Always run sshd

Dockerfile.m4

@@ -404,7 +404,6 @@ ENV UNPRIVILEGED_USER_GROUPS=
 ENV UNPRIVILEGED_USER_SHELL=/bin/bash
 ENV RDP_TLS_KEY_PATH=/etc/xrdp/key.pem
 ENV RDP_TLS_CERT_PATH=/etc/xrdp/cert.pem
-ENV ENABLE_SSHD=false
 ENV ENABLE_VIRTUALGL=false
 ENV PATH=/opt/VirtualGL/bin:${PATH}
 ENV VGL_DISPLAY=:0
@@ -428,14 +427,6 @@ RUN printf '%s\n' "${TZ:?}" > /etc/timezone
 RUN mkdir /run/dbus/ && chown messagebus:messagebus /run/dbus/
 RUN dbus-uuidgen > /etc/machine-id && ln -sf /etc/machine-id /var/lib/dbus/machine-id
 
-# Forward logs to Docker log collector
-RUN ln -sf /dev/stdout /var/log/xdummy.log
-RUN ln -sf /dev/stdout /var/log/xrdp.log
-RUN ln -sf /dev/stdout /var/log/xrdp-sesman.log
-
-# Create /run/sshd/ directory
-RUN mkdir /run/sshd/
-
 # Create /etc/skel/.xsession file
 RUN printf '%s\n' 'exec xfce4-session' > /etc/skel/.xsession
 
@@ -463,6 +454,11 @@ RUN mkdir /tmp/.X11-unix/ \
 # Configure server for use with VirtualGL
 RUN vglserver_config -config +s +f -t
 
+# Forward logs to Docker log collector
+RUN ln -sf /dev/stdout /var/log/xdummy.log
+RUN ln -sf /dev/stdout /var/log/xrdp.log
+RUN ln -sf /dev/stdout /var/log/xrdp-sesman.log
+
 # Copy config
 COPY --chown=root:root ./config/ssh/sshd_config /etc/ssh/sshd_config
 COPY --chown=root:root ./config/xrdp/xrdp.ini /etc/xrdp/xrdp.ini
@@ -470,6 +466,7 @@ COPY --chown=root:root ./config/xrdp/sesman.ini /etc/xrdp/sesman.ini
 
 # Copy services
 COPY --chown=root:root scripts/service/ /etc/sv/
+RUN ln -sv /etc/sv/sshd /etc/service/
 RUN ln -sv /etc/sv/dbus-daemon /etc/service/
 RUN ln -sv /etc/sv/xrdp /etc/service/
 RUN ln -sv /etc/sv/xrdp-sesman /etc/service/

README.md

@@ -32,7 +32,6 @@ required for VirtualGL will conflict with the host X server.
 * `UNPRIVILEGED_USER_PASSWORD`: unprivileged user password (`password` by default).
 * `UNPRIVILEGED_USER_GROUPS`: comma-separated list of additional GIDs for the unprivileged user (none by default).
 * `UNPRIVILEGED_USER_SHELL`: unprivileged user shell (`/bin/bash` by default).
-* `ENABLE_SSHD`: enable SSH server in the container (`false` by default).
 * `ENABLE_VIRTUALGL`: enable VirtualGL support in the container (`false` by default).
 
 ## License

run-with-virtualgl.sh

@@ -41,7 +41,6 @@ printf -- '%s\n' "Creating \"${CONTAINER_NAME:?}\" container..."
 	--publish 3389:3389/tcp \
 	--shm-size 2g \
 	--privileged \
-	--env ENABLE_SSHD=true \
 	--env ENABLE_VIRTUALGL=true \
 	"${IMAGE_NAME:?}" "$@" >/dev/null
 

scripts/bin/container-foreground-cmd

@@ -44,11 +44,6 @@ unset UNPRIVILEGED_USER_PASSWORD
 # Dump environment variables
 export-env > /etc/profile.d/env.sh
 
-# Enable sshd service if ENABLE_SSHD is true
-if [ "${ENABLE_SSHD:?}" = 'true' ]; then
-	ln -s /etc/sv/sshd /etc/service/
-fi
-
 # Enable xdummy service if ENABLE_VIRTUALGL is true
 if [ "${ENABLE_VIRTUALGL:?}" = 'true' ]; then
 	ln -s /etc/sv/xdummy /etc/service/

scripts/service/sshd/run

@@ -1,4 +1,8 @@
 #!/bin/sh
 
+if [ ! -e /run/sshd/ ]; then
+	mkdir /run/sshd/
+fi
+
 exec 2>&1
 exec /usr/sbin/sshd -D