diff --git a/.gitmodules b/.gitmodules index c874d5abd4a708a78c40de438dc18efe9cca3786..e67b143ad2e60ed5146611bc077736dc74b8ea7c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -33,3 +33,8 @@ url = https://github.com/tinyclub/rtthread-lab branch = master ignore = all +[submodule "labs/pwn-lab"] + path = labs/pwn-lab + url = https://gitee.com/tinylab/pwn-lab.git + branch = master + ignore = all diff --git a/README_zh.md b/README_zh.md index 84b3cd35c0465003565e835dad4721983b3e6320..d19d099281523b381eb60dccf5a209e009e2c879 100644 --- a/README_zh.md +++ b/README_zh.md @@ -12,6 +12,8 @@ [Cloud Lab](http://tinylab.org/cloud-lab) 是一套基于 Docker 的计算机软件云端实验管理平台。 +Cloud Lab 是一个开源软件,不提供任何保证,请自行承担使用过程中的任何风险。 + ## 2. 产品安装 ### 2.1 安装 Docker diff --git a/VERSION b/VERSION index ad2ce75527a1fc55b759479067d7ec0d038a92d0..a7077af8bbdca3ce54a464679426188e87307544 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Cloud Lab v0.7 +Cloud Lab v0.8-rc1 diff --git a/configs/.gitignore b/configs/.gitignore index 637474588785e451f42a130881f59ae32fd6b93c..d64eb1584b44536f52e9a1e452a8bcd3ddfa7841 100644 --- a/configs/.gitignore +++ b/configs/.gitignore @@ -1 +1,2 @@ */docker/.* +*/docker/container/.* diff --git a/configs/common/seccomp-profiles-default.json b/configs/common/seccomp-profiles-default.json new file mode 100644 index 0000000000000000000000000000000000000000..abde87bcdbca8e7c4efd5d63f19ad38c7dc985c8 --- /dev/null +++ b/configs/common/seccomp-profiles-default.json @@ -0,0 +1,790 @@ +{ + "defaultAction": "SCMP_ACT_ERRNO", + "defaultErrnoRet": 1, + "archMap": [ + { + "architecture": "SCMP_ARCH_X86_64", + "subArchitectures": [ + "SCMP_ARCH_X86", + "SCMP_ARCH_X32" + ] + }, + { + "architecture": "SCMP_ARCH_AARCH64", + "subArchitectures": [ + "SCMP_ARCH_ARM" + ] + }, + { + "architecture": "SCMP_ARCH_MIPS64", + "subArchitectures": [ + "SCMP_ARCH_MIPS", + "SCMP_ARCH_MIPS64N32" + ] + }, + { + "architecture": "SCMP_ARCH_MIPS64N32", + "subArchitectures": [ + "SCMP_ARCH_MIPS", + "SCMP_ARCH_MIPS64" + ] + }, + { + "architecture": "SCMP_ARCH_MIPSEL64", + "subArchitectures": [ + "SCMP_ARCH_MIPSEL", + "SCMP_ARCH_MIPSEL64N32" + ] + }, + { + "architecture": "SCMP_ARCH_MIPSEL64N32", + "subArchitectures": [ + "SCMP_ARCH_MIPSEL", + "SCMP_ARCH_MIPSEL64" + ] + }, + { + "architecture": "SCMP_ARCH_S390X", + "subArchitectures": [ + "SCMP_ARCH_S390" + ] + }, + { + "architecture": "SCMP_ARCH_RISCV64", + "subArchitectures": null + } + ], + "syscalls": [ + { + "names": [ + "accept", + "accept4", + "access", + "adjtimex", + "alarm", + "bind", + "brk", + "capget", + "capset", + "chdir", + "chmod", + "chown", + "chown32", + "clock_adjtime", + "clock_adjtime64", + "clock_getres", + "clock_getres_time64", + "clock_gettime", + "clock_gettime64", + "clock_nanosleep", + "clock_nanosleep_time64", + "close", + "close_range", + "connect", + "copy_file_range", + "creat", + "dup", + "dup2", + "dup3", + "epoll_create", + "epoll_create1", + "epoll_ctl", + "epoll_ctl_old", + "epoll_pwait", + "epoll_pwait2", + "epoll_wait", + "epoll_wait_old", + "eventfd", + "eventfd2", + "execve", + "execveat", + "exit", + "exit_group", + "faccessat", + "faccessat2", + "fadvise64", + "fadvise64_64", + "fallocate", + "fanotify_mark", + "fchdir", + "fchmod", + "fchmodat", + "fchown", + "fchown32", + "fchownat", + "fcntl", + "fcntl64", + "fdatasync", + "fgetxattr", + "flistxattr", + "flock", + "fork", + "fremovexattr", + "fsetxattr", + "fstat", + "fstat64", + "fstatat64", + "fstatfs", + "fstatfs64", + "fsync", + "ftruncate", + "ftruncate64", + "futex", + "futex_time64", + "futex_waitv", + "futimesat", + "getcpu", + "getcwd", + "getdents", + "getdents64", + "getegid", + "getegid32", + "geteuid", + "geteuid32", + "getgid", + "getgid32", + "getgroups", + "getgroups32", + "getitimer", + "getpeername", + "getpgid", + "getpgrp", + "getpid", + "getppid", + "getpriority", + "getrandom", + "getresgid", + "getresgid32", + "getresuid", + "getresuid32", + "getrlimit", + "get_robust_list", + "getrusage", + "getsid", + "getsockname", + "getsockopt", + "get_thread_area", + "gettid", + "gettimeofday", + "getuid", + "getuid32", + "getxattr", + "inotify_add_watch", + "inotify_init", + "inotify_init1", + "inotify_rm_watch", + "io_cancel", + "ioctl", + "io_destroy", + "io_getevents", + "io_pgetevents", + "io_pgetevents_time64", + "ioprio_get", + "ioprio_set", + "io_setup", + "io_submit", + "io_uring_enter", + "io_uring_register", + "io_uring_setup", + "ipc", + "kill", + "landlock_add_rule", + "landlock_create_ruleset", + "landlock_restrict_self", + "lchown", + "lchown32", + "lgetxattr", + "link", + "linkat", + "listen", + "listxattr", + "llistxattr", + "_llseek", + "lremovexattr", + "lseek", + "lsetxattr", + "lstat", + "lstat64", + "madvise", + "membarrier", + "memfd_create", + "memfd_secret", + "mincore", + "mkdir