Add a service to initialise the user session and rename the xdummy service

Dockerfile.m4

@@ -264,6 +264,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \
 		ocl-icd-opencl-dev \
 		openssh-server \
 		openssl \
+		perl-base \
 		policykit-1 \
 		pulseaudio \
 		runit \
@@ -418,6 +419,7 @@ RUN --mount=type=bind,from=build,source=/tmp/xorgxrdp/,target=/tmp/xorgxrdp/ dpk
 RUN --mount=type=bind,from=build,source=/tmp/xrdp-pulseaudio/,target=/tmp/xrdp-pulseaudio/ dpkg -i /tmp/xrdp-pulseaudio/xrdp-pulseaudio_*.deb
 
 # Environment
+ENV SVDIR=/etc/service/
 ENV UNPRIVILEGED_USER_UID=1000
 ENV UNPRIVILEGED_USER_GID=1000
 ENV UNPRIVILEGED_USER_NAME=user
@@ -425,9 +427,10 @@ ENV UNPRIVILEGED_USER_PASSWORD=password
 ENV UNPRIVILEGED_USER_GROUPS=
 ENV UNPRIVILEGED_USER_SHELL=/bin/bash
 ENV UNPRIVILEGED_USER_HOME=/home/user
+ENV SERVICE_XRDP_BOOTSTRAP_ENABLED=false
+ENV SERVICE_XORG_HEADLESS_ENABLED=false
 ENV XRDP_TLS_KEY_PATH=/etc/xrdp/key.pem
 ENV XRDP_TLS_CRT_PATH=/etc/xrdp/cert.pem
-ENV ENABLE_XDUMMY=false
 ENV STARTUP=xfce4-session
 ENV DESKTOP_SESSION=xubuntu
 ## Use Adwaita theme in QT applications
@@ -460,7 +463,7 @@ RUN rm -f /etc/ssh/ssh_host_*
 RUN rm -f "${XRDP_TLS_KEY_PATH:?}" "${XRDP_TLS_CRT_PATH:?}"
 
 # Forward logs to Docker log collector
-RUN ln -sf /dev/stdout /var/log/xdummy.log
+RUN ln -sf /dev/stdout /var/log/xorg-headless.log
 RUN ln -sf /dev/stdout /var/log/xrdp.log
 RUN ln -sf /dev/stdout /var/log/xrdp-sesman.log
 
@@ -468,12 +471,12 @@ RUN ln -sf /dev/stdout /var/log/xrdp-sesman.log
 COPY --chown=root:root ./scripts/service/ /etc/sv/
 RUN find /etc/sv/ -type d -not -perm 0755 -exec chmod 0755 '{}' ';'
 RUN find /etc/sv/ -type f -not -perm 0755 -exec chmod 0755 '{}' ';'
-RUN ln -sv /etc/sv/dbus-daemon /etc/service/
-RUN ln -sv /etc/sv/sshd /etc/service/
-RUN ln -sv /etc/sv/udevadm-trigger /etc/service/
-RUN ln -sv /etc/sv/udevd /etc/service/
-RUN ln -sv /etc/sv/xrdp /etc/service/
-RUN ln -sv /etc/sv/xrdp-sesman /etc/service/
+RUN ln -sv /etc/sv/dbus-daemon "${SVDIR:?}"
+RUN ln -sv /etc/sv/sshd "${SVDIR:?}"
+RUN ln -sv /etc/sv/udevadm-trigger "${SVDIR:?}"
+RUN ln -sv /etc/sv/udevd "${SVDIR:?}"
+RUN ln -sv /etc/sv/xrdp "${SVDIR:?}"
+RUN ln -sv /etc/sv/xrdp-sesman "${SVDIR:?}"
 
 # Copy SSH config
 COPY --chown=root:root ./config/ssh/ /etc/ssh/

README.md

@@ -50,7 +50,8 @@ encounter any problem related to this you may use the `--shm-size` option.
 * `UNPRIVILEGED_USER_PASSWORD`: unprivileged user password (`password` by default).
 * `UNPRIVILEGED_USER_GROUPS`: comma-separated list of additional GIDs for the unprivileged user (none by default).
 * `UNPRIVILEGED_USER_SHELL`: unprivileged user shell (`/bin/bash` by default).
-* `ENABLE_XDUMMY`: enable a dummy X server (`false` by default).
+* `SERVICE_XRDP_BOOTSTRAP_ENABLED`: enable xrdp bootstrap service, initialises user session on startup (`false` by default).
+* `SERVICE_XORG_HEADLESS_ENABLED`: enable headless X server service (`false` by default).
 
