From fe0f37139f1d516d9d8e2178018e6741ff14273e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9ctor=20Molinero=20Fern=C3=A1ndez?=
 <hector@molinero.dev>
Date: Thu, 27 Apr 2023 21:05:09 +0200
Subject: [PATCH] Add a service to initialise the user session and rename the
 xdummy service

---
 Dockerfile.m4                                 | 19 +++++++++++--------
 README.md                                     |  3 ++-
 config/X11/Xsession.d/60virtualgl             |  2 +-
 run-with-xdummy.sh                            |  2 +-
 scripts/bin/container-init                    | 13 +++++++++----
 scripts/service/dbus-daemon/run               |  4 +++-
 scripts/service/sshd/run                      |  2 ++
 scripts/service/udevadm-trigger/run           |  9 ++++++---
 scripts/service/udevd/run                     |  2 ++
 scripts/service/{xdummy => xorg-headless}/run |  4 +++-
 scripts/service/xrdp-bootstrap/run            | 10 ++++++++++
 scripts/service/xrdp-sesman/run               |  4 +++-
 scripts/service/xrdp/run                      |  4 +++-
 13 files changed, 56 insertions(+), 22 deletions(-)
 rename scripts/service/{xdummy => xorg-headless}/run (72%)
 create mode 100755 scripts/service/xrdp-bootstrap/run

diff --git a/Dockerfile.m4 b/Dockerfile.m4
index 6d25ea4..a39f6c2 100644
--- a/Dockerfile.m4
+++ b/Dockerfile.m4
@@ -264,6 +264,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \
 		ocl-icd-opencl-dev \
 		openssh-server \
 		openssl \
+		perl-base \
 		policykit-1 \
 		pulseaudio \
 		runit \
@@ -418,6 +419,7 @@ RUN --mount=type=bind,from=build,source=/tmp/xorgxrdp/,target=/tmp/xorgxrdp/ dpk
 RUN --mount=type=bind,from=build,source=/tmp/xrdp-pulseaudio/,target=/tmp/xrdp-pulseaudio/ dpkg -i /tmp/xrdp-pulseaudio/xrdp-pulseaudio_*.deb
 
 # Environment
+ENV SVDIR=/etc/service/
 ENV UNPRIVILEGED_USER_UID=1000
 ENV UNPRIVILEGED_USER_GID=1000
 ENV UNPRIVILEGED_USER_NAME=user
@@ -425,9 +427,10 @@ ENV UNPRIVILEGED_USER_PASSWORD=password
 ENV UNPRIVILEGED_USER_GROUPS=
 ENV UNPRIVILEGED_USER_SHELL=/bin/bash
 ENV UNPRIVILEGED_USER_HOME=/home/user
+ENV SERVICE_XRDP_BOOTSTRAP_ENABLED=false
+ENV SERVICE_XORG_HEADLESS_ENABLED=false
 ENV XRDP_TLS_KEY_PATH=/etc/xrdp/key.pem
 ENV XRDP_TLS_CRT_PATH=/etc/xrdp/cert.pem
-ENV ENABLE_XDUMMY=false
 ENV STARTUP=xfce4-session
 ENV DESKTOP_SESSION=xubuntu
 ## Use Adwaita theme in QT applications
@@ -460,7 +463,7 @@ RUN rm -f /etc/ssh/ssh_host_*
 RUN rm -f "${XRDP_TLS_KEY_PATH:?}" "${XRDP_TLS_CRT_PATH:?}"
 
 # Forward logs to Docker log collector
-RUN ln -sf /dev/stdout /var/log/xdummy.log
+RUN ln -sf /dev/stdout /var/log/xorg-headless.log
 RUN ln -sf /dev/stdout /var/log/xrdp.log
 RUN ln -sf /dev/stdout /var/log/xrdp-sesman.log
 
