use Xephyr to run programs securely
This commit is contained in:
parent
8d0da7d78e
commit
11349c8a7c
|
@ -22,6 +22,14 @@ pkg_add openbox neofetch xneko dillo firefox-esr chromium claws-mail-- thunar ke
|
|||
# so copied/mounted /home is ready
|
||||
rcctl disable sshd
|
||||
|
||||
cat <<NESTED >/etc/stumpwmrc
|
||||
(setf *startup-message* nil)
|
||||
(defun st-kill-empty (a)
|
||||
(if (= 0 (length (screen-windows (current-screen))))
|
||||
(stumpwm:quit)))
|
||||
(stumpwm:add-hook stumpwm:*destroy-window-hook* 'st-kill-empty)
|
||||
NESTED
|
||||
|
||||
cat <<NESTED >/etc/rc.local
|
||||
#!/bin/sh
|
||||
HOST=\\\$(awk '/^host-name/ { print \\\$2}' /var/db/dhcpleased/vio0)
|
||||
|
@ -69,7 +77,7 @@ chmod +x /etc/rc.local
|
|||
halt
|
||||
EOF
|
||||
|
||||
./connect.sh openbsd-template uptime
|
||||
./connect.sh openbsd-template "xterm -e /bin/sh -c 'sleep 5 && exit'"
|
||||
|
||||
cat $FILE | ssh -o StrictHostKeyChecking=no root@openbsd-template.kube "cat >/$FILE"
|
||||
ssh -o StrictHostKeyChecking=no root@openbsd-template.kube "sh /$FILE"
|
||||
|
|
|
@ -38,13 +38,25 @@ then
|
|||
done
|
||||
fi
|
||||
|
||||
ID=$(vmctl show "${HOST%.kube}" | awk 'END { print $2 }')
|
||||
|
||||
# uncomment to set a dedicated X server per program
|
||||
ID="${ID}$(( $(date +%s) % 3600))"
|
||||
|
||||
ssh-keygen -R "$HOST" >/dev/null 2>/dev/null
|
||||
if [ -n "$DISPLAY" ]
|
||||
then
|
||||
PROG="${2:-xterm}"
|
||||
|
||||
VM_INFO="$$ $HOST $ID $PROG"
|
||||
echo "$VM_INFO" >> /tmp/kubes.txt
|
||||
Xephyr -xkb-layout fr -once -terminate 1 -title "[${HOST}] - ${PROG}" -resizeable -reset -br ":${ID}" &
|
||||
export DISPLAY=":${ID}"
|
||||
ssh -o StrictHostKeyChecking=no -Y "user@${HOST}" "stumpwm" &
|
||||
WAIT_FOR=$!
|
||||
ssh -o StrictHostKeyChecking=no -Y "user@${HOST}" "${PROG}"
|
||||
else
|
||||
PROG="${2:-}"
|
||||
ssh -o StrictHostKeyChecking=no -Y "user@${HOST}" "${PROG}"
|
||||
wait $WAIT_FOR
|
||||
kill $(jobs -p)
|
||||
sed -i "/^$$/d" /tmp/kubes.txt
|
||||
fi
|
||||
|
||||
|
|
29
bin/copy_clipboard.sh
Executable file
29
bin/copy_clipboard.sh
Executable file
|
@ -0,0 +1,29 @@
|
|||
#!/bin/sh
|
||||
|
||||
SOURCE=$(zenity \
|
||||
--list --radiolist --width=600 \
|
||||
--title="Copy clipboard between programs" \
|
||||
--text="Choose a clipboard to copy from" \
|
||||
--print-column=4 \
|
||||
--column="From" --column="PID" --column="Kube name" --column="Local X server" --column="Program running" \
|
||||
$(awk '{ print "FALSE "$0 }' /tmp/kubes.txt))
|
||||
|
||||
if [ -z "$SOURCE" ]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
DESTINATION=$(zenity \
|
||||
--list --radiolist --width=600 \
|
||||
--title="Copy clipboard between programs" \
|
||||
--text="Choose a destination clipboard" \
|
||||
--print-column=4 \
|
||||
--column="To" --column="PID" --column="Kube name" --column="Local X server" --column="Program running" \
|
||||
$(awk -v orig="${SOURCE}" '$3!=orig { print "FALSE "$0 }' /tmp/kubes.txt))
|
||||
|
||||
if [ -z "$DESTINATION" ]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
env DISPLAY=":$SOURCE" xclip -o - | env DISPLAY=":$DESTINATION" xclip
|
Loading…
Reference in New Issue
Block a user