check for possibly allowed network access to X.
     8    Please install 'xhost'.";
     9          return 1
    10      };
    11      xhost 2>&1 | tail -n +2 /dev/stdin | while read -r Line; do
    12          debugnote "xhost: Removing entry $Line";
    13          xhost -$Line;
    14      done;
    15      xhost -;
    16      [ "$(xhost 2>&1 | wc -l)" -gt "1" ] && { 
    17          warning "Remaining xhost permissions found on display ${DISPLAY:-}
    18  $(xhost 2>&1 )";
    19          return 1
    20      };
    21      xhost 2>&1 | grep "access control disabled" && { 
    22          warning "Failed to restrict xhost permissions.
    23    Access to display ${DISPLAY:-} is allowed for everyone.";
    24          return 1
    25      };
    26      return 0
    27  }
    28  pspid () 
    29  { 
    30      LC_ALL=C ps -p "${1:-}" 2> /dev/null | grep -v 'TIME'
    31  }
    32  rocknroll () 
    33  { 
    34      [ -s "$Timetosaygoodbyefile" ] && return 1;
    35      [ -e "$Timetosaygoodbyefile" ] || return 1;
    36      return 0
    37  }
    38  storeinfo () 
    39  { 
    40      [ -e "$Storeinfofile" ] || return 1;
    41      case "${1:-}" in 
    42          dump)
    43              grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//"
    44          ;;
    45          drop)
    46              sed -i "/^${2:-}=/d" $Storeinfofile
    47          ;;
    48          test)
    49              grep -q "^${2:-}=" $Storeinfofile
    50          ;;
    51          *)
    52              debugnote "storeinfo(): ${1:-}";
    53              grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 
    54                  sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile
    55              };
    56              echo "${1:-}" >> $Storeinfofile
    57          ;;
    58      esac
    59  }
    60  storepid () 
    61  { 
    62      case "${1:-}" in 
    63          dump)
    64              grep -w "${2:-}" "$Storepidfile" | cut -d' ' -f1
    65          ;;
    66          test)
    67              grep -q -w "${2:-}" "$Storepidfile"
    68          ;;
    69          *)
    70              echo "${1:-NOPID}" "${2:-NONAME}" >> "$Storepidfile";
    71              debugnote "storepid(): Stored pid '${1:-}' of '${2:-}': $(pspid ${1:-} ||:)"
    72          ;;
    73      esac
    74  }
    75
    76  warning() {
    77    echo "$*:WARNING"   | sed "s/\$/ /" >>$Messagefile
    78  }
    79  note() {
    80    echo "$*:NOTE"      | sed "s/\$/ /" >>$Messagefile
    81  }
    82  verbose() {
    83    echo "$*:VERBOSE"   | sed "s/\$/ /" >>$Messagefile
    84  }
    85  debugnote() {
    86    echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile
    87  }
    88  error() {
    89    echo "$*:ERROR"     | sed "s/\$/ /" >>$Messagefile
    90    exit 64
    91  }
    92  stdout() {
    93    echo "$*:STDOUT"    | sed "s/\$/ /" >>$Messagefile
    94  }
    95  getscreensize() {
    96    CurrentXaxis="$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f1 )"
    97    CurrentYaxis="$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f2 | cut -d+ -f1)"
    98  }
    99  checkscreensize() {
   100    getscreensize
   101    [ "$Xaxis" = "$CurrentXaxis" ] || return 1
   102    [ "$Yaxis" = "$CurrentYaxis" ] || return 1
   103    return 0
   104  }
   105  getprimary() {
   106    xrandr | grep -q primary || xrandr --output $(xrandr | grep ' connected' | head -n1 | cut -d' ' -f1) --primary
   107    echo $(xrandr | grep primary | cut -d' ' -f1)
   108  }
   109
   110  Messagefile='/home/kev/.cache/x11docker/avogadro-10558694368/share/message.fifo'
   111  Output="$(getprimary)"
   112  Storeinfofile='/home/kev/.cache/x11docker/avogadro-10558694368/share/store.info'