", + "mkdirat", + "mknod", + "mknodat", + "mlock", + "mlock2", + "mlockall", + "mmap", + "mmap2", + "mprotect", + "mq_getsetattr", + "mq_notify", + "mq_open", + "mq_timedreceive", + "mq_timedreceive_time64", + "mq_timedsend", + "mq_timedsend_time64", + "mq_unlink", + "mremap", + "msgctl", + "msgget", + "msgrcv", + "msgsnd", + "msync", + "munlock", + "munlockall", + "munmap", + "nanosleep", + "newfstatat", + "_newselect", + "open", + "openat", + "openat2", + "pause", + "pidfd_open", + "pidfd_send_signal", + "pipe", + "pipe2", + "poll", + "ppoll", + "ppoll_time64", + "prctl", + "pread64", + "preadv", + "preadv2", + "prlimit64", + "process_mrelease", + "pselect6", + "pselect6_time64", + "pwrite64", + "pwritev", + "pwritev2", + "read", + "readahead", + "readlink", + "readlinkat", + "readv", + "recv", + "recvfrom", + "recvmmsg", + "recvmmsg_time64", + "recvmsg", + "remap_file_pages", + "removexattr", + "rename", + "renameat", + "renameat2", + "restart_syscall", + "rmdir", + "rseq", + "rt_sigaction", + "rt_sigpending", + "rt_sigprocmask", + "rt_sigqueueinfo", + "rt_sigreturn", + "rt_sigsuspend", + "rt_sigtimedwait", + "rt_sigtimedwait_time64", + "rt_tgsigqueueinfo", + "sched_getaffinity", + "sched_getattr", + "sched_getparam", + "sched_get_priority_max", + "sched_get_priority_min", + "sched_getscheduler", + "sched_rr_get_interval", + "sched_rr_get_interval_time64", + "sched_setaffinity", + "sched_setattr", + "sched_setparam", + "sched_setscheduler", + "sched_yield", + "seccomp", + "select", + "semctl", + "semget", + "semop", + "semtimedop", + "semtimedop_time64", + "send", + "sendfile", + "sendfile64", + "sendmmsg", + "sendmsg", + "sendto", + "setfsgid", + "setfsgid32", + "setfsuid", + "setfsuid32", + "setgid", + "setgid32", + "setgroups", + "setgroups32", + "setitimer", + "setpgid", + "setpriority", + "setregid", + "setregid32", + "setresgid", + "setresgid32", + "setresuid", + "setresuid32", + "setreuid", + "setreuid32", + "setrlimit", + "set_robust_list", + "setsid", + "setsockopt", + "set_thread_area", + "set_tid_address", + "setuid", + "setuid32", + "setxattr", + "shmat", + "shmctl", + "shmdt", + "shmget", + "shutdown", + "sigaltstack", + "signalfd", + "signalfd4", + "sigprocmask", + "sigreturn", + "socket", + "socketcall", + "socketpair", + "splice", + "stat", + "stat64", + "statfs", + "statfs64", + "statx", + "symlink", + "symlinkat", + "sync", + "sync_file_range", + "syncfs", + "sysinfo", + "tee", + "tgkill", + "time", + "timer_create", + "timer_delete", + "timer_getoverrun", + "timer_gettime", + "timer_gettime64", + "timer_settime", + "timer_settime64", + "timerfd_create", + "timerfd_gettime", + "timerfd_gettime64", + "timerfd_settime", + "timerfd_settime64", + "times", + "tkill", + "truncate", + "truncate64", + "ugetrlimit", + "umask", + "uname", + "unlink", + "unlinkat", + "utime", + "utimensat", + "utimensat_time64", + "utimes", + "vfork", + "vmsplice", + "wait4", + "waitid", + "waitpid", + "write", + "writev" + ], + "action": "SCMP_ACT_ALLOW" + }, + { + "names": [ + "process_vm_readv", + "process_vm_writev", + "ptrace" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "minKernel": "4.8" + } + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 0, + "op": "SCMP_CMP_EQ" + } + ] + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 8, + "op": "SCMP_CMP_EQ" + } + ] + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 131072, + "op": "SCMP_CMP_EQ" + } + ] + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 131080, + "op": "SCMP_CMP_EQ" + } + ] + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 4294967295, + "op": "SCMP_CMP_EQ" + } + ] + }, + { + "names": [ + "sync_file_range2", + "swapcontext" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "arches": [ + "ppc64le" + ] + } + }, + { + "names": [ + "arm_fadvise64_64", + "arm_sync_file_range", + "sync_file_range2", + "breakpoint", + "cacheflush", + "set_tls" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "arches": [ + "arm", + "arm64" + ] + } + }, + { + "names": [ + "arch_prctl" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "arches": [ + "amd64", + "x32" + ] + } + }, + { + "names": [ + "modify_ldt" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "arches": [ + "amd64", + "x32", + "x86" + ] + } + }, + { + "names": [ + "s390_pci_mmio_read", + "s390_pci_mmio_write", + "s390_runtime_instr" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "arches": [ + "s390", + "s390x" + ] + } + }, + { + "names": [ + "riscv_flush_icache" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "arches": [ + "riscv64" + ] + } + }, + { + "names": [ + "open_by_handle_at" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_DAC_READ_SEARCH" + ] + } + }, + { + "names": [ + "clone", + "clone3", + "fanotify_init", + "fsconfig", + "fsmount", + "fsopen", + "fspick", + "lookup_dcookie", + "mount", + "mount_setattr", + "move_mount", + "name_to_handle_at", + "open_tree", + "perf_event_open", + "quotactl", + "quotactl_fd", + "setdomainname", + "sethostname", + "setns", + "syslog", + "umount", + "umount2", + "unshare" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_SYS_ADMIN" + ] + } + }, + { + "names": [ + "clone" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 2114060288, + "op": "SCMP_CMP_MASKED_EQ" + } + ], + "excludes": { + "caps": [ + "CAP_SYS_ADMIN" + ], + "arches": [ + "s390", + "s390x" + ] + } + }, + { + "names": [ + "clone" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 1, + "value": 2114060288, + "op": "SCMP_CMP_MASKED_EQ" + } + ], + "comment": "s390 parameter ordering for clone is different", + "includes": { + "arches": [ + "s390", + "s390x" + ] + }, + "excludes": { + "caps": [ + "CAP_SYS_ADMIN" + ] + } + }, + { + "names": [ + "clone3" + ], + "action": "SCMP_ACT_ERRNO", + "errnoRet": 38, + "excludes": { + "caps": [ + "CAP_SYS_ADMIN" + ] + } + }, + { + "names": [ + "reboot" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_SYS_BOOT" + ] + } + }, + { + "names": [ + "chroot" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_SYS_CHROOT" + ] + } + }, + { + "names": [ + "delete_module", + "init_module", + "finit_module" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_SYS_MODULE" + ] + } + }, + { + "names": [ + "acct" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_SYS_PACCT" + ] + } + }, + { + "names": [ + "kcmp", + "pidfd_getfd", + "process_madvise", + "process_vm_readv", + "process_vm_writev", + "ptrace" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_SYS_PTRACE" + ] + } + }, + { + "names": [ + "iopl", + "ioperm" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_SYS_RAWIO" + ] + } + }, + { + "names": [ + "settimeofday", + "stime", + "clock_settime" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_SYS_TIME" + ] + } + }, + { + "names": [ + "vhangup" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_SYS_TTY_CONFIG" + ] + } + }, + { + "names": [ + "get_mempolicy", + "mbind", + "set_mempolicy" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_SYS_NICE" + ] + } + }, + { + "names": [ + "syslog" + ], + "action": "SCMP_ACT_ALLOW", + "includes": { + "caps": [ + "CAP_SYSLOG" + ] + } + } + ] +} diff --git a/configs/lep-lab/docker/devices b/configs/cs630-qemu-lab/docker/container/placeholder similarity index 100% rename from configs/lep-lab/docker/devices rename to configs/cs630-qemu-lab/docker/container/placeholder diff --git a/configs/lep-lab/Dockerfile b/configs/lep-lab/Dockerfile deleted file mode 100644 index b992e9603f64ab9e53090331723462088396ee00..0000000000000000000000000000000000000000 --- a/configs/lep-lab/Dockerfile +++ /dev/null @@ -1,63 +0,0 @@ -FROM tinylab/cloud-ubuntu-dev_cn_input -MAINTAINER Wu Zhangjin wuzhangjin@gmail.com - -ENV DEBIAN_FRONTEND noninteractive -ENV HOME /home/ubuntu/ - -# For lepd -## -## perf heavily depends on host kernel version, it is not meaniful to preinstall it in docker image. -## so, linux-tools-`uname -r` should be installed on the fly? -RUN apt-get -y update \ - && apt-get install -y --force-yes --no-install-recommends \ - libev-dev \ - linux-tools-common linux-tools-generic linux-tools-4.4.0-98-generic \ - libncurses5-dev \ - && apt-get autoclean -y \ - && apt-get autoremove -y \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /var/cache/apt/archives/*.deb - -RUN apt-get -y update \ - && apt-get install -y --force-yes --no-install-recommends \ - gcc-arm-linux-gnueabi \ - gcc-aarch64-linux-gnu \ - libc6-dev-arm64-cross \ - libc6-dev-armel-cross \ - && apt-get autoclean -y \ - && apt-get autoremove -y \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /var/cache/apt/archives/*.deb - -RUN apt-get -y update \ - && apt-get install -y --force-yes --no-install-recommends \ - qemu-user \ - && apt-get autoclean -y \ - && apt-get autoremove -y \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /var/cache/apt/archives/*.deb - -# For lepv -RUN apt-get -y update \ - && apt-get install -y --force-yes --no-install-recommends \ - python3-pip \ - && pip3 install flask \ - && apt-get autoclean -y \ - && apt-get autoremove -y \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /var/cache/apt/archives/*.deb - -RUN pip3 install flask_socketio - -# Can not use python 2.7 by default, for supervisor doesn't work with python >= 3 -#RUN update-alternatives --install /usr/bin/python python /usr/bin/python2.7 41 \ -# && update-alternatives --install /usr/bin/python python /usr/bin/python3.4 45 \ -# && update-alternatives --set python /usr/bin/python2.7 \ -# && chmod a+rw /etc/alternatives/ \ -# && chmod a+rw /var/lib/dpkg/alternatives/ - -EXPOSE 5900 8889 22 - -WORKDIR /labs/ - -ENTRYPOINT ["/tools/lab/run"] diff --git a/configs/lep-lab/docker/caps b/configs/lep-lab/docker/caps deleted file mode 100644 index 875e9388698152f6198ddfd5796d9a03a08fd268..0000000000000000000000000000000000000000 --- a/configs/lep-lab/docker/caps +++ /dev/null @@ -1,2 +0,0 @@ -sys_admin -net_admin diff --git a/configs/lep-lab/docker/limits b/configs/lep-lab/docker/limits deleted file mode 100644 index 2add7dc86fcf97b185016578584bacdbe15e058e..0000000000000000000000000000000000000000 --- a/configs/lep-lab/docker/limits +++ /dev/null @@ -1 +0,0 @@ ---cpu-shares=512 diff --git a/configs/lep-lab/docker/name b/configs/lep-lab/docker/name deleted file mode 100644 index fb1500f27f8f2c0f287ddbdbec49c01e4291608a..0000000000000000000000000000000000000000 --- a/configs/lep-lab/docker/name +++ /dev/null @@ -1 +0,0 @@ -tinylab/lep-lab diff --git a/configs/lep-lab/docker/portmap b/configs/lep-lab/docker/portmap deleted file mode 100644 index f0c32141063a38946809480b5a5360c378037c98..0000000000000000000000000000000000000000 --- a/configs/lep-lab/docker/portmap +++ /dev/null @@ -1 +0,0 @@ -8889:8889 diff --git a/configs/lep-lab/system/etc/sudoers.d/ubuntu b/configs/lep-lab/system/etc/sudoers.d/ubuntu deleted file mode 100644 index 7fe0202b9568397aeadaebd2d13ab752d9520721..0000000000000000000000000000000000000000 --- a/configs/lep-lab/system/etc/sudoers.d/ubuntu +++ /dev/null @@ -1,3 +0,0 @@ -Cmnd_Alias LAB_TOOLS = /labs/lep-lab/lepd/lepd,/usr/bin/apt-get,/usr/bin/pkill,/usr/bin/qemu-arm - -ubuntu ALL=(ALL) NOPASSWD: LAB_TOOLS diff --git a/configs/lep-lab/system/home/ubuntu/Desktop/home.desktop b/configs/lep-lab/system/home/ubuntu/Desktop/home.desktop deleted file mode 100644 index b2ea39861c2ba99db0c90b317fb24a44d0a56ef9..0000000000000000000000000000000000000000 --- a/configs/lep-lab/system/home/ubuntu/Desktop/home.desktop +++ /dev/null @@ -1,7 +0,0 @@ -[Desktop Entry] -Encoding=UTF-8 -Name=Help Page -Comment=LEP Lab Project Home page -Exec=/usr/bin/chromium-browser https://tinylab.org/lep-lab -Icon=/usr/share/pixmaps/chromium-browser.png -Type=Application diff --git a/configs/lep-lab/system/home/ubuntu/Desktop/lab.desktop b/configs/lep-lab/system/home/ubuntu/Desktop/lab.desktop deleted file mode 100644 index 21de101b86deebeb6ef34b52536a6e12400e1721..0000000000000000000000000000000000000000 --- a/configs/lep-lab/system/home/ubuntu/Desktop/lab.desktop +++ /dev/null @@ -1,7 +0,0 @@ -[Desktop Entry] -Encoding=UTF-8 -Name=LEP Lab -Comment=An open-sourced all-in-one toolbox for Linux/Android performance profiling & visualization -Exec=/usr/bin/terminator --working-directory=/labs/lep-lab/ -T "LEP Lab" -Icon=/usr/share/pixmaps/terminator.png -Type=Application diff --git a/configs/lep-lab/system/home/ubuntu/Desktop/lepv.desktop b/configs/lep-lab/system/home/ubuntu/Desktop/lepv.desktop deleted file mode 100644 index 71d74dc83add2c458aa9820680ffaba70e613114..0000000000000000000000000000000000000000 --- a/configs/lep-lab/system/home/ubuntu/Desktop/lepv.desktop +++ /dev/null @@ -1,7 +0,0 @@ -[Desktop Entry] -Encoding=UTF-8 -Name=LEP Monitor -Comment=Start lepv web monitor -Exec=chromium-browser http://localhost:8889 -Icon=/usr/share/pixmaps/chromium-browser.png -Type=Application diff --git a/configs/lep-lab/tools/container-run b/configs/lep-lab/tools/container-run deleted file mode 100755 index 62f83c67e2541748a93a102405876ca2417d1e92..0000000000000000000000000000000000000000 --- a/configs/lep-lab/tools/container-run +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# -# startup.sh -- lab specific startup script, -# - -TOP_DIR=$(cd $(dirname $0) && pwd)/ - -# Install perf, compile and run lepd, run lepv backend -LEP=/labs/lep-lab/lep.sh -$LEP perf & -PREBUILT=1 $LEP lepd & -sudo -u $UNIX_USER $LEP lepv & diff --git a/configs/lep-lab/docker/volumemap b/configs/linux-0.11-lab/docker/container/placeholder similarity index 100% rename from configs/lep-lab/docker/volumemap rename to configs/linux-0.11-lab/docker/container/placeholder diff --git a/configs/rtthread-lab/docker/volumemap b/configs/linux-lab/docker/container/placeholder similarity index 100% rename from configs/rtthread-lab/docker/volumemap rename to configs/linux-lab/docker/container/placeholder diff --git a/configs/linux-lab/tools/container-run b/configs/linux-lab/tools/container-run index cfea3e89240a2c67c76baeb03b7eb64bbf604a2a..a5d42f40423b035a59103b8a6f6418af52264d05 100755 --- a/configs/linux-lab/tools/container-run +++ b/configs/linux-lab/tools/container-run @@ -111,3 +111,6 @@ $TOP_DIR/restart-net-servers.sh # FIXME: Disable git detachedHead advice, bsp submodule use FETCH_HEAD currently. git config --global advice.detachedHead false + +# Clean up the target directory +rm /binutils-arm-linux-gnueabi.tar.gz & diff --git a/configs/markdown-lab/docker/container/placeholder b/configs/markdown-lab/docker/container/placeholder