 ## License
 

config/X11/Xsession.d/60virtualgl

@@ -2,7 +2,7 @@
 
 if [ -z "${VGL_DISPLAY-}" ]; then
 	# Use the dummy X server if it is enabled
-	if [ "${ENABLE_XDUMMY:?}" = 'true' ]; then
+	if [ "${SERVICE_XORG_HEADLESS_ENABLED:?}" = 'true' ]; then
 		export VGL_DISPLAY=:0.0
 	else
 		# Otherwise try to use the EGL backend

run-with-xdummy.sh

@@ -45,7 +45,7 @@ printf '%s\n' "Creating \"${CONTAINER_NAME:?}\" container..."
 	--shm-size 2g \
 	--publish 3322:3322/tcp \
 	--publish 3389:3389/tcp \
-	--env ENABLE_XDUMMY=true \
+	--env SERVICE_XORG_HEADLESS_ENABLED=true \
 	${CONTAINER_DEVICES?} \
 	"${IMAGE_NAME:?}" "$@" >/dev/null
 

scripts/bin/container-init

@@ -86,9 +86,14 @@ if [ ! -d /run/user/"${UNPRIVILEGED_USER_UID:?}"/ ]; then
 	chown "${UNPRIVILEGED_USER_NAME:?}:" /run/user/"${UNPRIVILEGED_USER_UID:?}"/
 fi
 
-# Enable xdummy service if ENABLE_XDUMMY is true
-if [ "${ENABLE_XDUMMY:?}" = 'true' ]; then
-	ln -s /etc/sv/xdummy /etc/service/
+# Enable xrdp bootstrap service
+if [ "${SERVICE_XRDP_BOOTSTRAP_ENABLED:?}" = 'true' ]; then
+	ln -s /etc/sv/xrdp-bootstrap "${SVDIR:?}"
+fi
+
+# Enable headless X server service
+if [ "${SERVICE_XORG_HEADLESS_ENABLED:?}" = 'true' ]; then
+	ln -s /etc/sv/xorg-headless "${SVDIR:?}"
 fi
 
 # Generate SSH keys if they do not exist
@@ -120,4 +125,4 @@ openssl x509 -in "${XRDP_TLS_CRT_PATH:?}" -noout -fingerprint -sha256
 env | grep -Ev '^(PWD|OLDPWD|HOME|USER|SHELL|TERM|([^=]*(PASSWORD|SECRET)[^=]*))=' | sort > /etc/environment
 
 # Start runit
-exec runsvdir -P /etc/service/
+exec runsvdir -P "${SVDIR:?}"

scripts/service/dbus-daemon/run

@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
-exec /usr/bin/chpst -u messagebus /usr/bin/dbus-daemon --system --nofork --nopidfile
+exec chpst -u messagebus dbus-daemon --system --nofork --nopidfile

scripts/service/sshd/run

@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
 exec /usr/sbin/sshd -D

scripts/service/udevadm-trigger/run

@@ -1,6 +1,9 @@
 #!/bin/sh
 
-sv start udevd >/dev/null || exit 1
+set -eu
 
-/usr/bin/udevadm trigger
-exec sleep infinity
+sv start udevd >/dev/null
+
+exec 2>&1
+udevadm trigger ||:
+exec chpst -b udevadm-trigger perl -MPOSIX -e 'pause()'

scripts/service/udevd/run

@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
 exec /lib/systemd/systemd-udevd

scripts/service/xorg-headless/run

@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
-exec /usr/lib/xorg/Xorg -noreset -nolisten tcp -logfile /var/log/xdummy.log :0.0
+exec /usr/lib/xorg/Xorg -noreset -nolisten tcp -logfile /var/log/xorg-headless.log :0.0

scripts/service/xrdp-bootstrap/run

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -eu
+
+sv start xrdp >/dev/null
+sv start xrdp-sesman >/dev/null
+
+exec 2>&1
+xrdp-sesrun -p "${UNPRIVILEGED_USER_PASSWORD?}" "${UNPRIVILEGED_USER_NAME:?}"
+exec chpst -b xrdp-bootstrap perl -MPOSIX -e 'pause()'

scripts/service/xrdp-sesman/run

@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
-exec /usr/sbin/xrdp-sesman --nodaemon
+exec xrdp-sesman --nodaemon

scripts/service/xrdp/run

@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
-exec /usr/sbin/xrdp --nodaemon
+exec xrdp --nodaemon