   113  Storepidfile='/home/kev/.cache/x11docker/avogadro-10558694368/store.pids'
   114  Timetosaygoodbyefile='/home/kev/.cache/x11docker/avogadro-10558694368/share/timetosaygoodbye'
   115
   116  export PATH='/home/kev/bin:/usr/local/bin:/usr/bin:/bin:/sbin:/usr/sbin:/usr/local/games:/usr/games'
   117
   118  Cookie=''
   119  Line=''
   120  Var=''
   121
   122  debugnote 'Running xinitrc'
   123
   124  export  DISPLAY=:120 XAUTHORITY=/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X120 XDG_RUNTIME_DIR=/run/user/1000
   125  # background color
   126  xsetroot -solid '#7F7F7F' 2>/dev/null
   127
   128  # create new XAUTHORITY cookies
   129  :> /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client
   130
   131  echo 'Requesting trusted cookie from X server'
   132  xauth -v -i -f /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client generate :120 . trusted timeout 3600
   133
   134  [ -s '/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client' ] || { 
   135    [ 'trusted' = 'untrusted' ] && note 'Could not create untrusted cookie. 
   136    Maybe your X server misses extension SECURITY.'
   137  }
   138  [ -s '/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client' ] || { 
   139    # still no cookie? try to create one without extension security
   140    debugnote 'xinitrc: Failed to retrieve trusted cookie from X server. Will bake one myself.'
   141    echo 'Failed to retrieve trusted cookie from X server. Will bake one myself.'
   142    xauth -v -i -f /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client add :120 . b494c13e7c78d785032f64bfd093d189
   143    ls -l /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client
   144  }
   145
   146  # Prepare cookie with localhost identification disabled by ffff, needed if X socket is shared. ffff means 'familiy wild'
   147  Cookie="$(xauth -i -f /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client nlist | sed -e 's/^..../ffff/')"
   148  echo "$Cookie" | xauth -v -i -f /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client nmerge -
   149
   150  debugnote "xinitrc: Created cookie: $(xauth -f /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client list 2>&1)"
   151  ls -l /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client
   152  cp /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client /home/kev/.cache/x11docker/avogadro-10558694368/Xauthority.server
   153  chmod 644 /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client
   154
   155  [ -s '/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client' ] || warning 'Cookie creation failed!'
   156  export XAUTHORITY=/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client
   157  [ 'yes' = 'no' ] || [ ! -s '/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client' ] && unset XAUTHORITY && warning '--xephyr: X server :120 runs without cookie authentication.'
   158
   159  # clean xhost
   160  verbose 'Disabling any possible access to new X server possibly granted by xhost'
   161  disable_xhost
   162
   163  # Keyboard layout
   164  # set keyboard layout on :120
   165  verbose "Keyboard layout:
   166  $(cat /home/kev/.cache/x11docker/avogadro-10558694368/xkb.keymap)"
   167  xkbcomp /home/kev/.cache/x11docker/avogadro-10558694368/xkb.keymap :120
   168
   169  verbose "Output of xrandr on :120
   170  $(xrandr)"
   171
   172  echo 'xinitrc: xinitrc is ready'
   173  storeinfo xinitrc=ready
   174
   175  # option '-c, --clipboard': Run clipboard script 
   176  # (text copy only) (xpra has its own clipboard managment including images)
   177  bash /home/kev/.cache/x11docker/avogadro-10558694368/clipboardrc
   178
   179  # wait for the end
   180  read Var </home/kev/.cache/x11docker/avogadro-10558694368/share/timetosaygoodbye.fifo