@@ -468,12 +471,12 @@ RUN ln -sf /dev/stdout /var/log/xrdp-sesman.log
 COPY --chown=root:root ./scripts/service/ /etc/sv/
 RUN find /etc/sv/ -type d -not -perm 0755 -exec chmod 0755 '{}' ';'
 RUN find /etc/sv/ -type f -not -perm 0755 -exec chmod 0755 '{}' ';'
-RUN ln -sv /etc/sv/dbus-daemon /etc/service/
-RUN ln -sv /etc/sv/sshd /etc/service/
-RUN ln -sv /etc/sv/udevadm-trigger /etc/service/
-RUN ln -sv /etc/sv/udevd /etc/service/
-RUN ln -sv /etc/sv/xrdp /etc/service/
-RUN ln -sv /etc/sv/xrdp-sesman /etc/service/
+RUN ln -sv /etc/sv/dbus-daemon "${SVDIR:?}"
+RUN ln -sv /etc/sv/sshd "${SVDIR:?}"
+RUN ln -sv /etc/sv/udevadm-trigger "${SVDIR:?}"
+RUN ln -sv /etc/sv/udevd "${SVDIR:?}"
+RUN ln -sv /etc/sv/xrdp "${SVDIR:?}"
+RUN ln -sv /etc/sv/xrdp-sesman "${SVDIR:?}"
 
 # Copy SSH config
 COPY --chown=root:root ./config/ssh/ /etc/ssh/
diff --git a/README.md b/README.md
index d189d6b..5bc6f7d 100644
--- a/README.md
+++ b/README.md
@@ -50,7 +50,8 @@ encounter any problem related to this you may use the `--shm-size` option.
 * `UNPRIVILEGED_USER_PASSWORD`: unprivileged user password (`password` by default).
 * `UNPRIVILEGED_USER_GROUPS`: comma-separated list of additional GIDs for the unprivileged user (none by default).
 * `UNPRIVILEGED_USER_SHELL`: unprivileged user shell (`/bin/bash` by default).
-* `ENABLE_XDUMMY`: enable a dummy X server (`false` by default).
+* `SERVICE_XRDP_BOOTSTRAP_ENABLED`: enable xrdp bootstrap service, initialises user session on startup (`false` by default).
+* `SERVICE_XORG_HEADLESS_ENABLED`: enable headless X server service (`false` by default).
 
 ## License
 
diff --git a/config/X11/Xsession.d/60virtualgl b/config/X11/Xsession.d/60virtualgl
index 66caf30..4d57e1e 100644
--- a/config/X11/Xsession.d/60virtualgl
+++ b/config/X11/Xsession.d/60virtualgl
@@ -2,7 +2,7 @@
 
 if [ -z "${VGL_DISPLAY-}" ]; then
 	# Use the dummy X server if it is enabled
-	if [ "${ENABLE_XDUMMY:?}" = 'true' ]; then
+	if [ "${SERVICE_XORG_HEADLESS_ENABLED:?}" = 'true' ]; then
 		export VGL_DISPLAY=:0.0
 	else
 		# Otherwise try to use the EGL backend
diff --git a/run-with-xdummy.sh b/run-with-xdummy.sh
index a530843..cf2b35d 100755
--- a/run-with-xdummy.sh
+++ b/run-with-xdummy.sh
@@ -45,7 +45,7 @@ printf '%s\n' "Creating \"${CONTAINER_NAME:?}\" container..."
 	--shm-size 2g \
 	--publish 3322:3322/tcp \
 	--publish 3389:3389/tcp \
-	--env ENABLE_XDUMMY=true \
+	--env SERVICE_XORG_HEADLESS_ENABLED=true \
 	${CONTAINER_DEVICES?} \
 	"${IMAGE_NAME:?}" "$@" >/dev/null
 
diff --git a/scripts/bin/container-init b/scripts/bin/container-init
index 4c96392..6f0cd19 100755
--- a/scripts/bin/container-init
+++ b/scripts/bin/container-init
@@ -86,9 +86,14 @@ if [ ! -d /run/user/"${UNPRIVILEGED_USER_UID:?}"/ ]; then
 	chown "${UNPRIVILEGED_USER_NAME:?}:" /run/user/"${UNPRIVILEGED_USER_UID:?}"/
 fi
 
-# Enable xdummy service if ENABLE_XDUMMY is true
-if [ "${ENABLE_XDUMMY:?}" = 'true' ]; then
-	ln -s /etc/sv/xdummy /etc/service/
+# Enable xrdp bootstrap service
+if [ "${SERVICE_XRDP_BOOTSTRAP_ENABLED:?}" = 'true' ]; then
+	ln -s /etc/sv/xrdp-bootstrap "${SVDIR:?}"
+fi
+
+# Enable headless X server service
+if [ "${SERVICE_XORG_HEADLESS_ENABLED:?}" = 'true' ]; then
+	ln -s /etc/sv/xorg-headless "${SVDIR:?}"
 fi
 
