scsijon wrote:What about having the ability to have container windows one size smaller than the main window by default when first opened and then you have the ability to set for maximize or not, depending on what you want to use it for. Something like main window is 2048x1920, container windows start as 1920x1080?
Operationally I'm only using the equivalent of just the easy (Xephyr) container myself now ... to have two desktops (main real root and another restricted root desktops). For me the double tray choice with the containers titlebar deactivated works really well. Simplifies things a lot as well having just the single choice. So much so I have my own script for the container now .. that could also be worked into other Puppy's. I'm using pflask within that (so for other Puppy's (pflask binary is already included in EasyOS) that would need to be compiled/installed (it has good instructions and is easy to do)).
Code: Select all
#!/bin/sh
######################################################
# Change these as required ...
# Folder where changes.sfs is stored
CHANGES_SFS_LOC=/mnt/sda1/easy/easyremastered-1.0/home/shared
# Where the main easy.sfs is located
EASY_SFS=/mnt/sda1/easy/easyremastered-1.0/easy.sfs
# dpi setting for container
DPI=144
# Container screen geometry, i.e. actual screen size with the Y value reduced
# by the jwm tray height (28 jwm tray on my 1440x900 resolution setup)
SCR=1440x872
######################################################
# Xephyr parameters
XP="-resizeable -dpi ${DPI} -nolisten tcp"
XP="${XP} -screen ${SCR}+0+0"
XP="${XP} -title Container -name Xephyr2"
# pflask parameters
PF="--keepenv --no-netns --no-userns"
PF="${PF} --mount=bind:/etc/machine-id:/etc/machine-id" # firefox needs this
PF="${PF} --mount=bind:/etc/resolv.conf:/etc/resolv.conf" # dns (internet)
PF="${PF} --mount=bind:/dev/snd:/dev/snd"
PF="${PF} --mount=bind:/dev/mixer:/dev/mixer"
PF="${PF} --caps=all,-sys_chroot"
PF="${PF} --chroot=${CHANGES_SFS_LOC}/top"
# cd to where changes.sfs is located
cd ${CHANGES_SFS_LOC}
# Avoid double click 2 instances
N=`date +%s` # Seconds since January 1970
if [ -f /tmp/container.run ]; then
L=`cat /tmp/container.run`
D=`expr $N - $L`
if [ $D -lt 2 ]; then
echo "Aborting : use only a single click to run $0"
exit
fi
fi
echo $N >/tmp/container.run
# Check required programs are available
[ -z `which popup` ] && xmessage Requires popup && exit
[ -z `which Xephyr` ] && popup Requires Xephyr && sleep 3 && killall popup && exit
[ -z `which pflask` ] && popup Requires pflask && sleep 3 && killall popup && exit
[ -z `which unshare` ] && popup Requires unshare && sleep 3 && killall popup && exit
[ -z `which chroot` ] && popup Requires chroot && sleep 3 && killall popup && exit
[ -z `which capsh` ] && popup Requires capsh && sleep 3 && killall popup && exit
[ -z `which empty` ] && popup Requires empty && sleep 3 && killall popup && exit
[ -z `which sakura` ] && popup Requires sakura && sleep 3 && killall popup && exit
[ -z `which jwm` ] && popup Requires jwm && sleep 3 && killall popup && exit
[ ! -f changes.sfs ] && popup Requires changes.sfs && sleep 3 && killall popup && exit
[ ! -f ${EASY_SFS} ] && popup "Missing ${EASY_SFS}" && sleep 3 && killall popup && exit
# Create a separate X instance so isolated from the main real root X
T=`ps -ef | grep Xephyr2 | wc -l`
if [ $T -ne 2 ]; then
Xephyr :2 ${XP} &
else
echo "Aborting as Xephyr2 is already running"
exit
fi
# Create a changes folder, sfs mount point for easy.sfs and top layer folders
ACTIVE=0
T=`mount | grep '${CHANGES_SFS_LOC}/sfs'`
[ ! -z "${T}" ] ACTIVE=1
T=`mount | grep '${CHANGES_SFS_LOC}/top'`
[ ! -z "${T}" ] ACTIVE=1
[ ! -d top ] && mkdir top
[ ! -d sfs ] && mkdir sfs
# Start with a 'clean' snapshot of changes
[ ! -d changes ] && mkdir changes
if [ $ACTIVE -eq 0 ]; then
[ -d changes ] && rm -rf changes
DISPLAY=:2 popup "unsquashing changes.sfs "
urxvt -g 70x4+10+10 -bg '#09A0FF' -e unsquashfs -f -d changes changes.sfs
fi
# To remount a already mounted, we use the -r (read) parameter
T=`mount | grep '${CHANGES_SFS_LOC}/sfs'`
[ -z "${T}" ] && mount -r -t squashfs ${EASY_SFS} sfs