DEBUGNOTE[21:55:59,646]: Running xtermrc: Ask for password if needed (no)
DEBUGNOTE[21:55:59,646]: storepid(): Stored pid '3931' of 'containershell':  3931 pts/4    00:00:00 bash
DEBUGNOTE[21:55:59,651]: waitforlogentry(): start_xserver(): Waiting for logentry "readyforX=ready" in store.info
DEBUGNOTE[21:55:59,653]: Running dockerrc: Setup as root or as user docker on host.
DEBUGNOTE[21:55:59,743]: dockerrc: Found default Runtime: 
DEBUGNOTE[21:55:59,749]: dockerrc: All 
DEBUGNOTE[21:55:59,755]: dockerrc: Container Runtime: 
DEBUGNOTE[21:55:59,761]: storeinfo(): runtime=

==> /home/kev/.cache/x11docker/avogadro-10558694368/share/container.log <==
[
    {
        "Id": "84cdc578b6f2d2e2385c6b4642e2a8181c840416ee4d407ab4e9d38d530daf7f",
        "Digest": "sha256:6e3e4520d03c50c0d4cda32e25acd8fdc0fe653cfb327932625d5c348cedde9f",
        "RepoTags": [
            "localhost/avogadro:latest"
        ],
        "RepoDigests": [
            "localhost/avogadro@sha256:6e3e4520d03c50c0d4cda32e25acd8fdc0fe653cfb327932625d5c348cedde9f"
        ],
        "Parent": "",
        "Comment": "",
        "Created": "2021-03-01T14:41:25.240384141Z",
        "Config": {
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "avogadro"
            ],
            "Labels": {
                "io.buildah.version": "1.18.0"
            }
        },
        "Version": "",
        "Author": "",
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 520346884,
        "VirtualSize": 520346884,
        "GraphDriver": {
            "Name": "overlay",
            "Data": {
                "LowerDir": "/home/kev/.local/share/containers/storage/overlay/19f3cb2e8a35d27b446cb87eb52f6c508af67a4e660bddf4811da44f0f90156e/diff:/home/kev/.local/share/containers/storage/overlay/b4348bfd84050f05a39ebe017b137d3bde5ce307cc5dd819495c4f362587c4e3/diff:/home/kev/.local/share/containers/storage/overlay/9dd0b45ebe39e477b2a869802e9b771d991f7341cb79e3446c9ca8231fc35d3f/diff:/home/kev/.local/share/containers/storage/overlay/c95d2191d7773c6e29188f92922bc9547e1f0b6130e85dfc2f5e4eae13137c7c/diff",
                "UpperDir": "/home/kev/.local/share/containers/storage/overlay/d205072fe60214da3753e33a8e3eb0a58a4085a72124c4376874afd6c4a515ed/diff",
                "WorkDir": "/home/kev/.local/share/containers/storage/overlay/d205072fe60214da3753e33a8e3eb0a58a4085a72124c4376874afd6c4a515ed/work"
            }
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:c95d2191d7773c6e29188f92922bc9547e1f0b6130e85dfc2f5e4eae13137c7c",
                "sha256:27502392e386147bf71f51b4676dbe938b9b86592e41047c17fc94a116aa2841",
                "sha256:9f10818f1f96a349981e134a0e8d566fa5ab144c9f9f4e766be8cdab76d4074d",
                "sha256:5883e6bf7528dcc101dcca7627f21d8ad0f64e85476251f697f19a3936533981",
                "sha256:7c99a9b33d07f622b8319b09933005abf1966c0ae7e41b34ea3cebdb3c2cdecd"
            ]
        },
        "Labels": {
            "io.buildah.version": "1.18.0"
        },
        "Annotations": {},
        "ManifestType": "application/vnd.oci.image.manifest.v1+json",
        "User": "",
        "History": [
            {
                "created": "2021-01-21T03:37:59.610121534Z",
                "created_by": "/bin/sh -c #(nop) ADD file:ef36fee25b0bd1d99979ecb8d54b206cec33d4e8fd2232189f0d8e5ab9754798 in / "
            },
            {
                "created": "2021-01-21T03:38:01.686909008Z",
                "created_by": "/bin/sh -c set -xe \t\t\u0026\u0026 echo '#!/bin/sh' \u003e /usr/sbin/policy-rc.d \t\u0026\u0026 echo 'exit 101' \u003e\u003e /usr/sbin/policy-rc.d \t\u0026\u0026 chmod +x /usr/sbin/policy-rc.d \t\t\u0026\u0026 dpkg-divert --local --rename --add /sbin/initctl \t\u0026\u0026 cp -a /usr/sbin/policy-rc.d /sbin/initctl \t\u0026\u0026 sed -i 's/^exit.*/exit 0/' /sbin/initctl \t\t\u0026\u0026 echo 'force-unsafe-io' \u003e /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \t\t\u0026\u0026 echo 'DPkg::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' \u003e /etc/apt/apt.conf.d/docker-clean \t\u0026\u0026 echo 'APT::Update::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' \u003e\u003e /etc/apt/apt.conf.d/docker-clean \t\u0026\u0026 echo 'Dir::Cache::pkgcache \"\"; Dir::Cache::srcpkgcache \"\";' \u003e\u003e /etc/apt/apt.conf.d/docker-clean \t\t\u0026\u0026 echo 'Acquire::Languages \"none\";' \u003e /etc/apt/apt.conf.d/docker-no-languages \t\t\u0026\u0026 echo 'Acquire::GzipIndexes \"true\"; Acquire::CompressionTypes::Order:: \"gz\";' \u003e /etc/apt/apt.conf.d/docker-gzip-indexes \t\t\u0026\u0026 echo 'Apt::AutoRemove::SuggestsImportant \"false\";' \u003e /etc/apt/apt.conf.d/docker-autoremove-suggests"
            },
            {
                "created": "2021-01-21T03:38:03.602826437Z",
                "created_by": "/bin/sh -c [ -z \"$(apt-get indextargets)\" ]",
                "empty_layer": true
            },
            {
                "created": "2021-01-21T03:38:05.448405114Z",
                "created_by": "/bin/sh -c mkdir -p /run/systemd \u0026\u0026 echo 'docker' \u003e /run/systemd/container"
            },
            {
                "created": "2021-01-21T03:38:05.801776526Z",
                "created_by": "/bin/sh -c #(nop)  CMD [\"/bin/bash\"]",
                "empty_layer": true
            },
            {
                "created": "2021-02-28T18:31:19.519180899Z",
                "created_by": "/bin/sh -c apt-get -y update"
            },
            {
                "created": "2021-03-01T14:41:10.740181801Z",
                "created_by": "/bin/sh -c DEBIAN_FRONTEND=noninteractive apt-get -y install avogadro openbox"
            },
            {
                "created": "2021-03-01T14:41:25.240849347Z",
                "created_by": "/bin/sh -c #(nop) CMD [\"avogadro\"]",
                "empty_layer": true
            }
        ],
        "NamesHistory": []
    }
]