 # Generate SSH keys if they do not exist
@@ -120,4 +125,4 @@ openssl x509 -in "${XRDP_TLS_CRT_PATH:?}" -noout -fingerprint -sha256
 env | grep -Ev '^(PWD|OLDPWD|HOME|USER|SHELL|TERM|([^=]*(PASSWORD|SECRET)[^=]*))=' | sort > /etc/environment
 
 # Start runit
-exec runsvdir -P /etc/service/
+exec runsvdir -P "${SVDIR:?}"
diff --git a/scripts/service/dbus-daemon/run b/scripts/service/dbus-daemon/run
index 27b330c..43cbcec 100755
--- a/scripts/service/dbus-daemon/run
+++ b/scripts/service/dbus-daemon/run
@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
-exec /usr/bin/chpst -u messagebus /usr/bin/dbus-daemon --system --nofork --nopidfile
+exec chpst -u messagebus dbus-daemon --system --nofork --nopidfile
diff --git a/scripts/service/sshd/run b/scripts/service/sshd/run
index 83cf4c3..ba5d656 100755
--- a/scripts/service/sshd/run
+++ b/scripts/service/sshd/run
@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
 exec /usr/sbin/sshd -D
diff --git a/scripts/service/udevadm-trigger/run b/scripts/service/udevadm-trigger/run
index 336e75e..c50c89b 100755
--- a/scripts/service/udevadm-trigger/run
+++ b/scripts/service/udevadm-trigger/run
@@ -1,6 +1,9 @@
 #!/bin/sh
 
-sv start udevd >/dev/null || exit 1
+set -eu
 
-/usr/bin/udevadm trigger
-exec sleep infinity
+sv start udevd >/dev/null
+
+exec 2>&1
+udevadm trigger ||:
+exec chpst -b udevadm-trigger perl -MPOSIX -e 'pause()'
diff --git a/scripts/service/udevd/run b/scripts/service/udevd/run
index 2c822da..db7f418 100755
--- a/scripts/service/udevd/run
+++ b/scripts/service/udevd/run
@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
 exec /lib/systemd/systemd-udevd
diff --git a/scripts/service/xdummy/run b/scripts/service/xorg-headless/run
similarity index 72%
rename from scripts/service/xdummy/run
rename to scripts/service/xorg-headless/run
index 9ac9266..b699cd4 100755
--- a/scripts/service/xdummy/run
+++ b/scripts/service/xorg-headless/run
@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
-exec /usr/lib/xorg/Xorg -noreset -nolisten tcp -logfile /var/log/xdummy.log :0.0
+exec /usr/lib/xorg/Xorg -noreset -nolisten tcp -logfile /var/log/xorg-headless.log :0.0
diff --git a/scripts/service/xrdp-bootstrap/run b/scripts/service/xrdp-bootstrap/run
new file mode 100755
index 0000000..312fe4a
--- /dev/null
+++ b/scripts/service/xrdp-bootstrap/run
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -eu
+
+sv start xrdp >/dev/null
+sv start xrdp-sesman >/dev/null
+
+exec 2>&1
+xrdp-sesrun -p "${UNPRIVILEGED_USER_PASSWORD?}" "${UNPRIVILEGED_USER_NAME:?}"
+exec chpst -b xrdp-bootstrap perl -MPOSIX -e 'pause()'
diff --git a/scripts/service/xrdp-sesman/run b/scripts/service/xrdp-sesman/run
index 58d8df9..b934fe9 100755
--- a/scripts/service/xrdp-sesman/run
+++ b/scripts/service/xrdp-sesman/run
@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
-exec /usr/sbin/xrdp-sesman --nodaemon
+exec xrdp-sesman --nodaemon
diff --git a/scripts/service/xrdp/run b/scripts/service/xrdp/run
index 6267fe5..42f8d94 100755
--- a/scripts/service/xrdp/run
+++ b/scripts/service/xrdp/run
@@ -1,4 +1,6 @@
 #!/bin/sh
 
+set -eu
+
 exec 2>&1
-exec /usr/sbin/xrdp --nodaemon
+exec xrdp --nodaemon