new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/configs/pwn-lab/Dockerfile b/configs/pwn-lab/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..bf0ae3645ea50d53a310d2aa9928c346a1ef3a33 --- /dev/null +++ b/configs/pwn-lab/Dockerfile @@ -0,0 +1,43 @@ +FROM tinylab/cloud-ubuntu-cinnamon:20220714 +MAINTAINER Wu Zhangjin + +RUN echo '#! /bin/sh\n\ +env DEBIAN_FRONTEND=noninteractive apt-get autoremove -y\n\ +apt-get clean\n\ +find /var/lib/apt/lists -type f -delete\n\ +find /var/cache -type f -delete\n\ +find /var/log -type f -delete\n\ +exit 0\n\ +' > /cleanup && chmod +x /cleanup + +RUN apt-get -y update +RUN apt-get -y install python3-pip \ + && pip install pqi \ + && pqi use tuna + +RUN apt-get -y install --no-install-recommends \ + wget \ + curl \ + gcc \ + g++ \ + git \ + openssh-client \ + python-capstone \ + vim \ + gedit \ + gedit-plugins \ + gdb \ + autoconf \ + automake \ + libtool \ + && /cleanup + +RUN apt-get -y install --no-install-recommends \ + ruby \ + && /cleanup + +EXPOSE 5900 22 + +WORKDIR /labs/ + +ENTRYPOINT ["/tools/lab/run"] diff --git a/configs/pwn-lab/docker/container/placeholder b/configs/pwn-lab/docker/container/placeholder new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/configs/pwn-lab/docker/name b/configs/pwn-lab/docker/name new file mode 100644 index 0000000000000000000000000000000000000000..ccbb58523bce4df4b9bc8903127f9be0e10561fd --- /dev/null +++ b/configs/pwn-lab/docker/name @@ -0,0 +1 @@ +tinylab/pwn-lab diff --git a/configs/pwn-lab/lab-logo.png b/configs/pwn-lab/lab-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..408399327ce72a96c702f22f0f332a988816331e Binary files /dev/null and b/configs/pwn-lab/lab-logo.png differ diff --git a/configs/pwn-lab/system/home/ubuntu/.config/dconf/user b/configs/pwn-lab/system/home/ubuntu/.config/dconf/user new file mode 100644 index 0000000000000000000000000000000000000000..e0ee0a006be183d8c0e4a4cf7db73a215f9cea58 Binary files /dev/null and b/configs/pwn-lab/system/home/ubuntu/.config/dconf/user differ diff --git a/configs/pwn-lab/system/home/ubuntu/.local/share/gvfs-metadata/home b/configs/pwn-lab/system/home/ubuntu/.local/share/gvfs-metadata/home new file mode 100644 index 0000000000000000000000000000000000000000..8c0f4c89870f9f908477b50d5f387a6fbeba188d Binary files /dev/null and b/configs/pwn-lab/system/home/ubuntu/.local/share/gvfs-metadata/home differ diff --git a/configs/pwn-lab/system/home/ubuntu/Desktop/lab.desktop b/configs/pwn-lab/system/home/ubuntu/Desktop/lab.desktop new file mode 100755 index 0000000000000000000000000000000000000000..300b1998025dac518a672a11d3e935b1b9c75d3a --- /dev/null +++ b/configs/pwn-lab/system/home/ubuntu/Desktop/lab.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Encoding=UTF-8 +Name=Pwn Lab +Comment=A Friendly Lab for CTF PWN Learning +Exec=/usr/bin/gnome-terminal --working-directory=/labs/pwn-lab/ --title "PWN Lab" +Icon=/configs/lab-logo.png +Type=Application diff --git a/configs/rtthread-lab/Dockerfile b/configs/rtthread-lab/Dockerfile deleted file mode 100644 index cff2d3f0ba1339844842333b6032f53d10992023..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/Dockerfile +++ /dev/null @@ -1,41 +0,0 @@ -FROM tinylab/cloud-ubuntu-vm -MAINTAINER Wu Zhangjin wuzhangjin@gmail.com - -# Building system - -RUN apt-get -y update \ - && apt-get install -y --force-yes --no-install-recommends \ - scons \ - && apt-get autoclean -y \ - && apt-get autoremove -y \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /var/cache/apt/archives/*.deb - -# Gcc toolchain with libnewlib -# ref: https://launchpad.net/gcc-arm-embedded/ - -RUN url=https://launchpad.net/gcc-arm-embedded \ - && path=5.0/5-2016-q3-update/+download \ - && file=gcc-arm-none-eabi-5_4-2016q3-20160926-linux \ - && suffix=tar.bz2 \ - && wget -c $url/$path/$file.$suffix \ - && tar jxf $file.$suffix --strip-components=1 -C /usr/local \ - && rm -rf $file \ - && rm $file.$suffix - -# For scons --menuconfig - -RUN apt-get -y update \ - && apt-get install -y --force-yes --no-install-recommends \ - libncurses-dev \ - && apt-get autoclean -y \ - && apt-get autoremove -y \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /var/cache/apt/archives/*.deb - - -EXPOSE 5900 22 - -WORKDIR /labs/ - -ENTRYPOINT ["/tools/lab/run"] diff --git a/configs/rtthread-lab/docker/caps b/configs/rtthread-lab/docker/caps deleted file mode 100644 index ec7c1677bf592dae28b5b223a5c39159e1d36f4a..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/docker/caps +++ /dev/null @@ -1,4 +0,0 @@ -sys_module -sys_admin -net_admin -mknod diff --git a/configs/rtthread-lab/docker/devices b/configs/rtthread-lab/docker/devices deleted file mode 100644 index a13408ae9fb2aaed69eb3387666a49fe96a3725e..