==> /home/kev/.cache/x11docker/avogadro-10558694368/message.log <==
DEBUGNOTE[21:55:59,931]: dockerrc: Image architecture: amd64
DEBUGNOTE[21:55:59,937]: dockerrc: Image CMD: avogadro
     1  #! /bin/sh
     2
     3  # containerrc
     4  # Created startscript for docker run used as container command.
     5  # Runs as unprivileged user in container.
     6
     7
     8  mysleep () 
     9  { 
    10      sleep "${1:-1}" 2> /dev/null || sleep 1
    11  }
    12  rocknroll () 
    13  { 
    14      [ -s "$Timetosaygoodbyefile" ] && return 1;
    15      [ -e "$Timetosaygoodbyefile" ] || return 1;
    16      return 0
    17  }
    18  saygoodbye () 
    19  { 
    20      debugnote "time to say goodbye ($*)";
    21      [ -e "$Timetosaygoodbyefile" ] && echo timetosaygoodbye >> $Timetosaygoodbyefile;
    22      [ -e "$Timetosaygoodbyefifo" ] && echo timetosaygoodbye >> $Timetosaygoodbyefifo
    23  }
    24  storeinfo () 
    25  { 
    26      [ -e "$Storeinfofile" ] || return 1;
    27      case "${1:-}" in 
    28          dump)
    29              grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//"
    30          ;;
    31          drop)
    32              sed -i "/^${2:-}=/d" $Storeinfofile
    33          ;;
    34          test)
    35              grep -q "^${2:-}=" $Storeinfofile
    36          ;;
    37          *)
    38              debugnote "storeinfo(): ${1:-}";
    39              grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 
    40                  sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile
    41              };
    42              echo "${1:-}" >> $Storeinfofile
    43          ;;
    44      esac
    45  }
    46  waitforlogentry () 
    47  { 
    48      local Startzeit Uhrzeit Dauer Count=0 Schlaf;
    49      local Errorkeys="${4:-}";
    50      local Warten="${5:-60}";
    51      local Error=;
    52      Startzeit="$(date +%s ||:)";
    53      Startzeit="${Startzeit:-0}";
    54      [ "$Warten" = "infinity" ] && Warten=32000;
    55      debugnote "waitforlogentry(): ${1:-}: Waiting for logentry \"${3:-}\" in $(basename ${2:-})";
    56      while ! grep -q "${3:-}" < "${2:-}"; do
    57          Count="$(( $Count + 1 ))";
    58          Uhrzeit="$(date +%s ||:)";
    59          Uhrzeit="${Uhrzeit:-0}";
    60          Dauer="$(( $Uhrzeit - $Startzeit ))";
    61          Schlaf="$(( $Count / 10 ))";
    62          [ "$Schlaf" = "0" ] && Schlaf="0.5";
    63          mysleep "$Schlaf";
    64          [ "$Dauer" -gt "10" ] && debugnote "waitforlogentry(): ${1:-}: Waiting since ${Dauer}s for log entry \"${3:-}\" in $(basename ${2:-})";
    65          [ "$Dauer" -gt "$Warten" ] && error "waitforlogentry(): ${1:-}: Timeout waiting for entry \"${3:-}\" in $(basename ${2:-})
    66    Last lines of $(basename ${2:-}):
    67  $(tail "${2:-}")";
    68          [ "$Errorkeys" ] && grep -i -q -E "$Errorkeys" < "${2:-}" && error "waitforlogentry(): ${1:-}: Found error message in logfile.
    69    Last lines of logfile $(basename ${2:-}):
    70  $(tail "${2:-}")";
    71          rocknroll || { 
    72              debugnote "waitforlogentry(): ${1:-}: Stopped waiting for ${3:-} in $(basename ${2:-}) due to terminating signal.";
    73              Error=1;
    74              break
    75          };
    76      done;
    77      [ "$Error" ] && return 1;
    78      debugnote "waitforlogentry(): ${1:-}: Found log entry \"${3:-}\" in $(basename ${2:-}).";
    79      return 0
    80  }
    81
    82  warning() {
    83    echo "$*:WARNING"   | sed "s/\$/ /" >>$Messagefile
    84  }
    85  note() {
    86    echo "$*:NOTE"      | sed "s/\$/ /" >>$Messagefile
    87  }
    88  verbose() {
    89    echo "$*:VERBOSE"   | sed "s/\$/ /" >>$Messagefile
    90  }
    91  debugnote() {
    92    echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile
    93  }
    94  error() {
    95    echo "$*:ERROR"     | sed "s/\$/ /" >>$Messagefile
    96    exit 64
    97  }
    98  stdout() {
    99    echo "$*:STDOUT"    | sed "s/\$/ /" >>$Messagefile
   100  }
   101  Messagefile=/x11docker/message.fifo
   102  Storeinfofile=/x11docker/store.info
   103  Timetosaygoodbyefile=/x11docker/timetosaygoodbye
   104
   105  waitforlogentry containerrc $Storeinfofile containerrootrc=ready  infinity
   106  debugnote "Running containerrc: Unprivileged user commands in container"
   107
