From 7bd06d2e95794f328d6f6742b00a50a3d5e4935d Mon Sep 17 00:00:00 2001 From: mviereck Date: Thu, 21 Nov 2019 17:36:28 +0100 Subject: [PATCH] --xephyr: disable -glamor #196 --- x11docker | 193 +----------------------------------------------------- 1 file changed, 3 insertions(+), 190 deletions(-) diff --git a/x11docker b/x11docker index f9508886..9d0420dc 100755 --- a/x11docker +++ b/x11docker @@ -2806,8 +2806,9 @@ startup-animation=fade --xephyr) command -v Xephyr >/dev/null && { Xserveroptions="$Xserveroptions \\ - -glamor \\ -noxv" +# Xserveroptions="$Xserveroptions \\ +# -glamor" # disabled because of lagginess reported in #196 case $Fullscreen in yes) Xserveroptions="$Xserveroptions \\ @@ -4333,7 +4334,7 @@ create_containerrootrc() { ### create containerrootrc: This script runs as echo "" echo "# Check container user" - echo "Containeruser=\"\$(storeinfo dump containeruser)\"" + echo "Containeruser=\"\$(storeinfo dump containeruser)\"" # reading root access echo "" case $Createcontaineruser in yes) @@ -7966,194 +7967,6 @@ ${2:-}" ; shift ;; # Add custo return 0 } -check_options_restricted() { - # experimental code. not in use yet. - local Allow - eval set -- "$@" - while { [ $# -gt 0 ] && [ -z "$Imagename" ] ;}; do - Allow=no - case "${1:-}" in - --help) Allow=yes ;; - --license|--licence) Allow=yes ;; - --version) Allow=yes ;; - --wmlist) Allow=yes ;; - - -e|--exe) Allow=yes ;; - --xonly) Allow=yes ;; - - #### Choice of X servers and Wayland compositors - --auto) Allow=yes ;; ### CHECK --hostdisplay or --xorg - -h|--hostdisplay) Allow=yes ;; ### CHECK access to user space - -H|--hostwayland) Allow=yes ;; - -K|--kwin) Allow=yes ;; - --kwin-xwayland) Allow=yes ;; - -n|--nxagent) Allow=yes ;; - -t|--tty) Allow=yes ;; - -T|--weston) Allow=yes ;; - -Y|--weston-xwayland) Allow=yes ;; - --xdummy) Allow=yes ;; - -y|--xephyr) Allow=yes ;; - -a|--xpra) Allow=yes ;; - -A|--xpra-xwayland) Allow=yes ;; - -x|--xorg) Allow=yes ;; ### CHECK system abuse possible? - --xvfb) Allow=yes ;; - -X|--xwayland) Allow=yes ;; - --xwin) Allow=yes ;; - - #### Influencing automatical choice of X server or Wayland compositor - -d|--desktop) Allow=yes ;; - -g|--gpu) Allow=yes ;; ### LEVEL - -W|--wayland) Allow=yes ;; - --wm) Allow=yes ;; ### CHECK - - #### X and Wayland appearance - --border) Allow=yes ;; - --dpi) Allow=yes ;; - -f|--fullscreen) Allow=yes ;; - --output-count) Allow=yes ;; - --rotate) Allow=yes ;; - --scale) Allow=yes ;; - --size) Allow=yes ;; - -F|--xfishtank) Allow=yes ;; - - #### X and Wayland configuration - --display) Allow=yes ;; - --keymap) Allow=yes ;; - --vt) Allow=yes ;; ### CHECK - --westonini) Allow=yes ;; ### CHECK - - #### X Authentication - --clean-xhost|--no-xhost) Allow=yes ;; ### LEVEL - --no-auth) Allow=yes ;; ### LEVEL - --xhost) Allow=yes ;; ### LEVEL - - #### Host integration options - --alsa) Allow=yes ;; ### LEVEL - -c|--clipboard) Allow=yes ;; - -l) Allow=yes ;; - --lang) Allow=yes ;; - -P|--printer) Allow=yes ;; ### LEVEL - -p) Allow=yes ;; ### LEVEL - --pulseaudio) Allow=yes ;; ### LEVEL - --sharessh) Allow=yes ;; ### CHECK - --webcam) Allow=yes ;; ### LEVEL - - #### Special options - --enforce-i) Allow=yes ;; - -i|--interactive) Allow=yes ;; - --pull) Allow=yes ;; ### LEVEL' - --pw) Allow=yes ;; - --runasroot) Allow=yes ;; ### LEVEL - --runfromhost) Allow=yes ;; - - #### User settings - --group-add) Allow="no" ;; ### LEVEL? - --hostuser) Allow="no" ;; - --sudouser) Allow=yes ;; ### LEVEL - --user) [ "$Containeruser" = "RETAIN" ] && Allow=yes || Allow=no ;; ### LEVEL - - #### Init system and DBus - --dbus) Allow=yes ;; ### LEVEL =system - --hostdbus) Allow=yes ;; ### CHECK - --init) Allow=yes ;; ### LEVEL - --sharecgroup) Allow=yes ;; ### LEVEL - --systemd) Allow=yes ;; ### LEVEL - - #### Container configuration - --cap-default) Allow=yes ;; ### LEVEL - --env) Allow=yes ;; - --hostipc) Allow="no" ;; - --hostnet) Allow="no" ;; - --limit) Allow=yes ;; - --name) Allow=yes ;; - --newprivileges) Allow=yes ;; ### LEVEL - --no-entrypoint) Allow=yes ;; - --no-internet) Allow=yes ;; - --runtime) Allow=yes ;; - --stdin) Allow=yes ;; - --workdir) Allow=yes ;; - - #### host folders - -m) Allow=yes ;; - --home|--homedir) restrictedpath "${2:-}" && Allow=yes || Allow="no" ;; - --share|--sharedir) restrictedpath "${2:-}" && Allow=yes || Allow="no" ;; - --homebasedir) restrictedpath "${2:-}" && Allow=yes || Allow="no" ;; - --cachebasedir) restrictedpath "${2:-}" && Allow=yes || Allow="no" ;; - - #### Verbosity options - -D|--debug) Allow=yes ;; - --showinfofile) Allow=yes ;; - -v|--verbose) Allow=yes ;; - -V) Allow=yes ;; - -q|--quiet) Allow=yes ;; - --showcache) Allow=yes ;; - --showenv) Allow=yes ;; - --showid) Allow=yes ;; - --showpid1) Allow=yes ;; - - #### Special options not starting X or docker - --cleanup) Allow=yes ;; ### CHECK Do not remove containers? - --install|--update|--update-master|--remove) Allow="no" ;; - --launcher) Allow=yes ;; - - #### Experimental options - --iglx) Allow=yes ;; - --xcomposite) Allow=yes ;; - --xorgconf) Allow="no" ;; - --xoverip) Allow=yes ;; - --xtest) Allow=yes ;; - --) break ;; - esac - [ "$Allow" = "yes" ] || error "x11docker restricted mode: - Found forbidden option or argument: ${1:-}" - shift - done - [ -n "$Customdockeroptions" ] && error "x11docker restricted mode: - Found forbidden custom docker options: $Customdockeroptions" -} -restrict_options() { - # experimental code, not in use yet. Intention: Allow harmless options only. - - # level 1: - # --hostipc - # --hostnet - # custom docker options - # --share --home=DIR --cachebasedir --homebasedir # HOME only - # --user except RETAIN if --home - # --hostuser - # --install, --update, --update-master, --remove - - # check parameter abuse - # --env - # basically all - - # level 2: - # --hostdisplay - - # unsure: - # --pull - # --runasroot - # --hostdbus - # --cleanup in multi-user environment? - # level 3: - # --newprivileges - # --cap-default - # --sudouser - # --group-add - # --init=systemd|openrc|sysvinit|runit - # --dbus=system - # --sharecgroup - local Message - [ "$Hostipc" = "yes" ] && Message="$Message - --hostipc" - [ "$Hostnet" = "yes" ] && Message="$Message - --hostnet" - [ "$Customdockeroptions" ] && Message="$Message - Custom docker options: $(escapestring "$Customdockeroptions")" - error "x11docker runs in restricted mode. - Found following options that are not allowed: -$Message" -} unpriv() { # run a command as unprivileged user. Needed if x11docker was started by root or with sudo. # $Unpriv is declared in check_hostuser: 'eval' or 'su $Hostuser -c' $Unpriv "${1:-}"