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/docker/devices +++ /dev/null @@ -1 +0,0 @@ -/dev/net/tun diff --git a/configs/rtthread-lab/docker/limits b/configs/rtthread-lab/docker/limits deleted file mode 100644 index 91e089d62f1501dfa00675e06ae6745c3311a4aa..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/docker/limits +++ /dev/null @@ -1 +0,0 @@ ---cpu-shares=1024 diff --git a/configs/rtthread-lab/docker/name b/configs/rtthread-lab/docker/name deleted file mode 100644 index b5668e3d38bfc5778cd1285620d77303638a2487..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/docker/name +++ /dev/null @@ -1 +0,0 @@ -tinylab/rtthread-lab diff --git a/configs/rtthread-lab/system/etc/sudoers.d/ubuntu b/configs/rtthread-lab/system/etc/sudoers.d/ubuntu deleted file mode 100644 index 2846bd265414abdb964a6a368f170f07f8f06d19..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/system/etc/sudoers.d/ubuntu +++ /dev/null @@ -1,3 +0,0 @@ -Cmnd_Alias LAB_TOOLS = /usr/local/bin/qemu-system-cskyv2,/usr/bin/qemu-system-aarch64,/usr/bin/qemu-system-arm,/usr/bin/qemu-system-mips64el,/usr/bin/qemu-system-ppcemb,/usr/bin/qemu-system-i386,/usr/bin/qemu-system-mipsel,/usr/bin/qemu-system-x86_64,/usr/bin/qemu-system-mips,/usr/bin/qemu-system-ppc,/usr/bin/qemu-system-x86_64-spice,/usr/bin/qemu-system-mips64,/usr/bin/qemu-system-ppc64,/bin/mount,/bin/umount,/bin/cpio,/usr/bin/update-alternatives,/bin/cp,/usr/bin/make,/sbin/modprobe - -ubuntu ALL=(ALL) NOPASSWD: LAB_TOOLS diff --git a/configs/rtthread-lab/system/home/ubuntu/Desktop/help.desktop b/configs/rtthread-lab/system/home/ubuntu/Desktop/help.desktop deleted file mode 100644 index 6cf9370c5c0bbbef19c50858cbf23cea34ac3150..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/system/home/ubuntu/Desktop/help.desktop +++ /dev/null @@ -1,7 +0,0 @@ -[Desktop Entry] -Encoding=UTF-8 -Name=Help Page -Comment=Project Home Page -Exec=/usr/bin/chromium-browser http://www.tinylab.org/rtthread-lab/ -Icon=/usr/share/pixmaps/chromium-browser.png -Type=Application diff --git a/configs/rtthread-lab/system/home/ubuntu/Desktop/lab.desktop b/configs/rtthread-lab/system/home/ubuntu/Desktop/lab.desktop deleted file mode 100644 index 4978dc495fc95af968487cb13681393584ccd798..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/system/home/ubuntu/Desktop/lab.desktop +++ /dev/null @@ -1,7 +0,0 @@ -[Desktop Entry] -Encoding=UTF-8 -Name=RT-Thread Lab -Comment=Cloud Lab for RT-Thread Development -Exec=/usr/bin/terminator --working-directory=/labs/rtthread-lab/ -T "RT-Thread Lab" -Icon=/usr/share/pixmaps/terminator.png -Type=Application diff --git a/configs/rtthread-lab/system/home/ubuntu/Desktop/rt-thread-repo.desktop b/configs/rtthread-lab/system/home/ubuntu/Desktop/rt-thread-repo.desktop deleted file mode 100644 index 9021455fec206b8942e3d51f9bda43b1ab3d3522..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/system/home/ubuntu/Desktop/rt-thread-repo.desktop +++ /dev/null @@ -1,7 +0,0 @@ -[Desktop Entry] -Encoding=UTF-8 -Name=RT-Thread Git Repo -Comment=RT-Thread Git Repository -Exec=/usr/bin/chromium-browser https://github.com/rt-thread/rt-thread.git -Icon=/usr/share/pixmaps/chromium-browser.png -Type=Application diff --git a/configs/rtthread-lab/system/home/ubuntu/Desktop/rt-thread-site.desktop b/configs/rtthread-lab/system/home/ubuntu/Desktop/rt-thread-site.desktop deleted file mode 100644 index 93b149fd43facf23beef0802e1c0540b39ce5cb9..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/system/home/ubuntu/Desktop/rt-thread-site.desktop +++ /dev/null @@ -1,7 +0,0 @@ -[Desktop Entry] -Encoding=UTF-8 -Name=RT-Thread Home Page -Comment=RT-Thread Home Page -Exec=/usr/bin/chromium-browser http://www.rt-thread.org/ -Icon=/usr/share/pixmaps/chromium-browser.png -Type=Application diff --git a/configs/rtthread-lab/system/home/ubuntu/Desktop/showterm.desktop b/configs/rtthread-lab/system/home/ubuntu/Desktop/showterm.desktop deleted file mode 100644 index 887fb25179139626ae043126fafaaad64ed9f436..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/system/home/ubuntu/Desktop/showterm.desktop +++ /dev/null @@ -1,7 +0,0 @@ -[Desktop Entry] -Encoding=UTF-8 -Name=Terminal Demo -Comment=Demonstration page with showterm.io -Exec=/usr/bin/chromium-browser http://showterm.io/4551e753b1518243d2a83 -Icon=/usr/share/pixmaps/chromium-browser.png -Type=Application diff --git a/configs/rtthread-lab/tools/container-run b/configs/rtthread-lab/tools/container-run deleted file mode 100755 index ad5c169755f4064c84905e18b37ef06f481fa73a..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/tools/container-run +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -# -# startup.sh -- lab specific startup script, -# - -TOP_DIR=$(cd $(dirname $0) && pwd)/ - -# Enable network bridge support - -$TOP_DIR/enable_net_bridge.sh diff --git a/configs/rtthread-lab/tools/enable_net_bridge.sh b/configs/rtthread-lab/tools/enable_net_bridge.sh deleted file mode 100755 index df4e4983a1e2e06ef988c47e4d6604dfb2bc24d4..0000000000000000000000000000000000000000 --- a/configs/rtthread-lab/tools/enable_net_bridge.