   108  Containercommand="avogadro"
   109  Entrypoint=""
   110
   111  verbose "containerrc: Container system:
   112  $(cat /etc/os-release 2>&1 ||:)"
   113
   114
   115  # USER and HOME
   116  Containeruser="$(storeinfo dump containeruser)"
   117  Containeruserhome="/home/kev"
   118  export USER="$Containeruser"
   119  export HOME="$Containeruserhome"
   120
   121  # XDG_RUNTIME_DIR
   122  Containeruseruid=$(id -u $Containeruser)
   123  export XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR
   124  [ -e /run/user/$Containeruseruid ] && ln -s /run/user/$Containeruseruid $XDG_RUNTIME_DIR || mkdir -p -m700 $XDG_RUNTIME_DIR
   125
   126  # Copy files from /etc/skel into empty HOME
   127  [ -d /etc/skel ] && [ -z "$(ls -A "$Containeruserhome" 2>/dev/null | grep -v -E "gnupg")" ] && {
   128    debugnote "containerrc: HOME is empty. Copying from /etc/skel"
   129    cp -n -R /etc/skel/. $Containeruserhome
   130    :
   131  } || {
   132    debugnote "containerrc: HOME is not empty. Not copying from /etc/skel"
   133  }
   134
   135  # Create softlink to X unix socket
   136  [ -e /tmp/.X11-unix/X120 ] || ln -s /X120 /tmp/.X11-unix
   137
   138  unset WAYLAND_DISPLAY
   139
   140  export XDG_SESSION_TYPE=x11
   141
   142
   143  export TERM=xterm
   144  storeinfo test locale && export LANG="$(storeinfo dump locale)"
   145  [ -e "/usr/share/zoneinfo/Asia/Bangkok" ] || export TZ=UTC-07
   146  [ "$(date -Ihours)" != "2021-03-01T21+07:00" ] && export TZ=UTC-07
   147  [ "$DEBIAN_FRONTEND" = noninteractive ] && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND
   148  [ "$DEBIAN_FRONTEND" = newt ]           && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND
   149  # container environment (--env)
   150  export 'container=docker'
   151  export 'XAUTHORITY=/x11docker/Xauthority.client'
   152  export 'DISPLAY=:120'
   153  export 'USER=kev'
   154
   155  env >> /x11docker/container.environment
   156  verbose "Container environment:
   157  $(env | sort)"
   158
   159  cd "$HOME"
   160
   161  tail -f /x11docker/stdout     2>/dev/null &
   162  tail -f /x11docker/stderr >&2 2>/dev/null &
   163  exec $Dbus sh /x11docker/cmdrc >>/x11docker/stdout 2>>/x11docker/stderr
     1  #! /bin/sh
     2  # Created startscript for cmdrc containing final container command
     3
     4  storeinfo () 
     5  { 
     6      [ -e "$Storeinfofile" ] || return 1;
     7      case "${1:-}" in 
     8          dump)
     9              grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//"
    10          ;;
    11          drop)
    12              sed -i "/^${2:-}=/d" $Storeinfofile
    13          ;;
    14          test)
    15              grep -q "^${2:-}=" $Storeinfofile
    16          ;;
    17          *)
    18              debugnote "storeinfo(): ${1:-}";
    19              grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 
    20                  sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile
    21              };
    22              echo "${1:-}" >> $Storeinfofile
    23          ;;
    24      esac
    25  }
    26
    27  warning() {
    28    echo "$*:WARNING"   | sed "s/\$/ /" >>$Messagefile
    29  }
    30  note() {
    31    echo "$*:NOTE"      | sed "s/\$/ /" >>$Messagefile
    32  }
    33  verbose() {
    34    echo "$*:VERBOSE"   | sed "s/\$/ /" >>$Messagefile
    35  }
    36  debugnote() {
    37    echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile
    38  }
    39  error() {
    40    echo "$*:ERROR"     | sed "s/\$/ /" >>$Messagefile
    41    exit 64
    42  }
    43  stdout() {
    44    echo "$*:STDOUT"    | sed "s/\$/ /" >>$Messagefile
    45  }
    46  Messagefile=/x11docker/message.fifo
    47  debugnote "cmdrc: Running container command: 
    48     avogadro
    49    "
    50
    51   avogadro  
    52
    53  [ -h "$Homesoftlink" ] && rm $Homesoftlink
    54  storeinfo cmdexitcode=$?
DEBUGNOTE[21:55:59,943]: dockerrc: Image USER: 
DEBUGNOTE[21:55:59,949]: storeinfo(): containeruser=kev
DEBUGNOTE[21:55:59,955]: dockerrc: Image ENTRYPOINT: 
DEBUGNOTE[21:55:59,961]: dockerrc: Image WORKDIR: 
DEBUGNOTE[21:55:59,967]: storeinfo(): readyforX=ready
DEBUGNOTE[21:55:59,973]: waitforlogentry(): dockerrc: Waiting for logentry "xinitrc is ready" in xinit.log
DEBUGNOTE[21:56:00,160]: waitforlogentry(): start_xserver(): Found log entry "readyforX=ready" in store.info.