# aufs mount combining changes and sfs folders -> top
T=`mount | grep '${CHANGES_SFS_LOC}/top'`
[ -z "${T}" ] && mount -t aufs -o br=changes:sfs none top
# create a script to run inside the chroot (i.e. must be a script, not a bin)
echo "#!/bin/sh" >top/init
echo "DISPLAY=:2 export DISPLAY" >>top/init
echo "sakura --geometry 1x1 -x killall sakura # wake up Xephyr gtk/dbus" >>top/init
killall popup
echo "seamonkey &" >>top/init
echo "jwm" >>top/init
chmod +x top/init
sync
killall popup
# chroot dropping chroot capability (to prevent chroot'ing out of the chroot)
# and using another X session (to isolate it from the main X session)
# chroot (pflask makes things easier) into the top folder applying restrictions
# We use the main sfs as our base for the chroot, so chroot has very low overhead
DISPLAY=:2 empty -f unshare -m pflask ${PF} -- /init
PID=$!
# Tidy up after closing.
# The above falls through to here, so we need to monitor for when that ends
# kill -0 ... checks for existance (not very intuitive!)
while kill -0 $PID >/dev/null 2>&1
do
sleep 2
done
umount top
umount sfs
rm -rf changes.previous
mv -f changes changes.previous
killall Xephyr
# leave changes.previous in case we want to mksquashfs a new 'clean' changes.sfs
rmdir top sfs
exit
######################################################
Everything below the last exit will be ignored i.e. are comments
######################################################
"
Change log :
Rufwoof. 20190312 : 12th March 2019 initial version
Notes :
Run browser (desktop) using a combination of
unshare (mount points),
chroot (isolation)
capsh (chroot capabilities dropped - to block chroot'ing out of chroot)
using Xephyr (X separation)
Main easy sfs is used as the base for the chroot stores changes in a separate
changes folder i.e. low overheads, easily reset to 'clean'
Uses pflask https://github.com/ghedo/pflask that simplifies chroot'ing
Note that I've tweaked this to fit my 1440x900 display size/resolution and added
into ~/.jwm/jwm-personal a group clause that sets Xephyr2 (the name allocated
to the Xephyr window above) to have no border and no title i.e.
<Group>
<Name>Xephyr2</Name>
<Option>noborder</Option>
<Option>notitle</Option>
</Group>
I've also adjusted the Xephyr -screen parameter size so the containers jwm
menu/tray sits just above the main systems tray.
Setting jwm tray Outline tag in jwmrc-theme to be the same colour as the tray
background helps merge the two stacked tray into more seemingly one.
"
######################################################
That is less restricted in that it just uses Xephyr X session separation (so the container can't see the main sessions X), chroot with cap_sys_chroot capabilities dropped (so can't chroot out of the chroot). For me largely that provides adequate separation/security (browser run within a chroot that's not easily broken out of by chrooting out of that, where the session isn't saved and it can't see the real/main root sessions X windows, nor access files/folders outside of the chroot).
I've set it so that it automatically rolls back the main session at every reboot, and rolls back the container each time its started, and with the container auto started at bootup .. so clean at every boot, but where I can tweak things and re-create the clean sfs's as/when desired.
For me that simplification works well, but even then neubs might become confused with having multiple windows sharing the same view/monitor with some being restricted (inside the container) and others unrestricted. I guess one way to help reduce that confusion might be to colour the window borders differently. i.e. for general sharing/use, the base system would ideally come with a container sfs (changes) already pre-created. Being just the changes on top of the main easy.sfs however that's a relatively low overhead (could easily be less than 10MB additional size).
The other extension I've added is to run (very basic) checks agains the MBR (I boot using BIOS), grldr, vmlinuz, initrd, main sfs and containers sfs (md5sum's) at startup, so a indicator that they haven't been tampered with (intrusion detection).
I've adjusted my two trays so that they mostly vertically align