==> /home/kev/.cache/x11docker/avogadro-10558694368/xinit.log <==

xinit: XFree86_VT property unexpectedly has 0 items instead of 1
xrandr: Failed to get size of gamma for output default
xrandr: Failed to get size of gamma for output default
xrandr: Failed to get size of gamma for output default
xrandr: Failed to get size of gamma for output default
Requesting trusted cookie from X server
Ignoring locks on authority file /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client
authorization id is 1323
Ignoring locks and writing authority file /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client
Ignoring locks on authority file /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client
1 entries read in:  1 new, 0 replacements
Ignoring locks and writing authority file /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client

==> /home/kev/.cache/x11docker/avogadro-10558694368/message.log <==
DEBUGNOTE[21:56:00,250]: Running xinitrc

==> /home/kev/.cache/x11docker/avogadro-10558694368/xinit.log <==
-rw------- 1 kev users 136 Mar  1 21:56 /home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client
access control enabled, only authorized clients can connect

==> /home/kev/.cache/x11docker/avogadro-10558694368/message.log <==
DEBUGNOTE[21:56:00,260]: xinitrc: Created cookie: localhost.localdomain/unix:120  MIT-MAGIC-COOKIE-1  ccbff34836fa6c05882724e5d439e02d 
#ffff#6c6f63616c686f73742e6c6f63616c646f6d61696e#:120  MIT-MAGIC-COOKIE-1  ccbff34836fa6c05882724e5d439e02d

==> /home/kev/.cache/x11docker/avogadro-10558694368/xinit.log <==
Warning:          Unsupported high keycode 372 for name <I372> ignored
                  X11 cannot support keycodes above 255.
                  This warning only shows for the first high keycode.

==> /home/kev/.cache/x11docker/avogadro-10558694368/message.log <==
x11docker[21:56:00,268]: Disabling any possible access to new X server possibly granted by xhost

==> /home/kev/.cache/x11docker/avogadro-10558694368/xinit.log <==
Warning:          Key <I192> not found in evdev+aliases(qwerty) keycodes
                  Symbols ignored
Warning:          Key <I193> not found in evdev+aliases(qwerty) keycodes
                  Symbols ignored
Warning:          Key <I194> not found in evdev+aliases(qwerty) keycodes
                  Symbols ignored
Warning:          Key <I195> not found in evdev+aliases(qwerty) keycodes
                  Symbols ignored
Warning:          Key <I196> not found in evdev+aliases(qwerty) keycodes
                  Symbols ignored
Warning:          Key <I372> not found in evdev+aliases(qwerty) keycodes
                  Symbols ignored
Warning:          Key <I380> not found in evdev+aliases(qwerty) keycodes
                  Symbols ignored
Warning:          Key <I382> not found in evdev+aliases(qwerty) keycodes
                  Symbols ignored
Warning:          Key <I442> not found in evdev+aliases(qwerty) keycodes
                  Symbols ignored
Warning:          Key <I443> not found in evdev+aliases(qwerty) keycodes
                  Symbols ignored
Warning:          Key <I569> not found in evdev+aliases(qwerty) keycodes
                  Symbols ignored
Warning:          No symbols defined for <AB11> (keycode 97)
Warning:          No symbols defined for <JPCM> (keycode 103)
Warning:          No symbols defined for <I120> (keycode 120)
Warning:          No symbols defined for <AE13> (keycode 132)
Warning:          No symbols defined for <I149> (keycode 149)
Warning:          No symbols defined for <I154> (keycode 154)
Warning:          No symbols defined for <I168> (keycode 168)
Warning:          No symbols defined for <I178> (keycode 178)
Warning:          No symbols defined for <I183> (keycode 183)
Warning:          No symbols defined for <I184> (keycode 184)
Warning:          No symbols defined for <FK19> (keycode 197)
Warning:          No symbols defined for <FK24> (keycode 202)
Warning:          No symbols defined for <I217> (keycode 217)
Warning:          No symbols defined for <I219> (keycode 219)
Warning:          No symbols defined for <I222> (keycode 222)
Warning:          No symbols defined for <I230> (keycode 230)
Warning:          No symbols defined for <I247> (keycode 247)
Warning:          No symbols defined for <I248> (keycode 248)
Warning:          No symbols defined for <I249> (keycode 249)
Warning:          No symbols defined for <I250> (keycode 250)
Warning:          No symbols defined for <I252> (keycode 252)
Warning:          No symbols defined for <I253> (keycode 253)
xrandr: Failed to get size of gamma for output default
xinitrc: xinitrc is ready

==> /home/kev/.cache/x11docker/avogadro-10558694368/message.log <==
x11docker[21:56:00,284]: Keyboard layout: 
xkb_keymap { 
        xkb_keycodes  { include "evdev+aliases(qwerty)" }; 
        xkb_types     { include "complete"      }; 
        xkb_compat    { include "complete"      }; 
        xkb_symbols   { include "pc+us+th:2+inet(evdev)+terminate(ctrl_alt_bksp)+group(win_space_toggle)"       }; 
        xkb_geometry  { include "pc(pc86)"      }; 
};

x11docker[21:56:00,312]: Output of xrandr on :120 
Screen 0: minimum 160 x 160, current 1280 x 800, maximum 1600 x 1200 
default connected primary 1280x800+0+0 (normal left inverted right x axis y axis) 0mm x 0mm 
   1600x1200      0.00   
   1400x1050      0.00   
   1280x960       0.00   
   1280x1024      0.00   
   1152x864       0.00   
   1024x768       0.00   
   832x624        0.00   
   800x600        0.00   
   720x400        0.00   
   480x640        0.00   
   640x480        0.00   
   640x400        0.00   
   320x240        0.00   
   240x320        0.00   
   160x160        0.00   
   1280x800       0.00* 

DEBUGNOTE[21:56:00,318]: storeinfo(): xinitrc=ready
DEBUGNOTE[21:56:00,468]: waitforlogentry(): dockerrc: Found log entry "xinitrc is ready" in xinit.log.

==> /home/kev/.cache/x11docker/avogadro-10558694368/share/container.log <==
[]
Error: error inspecting object: no such object: "x11docker/openbox"

==> /home/kev/.cache/x11docker/avogadro-10558694368/message.log <==
x11docker note: Option --wm: Did not find window manager image 
      x11docker/openbox 
  to provide a containerized window manager. Please run: 
      docker pull x11docker/openbox 
  If you want to use a host window manager instead and avoid this warning, 
  use option                         --wm=host  or  --wm=COMMAND 
  or provide a local image with e.g. --wm=x11docker/fvwm 
  To run without a window manager:   --wm=none  or  --desktop 
  Fallback: Will try to run a host window manager: openbox --sm-disable --config-file /home/kev/.cache/x11docker/avogadro-10558694368/share/openbox-nomenu.rc

x11docker note: Option --wm: Starting host window manager: openbox --sm-disable --config-file /home/kev/.cache/x11docker/avogadro-10558694368/share/openbox-nomenu.rc

DEBUGNOTE[21:56:00,555]: storepid(): Stored pid '4577' of 'windowmanager':  4577 pts/4    00:00:00 bash
Error: host directory cannot be empty
DEBUGNOTE[21:56:00,611]: waitforlogentry(): start_docker(): Waiting for logentry "dockerrc=ready" in store.info
x11docker ERROR: Startup of docker failed. Did not receive a container ID. 

  Last lines of container log: 
                "created": "2021-03-01T14:41:25.240849347Z", 
                "created_by": "/bin/sh -c #(nop) CMD [\"avogadro\"]", 
                "empty_layer": true 
            } 
        ], 
        "NamesHistory": [] 
    } 
] 
[] 
Error: error inspecting object: no such object: "x11docker/openbox"

  Type 'x11docker --help' for usage information
  Debug options: '--verbose' (full log) or '--debug' (log excerpt).
  Logfile will be: /home/kev/.cache/x11docker/x11docker.log
  Please report issues at https://github.com/mviereck/x11docker

DEBUGNOTE[21:56:00,626]: time to say goodbye (error)
DEBUGNOTE[21:56:00,630]: storeinfo(): error=64
DEBUGNOTE[21:56:00,634]: time to say goodbye (finish-subshell)

==> /home/kev/.cache/x11docker/avogadro-10558694368/xinit.log <==
xinit: connection to X server lost

waiting for X server to shut down X connection to :120 broken (explicit kill or server shutdown).

==> /home/kev/.cache/x11docker/avogadro-10558694368/message.log <==
DEBUGNOTE[21:56:01,092]: time to say goodbye (watchpidlist)
DEBUGNOTE[21:56:01,105]: waitforlogentry(): tailstderr: Stopped waiting for x11docker=ready in store.info due to terminating signal.
DEBUGNOTE[21:56:01,106]: waitforlogentry(): tailstdout: Stopped waiting for x11docker=ready in store.info due to terminating signal.
DEBUGNOTE[21:56:01,120]: waitforlogentry(): start_docker(): Stopped waiting for dockerrc=ready in store.info due to terminating signal.
DEBUGNOTE[21:56:01,124]: watchpidlist(): Setting pid NOPID on watchlist: pid1pid
DEBUGNOTE[21:56:01,130]: storepid(): Stored pid 'NOPID' of 'pid1pid': 
DEBUGNOTE[21:56:01,144]: watchpidlist(): Setting pid 4339 on watchlist: xinit
DEBUGNOTE[21:56:01,156]: storepid(): Stored pid '4339' of 'xinit':  4339 pts/4    00:00:00 xinit
DEBUGNOTE[21:56:01,205]: Process tree of x11docker:
bash(2693)-+-bash(3187)---tail(3189)
           |-bash(3188)---tail(3191)
           |-bash(3190)---tail(4749)
           |-bash(3192)---tail(4748)
           |-bash(3931)---bash(4801)---pstree(4802)
           `-xinit(4339)---Xephyr(4340)

DEBUGNOTE[21:56:01,209]: storeinfo(): Stored info:
cache=/home/kev/.cache/x11docker/avogadro-10558694368
stdout=/home/kev/.cache/x11docker/avogadro-10558694368/share/stdout
stderr=/home/kev/.cache/x11docker/avogadro-10558694368/share/stderr
x11dockerpid=2693
xserver=--xephyr
DISPLAY=:120
XAUTHORITY=/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client
XSOCKET=/tmp/.X11-unix/X120
XDG_RUNTIME_DIR=/run/user/1000
Xenv= DISPLAY=:120 XAUTHORITY=/home/kev/.cache/x11docker/avogadro-10558694368/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X120 XDG_RUNTIME_DIR=/run/user/1000
tini=/usr/bin/catatonit
containername=x11docker_X120_avogadro_10558694368
runtime=
containeruser=kev
readyforX=ready
xinitrc=ready
xtermrc=ready
error=64
DEBUGNOTE[21:56:01,213]: storepid(): Stored pids:
3218 watchpidlist
3231 watchmessagefifo
3931 containershell
4577 windowmanager
NOPID pid1pid
4339 xinit
DEBUGNOTE[21:56:01,215]: storeinfo(): x11docker=ready

==> /home/kev/.cache/x11docker/avogadro-10558694368/xinit.log <==

==> /home/kev/.cache/x11docker/avogadro-10558694368/message.log <==
DEBUGNOTE[21:56:01,904]: time to say goodbye (main)
DEBUGNOTE[21:56:01,907]: Terminating x11docker.
DEBUGNOTE[21:56:01,910]: time to say goodbye (finish)
DEBUGNOTE[21:56:01,931]: finish(): Checking pid 4339 (xinit): (already gone)
DEBUGNOTE[21:56:01,943]: finish(): Checking pid NOPID (pid1pid): (already gone)
DEBUGNOTE[21:56:01,960]: finish(): Checking pid 4577 (windowmanager): (already gone)
DEBUGNOTE[21:56:01,975]: finish(): Checking pid 3931 (containershell): (already gone)
DEBUGNOTE[21:56:01,990]: finish(): Checking pid 3231 (watchmessagefifo): (already gone)
DEBUGNOTE[21:56:02,004]: finish(): Checking pid 3218 (watchpidlist): (already gone)
DEBUGNOTE[21:56:02,066]: Removing container x11docker_X120_avogadro_10558694368
    Error: failed to evict container: "": failed to find container "x11docker_X120_avogadro_10558694368" in state: no container with name or ID x11docker_X120_avogadro_10558694368 found: no such container
DEBUGNOTE[21:56:02,095]: x11docker exit code: 64

[mviereck]

Thank you for the report! x11docker now prints an error message if --share has no argument.

[kevinsmia1939]

Thanks, the error show up now.