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# -# enable_net_bridge.sh -# -# Copyright (C) 2016-2021 Wu Zhangjin -# - -ip=`ifconfig eth0 | grep "inet " | tr -d -c '^[0-9. ]' | awk '{print $1}'` -route=`route -n | head -3 | tail -1 | tr -s ' ' | cut -d' ' -f2` - -echo ip=$ip gateway=$route - -brctl addbr br0 -brctl addif br0 eth0 -ifconfig eth0 down -ifconfig eth0 0.0.0.0 up -ifconfig br0 $ip up -route add default gw $route br0 diff --git a/configs/tinylab.org/docker/container/placeholder b/configs/tinylab.org/docker/container/placeholder new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/configs/tinylab.org/system/home/ubuntu/Desktop/demo.desktop b/configs/tinylab.org/system/home/ubuntu/Desktop/demo.desktop deleted file mode 100644 index 1c2e7782e30c95e93306cd3c0316ff310ffa3aa9..0000000000000000000000000000000000000000 --- a/configs/tinylab.org/system/home/ubuntu/Desktop/demo.desktop +++ /dev/null @@ -1,7 +0,0 @@ -[Desktop Entry] -Encoding=UTF-8 -Name=Demo Page -Comment=Demonstrate how to write a post -Exec=/usr/bin/chromium-browser http://showterm.io/77c13ecbfe82b963029d7 -Icon=/usr/share/pixmaps/chromium-browser.png -Type=Application diff --git a/configs/tinylab.org/system/home/ubuntu/Desktop/local.desktop b/configs/tinylab.org/system/home/ubuntu/Desktop/local.desktop index 295dc87f0f102875e2782f52e3013adf68aded8b..9db8a8d365cd1beedf7382c49eeca69c7c936af2 100644 --- a/configs/tinylab.org/system/home/ubuntu/Desktop/local.desktop +++ b/configs/tinylab.org/system/home/ubuntu/Desktop/local.desktop @@ -2,6 +2,6 @@ Encoding=UTF-8 Name=Local Page Comment=Local site of https://tinylab.org -Exec=/usr/bin/chromium-browser http://localhost:8080/ +Exec=/usr/bin/chromium-browser http://tinylab:8080/ Icon=/usr/share/pixmaps/chromium-browser.png Type=Application diff --git a/images/3rd-party/firefox.png b/images/3rd-party/firefox.png new file mode 100644 index 0000000000000000000000000000000000000000..39e77389022cb1b1205bbe2505739560521283f8 Binary files /dev/null and b/images/3rd-party/firefox.png differ diff --git a/images/3rd-party/gnome-terminal.svg b/images/3rd-party/gnome-terminal.svg new file mode 100644 index 0000000000000000000000000000000000000000..248186af4db76cc22fe45b924e0afd99d64be54c --- /dev/null +++ b/images/3rd-party/gnome-terminal.svg @@ -0,0 +1,101 @@ + + + + Adwaita Icon Template + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + GNOME Design Team + + + + + Adwaita Icon Template + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/images/3rd-party/lxterminal.png b/images/3rd-party/lxterminal.png new file mode 100644 index 0000000000000000000000000000000000000000..b8207a66f253f525d3714b4e6005f4df6563674f Binary files /dev/null and b/images/3rd-party/lxterminal.png differ diff --git a/labs/lep-lab b/labs/lep-lab deleted file mode 160000 index 673cc232eb22e3c67e2f370b2f8d7da1fa736d2e..0000000000000000000000000000000000000000 --- a/labs/lep-lab +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 673cc232eb22e3c67e2f370b2f8d7da1fa736d2e diff --git a/labs/pwn-lab b/labs/pwn-lab new file mode 160000 index 0000000000000000000000000000000000000000..fdffa3d118af4021ddc52c1441db570fc6582e12 --- /dev/null +++ b/labs/pwn-lab @@ -0,0 +1 @@ +Subproject commit fdffa3d118af4021ddc52c1441db570fc6582e12 diff --git a/labs/rtthread-lab b/labs/rtthread-lab deleted file mode 160000 index de05f38d9d1dc7dac5cabc240dfb413485e4c67f..0000000000000000000000000000000000000000 --- a/labs/rtthread-lab +++ /dev/null @@ -1 +0,0 @@ -Subproject commit de05f38d9d1dc7dac5cabc240dfb413485e4c67f diff --git a/tools/docker/config b/tools/docker/config index 58e5828398efd3c35c78bfd37edda4081c028889..933537079bdff78e1a71ace5f3f92afde153c9c1 100755 --- a/tools/docker/config +++ b/tools/docker/config @@ -49,91 +49,89 @@ get_current() fi } -if [ -n "$IN_CONTAINER" ]; then - LAB_DIR="$LAB_WORKDIR" - TOOL_DIR="$TOOL_WORKDIR" - CONFIG_DIR="$CONFIG_WORKDIR" -else - get_current $1 - CONFIG_DIR="$TOP_DIR"/configs/$CURRENT -fi +get_current $1 +CONFIG_DIR="$TOP_DIR"/configs/$CURRENT CORE_SYSTEM_DIR="$TOOL_DIR"/system CONFIG_TOOL_DIR="$CONFIG_DIR"/tools CONFIG_DOCKER_DIR="$CONFIG_DIR"/docker +CONFIG_CONTAINER_DIR="$CONFIG_DIR"/docker/container CONFIG_SYSTEM_DIR="$CONFIG_DIR"/system -if [ ! -n "$IN_CONTAINER" ]; then - LAB_LOGIN="$TOP_DIR"/.login_method - LAB_VNC="$TOP_DIR"/.login_vnc - LAB_HOST="$TOP_DIR"/.host_name - LAB_DOCKER="$TOP_DIR"/.docker_name - LAB_OUTPUT="$TOP_DIR"/output - - DOCKER_DIR="$TOOL_DIR"/docker - DOCKER_IDENTIFY_CMD="$DOCKER_DIR"/identify - DOCKER_VNC_CMD="$DOCKER_DIR"/vnc - DOCKER_WEBVNC_CMD="$DOCKER_DIR"/webvnc - DOCKER_IP_CMD="$DOCKER_DIR"/newip - DOCKER_LIST_CMD="$DOCKER_DIR"/list - DOCKER_RELEASE_CMD="$DOCKER_DIR"/release - DOCKER_BASH_CMD="$DOCKER_DIR"/bash - DOCKER_SSH_CMD="$DOCKER_DIR"/ssh - DOCKER_WEBSSH_CMD="$DOCKER_DIR"/webssh - DOCKER_LOGIN_CMD="$DOCKER_DIR"/login - DOCKER_EXPORT_CMD="$DOCKER_DIR"/export - DOCKER_RESIZE_CMD="$DOCKER_DIR"/resize - DOCKER_PUBLISH_CMD="$DOCKER_DIR"/publish - DOCKER_PULL_CMD="$DOCKER_DIR"/pull - DOCKER_GIT_PULL_CMD="$DOCKER_DIR"/git-pull - DOCKER_TPROXY_CMD="$DOCKER_DIR"/tproxy - DOCKER_CLEAN_CMD="$DOCKER_DIR"/clean - DOCKER_BUILD_CMD="$DOCKER_DIR"/build - DOCKER_RM_CMD="$DOCKER_DIR"/rm - DOCKER_RM_ALL_CMD="$DOCKER_DIR"/rm-all - DOCKER_RMI_ALL_CMD="$DOCKER_DIR"/rmi-all - DOCKER_RUN_CMD="$DOCKER_DIR"/run - DOCKER_CHOOSE_CMD="$DOCKER_DIR"/choose - DOCKER_STOP_CMD="$DOCKER_DIR"/stop - DOCKER_START_CMD="$DOCKER_DIR"/start - DOCKER_START_ALL_CMD="$DOCKER_DIR"/start-all - DOCKER_UNLOCK_CMD="$DOCKER_DIR"/unlock - DOCKER_XTERM_CMD="$DOCKER_DIR"/get_xterm - DOCKER_CMD_CMD="$DOCKER_DIR"/cmd - DOCKER_NOTIFY_CMD="$DOCKER_DIR"/notify - DOCKER_LIBS="$DOCKER_DIR"/libs - DOCKER_FILE="$CONFIG_DIR"/Dockerfile - - LAB_IMAGE="$CONFIG_DOCKER_DIR"/name - LAB_ENVS="$CONFIG_DOCKER_DIR"/envs - LAB_CAPS="$CONFIG_DOCKER_DIR"/caps - LAB_DNS="$CONFIG_DOCKER_DIR"/dns - LAB_DEVICES="$CONFIG_DOCKER_DIR"/devices - LAB_LIMITS="$CONFIG_DOCKER_DIR"/limits - LAB_PORTMAP="$CONFIG_DOCKER_DIR"/portmap - LAB_VOLUMEMAP="$CONFIG_DOCKER_DIR"/volumemap - LAB_BRANCH="$CONFIG_DOCKER_DIR"/branch - LAB_WEB_BROWSER="$CONFIG_DOCKER_DIR"/.web_browser - LAB_XTERM="$CONFIG_DOCKER_DIR"/.xterm - - LAB_TPROXY_LIMITS="$TPROXY_DIR"/limits - LAB_WPROXY_LIMITS="$WPROXY_DIR"/limits - - LAB_LOGO="$CONFIG_DIR"/lab-logo.png - LAB_HOST_RUN="$CONFIG_TOOL_DIR"/host-run -fi - +LAB_LOGIN="$TOP_DIR"/.login_method +LAB_VNC="$TOP_DIR"/.login_vnc +LAB_HOST="$TOP_DIR"/.host_name +LAB_DOCKER="$TOP_DIR"/.docker_name +LAB_OUTPUT="$TOP_DIR"/output + +DOCKER_DIR="$TOOL_DIR"/docker +DOCKER_IDENTIFY_CMD="$DOCKER_DIR"/identify +DOCKER_VNC_CMD="$DOCKER_DIR"/vnc +DOCKER_WEBVNC_CMD="$DOCKER_DIR"/webvnc +DOCKER_IP_CMD="$DOCKER_DIR"/newip +DOCKER_LIST_CMD="$DOCKER_DIR"/list +DOCKER_RELEASE_CMD="$DOCKER_DIR"/release +DOCKER_BASH_CMD="$DOCKER_DIR"/bash +DOCKER_SSH_CMD="$DOCKER_DIR"/ssh +DOCKER_WEBSSH_CMD="$DOCKER_DIR"/webssh +DOCKER_LOGIN_CMD="$DOCKER_DIR"/login +DOCKER_EXPORT_CMD="$DOCKER_DIR"/export +DOCKER_RESIZE_CMD="$DOCKER_DIR"/resize +DOCKER_PUBLISH_CMD="$DOCKER_DIR"/publish +DOCKER_PULL_CMD="$DOCKER_DIR"/pull +DOCKER_GIT_PULL_CMD="$DOCKER_DIR"/git-pull +DOCKER_TPROXY_CMD="$DOCKER_DIR"/tproxy +DOCKER_CLEAN_CMD="$DOCKER_DIR"/clean +DOCKER_BUILD_CMD="$DOCKER_DIR"/build +DOCKER_RM_CMD="$DOCKER_DIR"/rm +DOCKER_RM_ALL_CMD="$DOCKER_DIR"/rm-all +DOCKER_RMI_ALL_CMD="$DOCKER_DIR"/rmi-all +DOCKER_RUN_CMD="$DOCKER_DIR"/run +DOCKER_CHOOSE_CMD="$DOCKER_DIR"/choose +DOCKER_STOP_CMD="$DOCKER_DIR"/stop +DOCKER_START_CMD="$DOCKER_DIR"/start +DOCKER_START_ALL_CMD="$DOCKER_DIR"/start-all +DOCKER_UNLOCK_CMD="$DOCKER_DIR"/unlock +DOCKER_XTERM_CMD="$DOCKER_DIR"/get_xterm +DOCKER_CMD_CMD="$DOCKER_DIR"/cmd +DOCKER_NOTIFY_CMD="$DOCKER_DIR"/notify +DOCKER_LIBS="$DOCKER_DIR"/libs +DOCKER_FILE="$CONFIG_DIR"/Dockerfile + +LAB_IMAGE="$CONFIG_DOCKER_DIR"/name +LAB_ENVS="$CONFIG_DOCKER_DIR"/envs +LAB_CAPS="$CONFIG_DOCKER_DIR"/caps +LAB_DNS="$CONFIG_DOCKER_DIR"/dns +LAB_DEVICES="$CONFIG_DOCKER_DIR"/devices +LAB_LIMITS="$CONFIG_DOCKER_DIR"/limits +LAB_PORTMAP="$CONFIG_DOCKER_DIR"/portmap +LAB_VOLUMEMAP="$CONFIG_DOCKER_DIR"/volumemap +LAB_BRANCH="$CONFIG_DOCKER_DIR"/branch +LAB_WEB_BROWSER="$CONFIG_DOCKER_DIR"/.web_browser +LAB_PRIV_MODE="$CONFIG_DOCKER_DIR"/.priv_mode +LAB_XTERM="$CONFIG_DOCKER_DIR"/.xterm + +LAB_TPROXY_LIMITS="$TPROXY_DIR"/limits +LAB_WPROXY_LIMITS="$WPROXY_DIR"/limits + +LAB_LOGO="$CONFIG_DIR"/lab-logo.png +LAB_HOST_RUN="$CONFIG_TOOL_DIR"/host-run + +# Container writable +LAB_UNIX_PWD="$CONFIG_CONTAINER_DIR"/.unix_pwd +LAB_VNC_PWD="$CONFIG_CONTAINER_DIR"/.vnc_pwd +LAB_VNC_PWD_VIEWONLY="$CONFIG_CONTAINER_DIR"/.vnc_pwd_viewonly +LAB_VNC_IP="$CONFIG_CONTAINER_DIR"/.vnc_ip +LAB_VNC_TOKEN="$CONFIG_CONTAINER_DIR"/.vnc_token +LAB_UNIX_USER="$CONFIG_CONTAINER_DIR"/.unix_user +LAB_UNIX_UID="$CONFIG_CONTAINER_DIR"/.unix_uid +LAB_HOST_NAME="$CONFIG_CONTAINER_DIR"/.host_name +LAB_MIRROR_SITE="$CONFIG_CONTAINER_DIR"/.mirror_site + +# Host side only LAB_CONTAINER_NAME="$CONFIG_DOCKER_DIR"/.container_name LAB_CONTAINER_ID="$CONFIG_DOCKER_DIR"/.container_id -LAB_HOST_NAME="$CONFIG_DOCKER_DIR"/.host_name -LAB_UNIX_USER="$CONFIG_DOCKER_DIR"/.unix_user -LAB_UNIX_PWD="$CONFIG_DOCKER_DIR"/.unix_pwd -LAB_UNIX_UID="$CONFIG_DOCKER_DIR"/.unix_uid -LAB_VNC_PWD="$CONFIG_DOCKER_DIR"/.vnc_pwd -LAB_VNC_PWD_VIEWONLY="$CONFIG_DOCKER_DIR"/.vnc_pwd_viewonly -LAB_VNC_IP="$CONFIG_DOCKER_DIR"/.vnc_ip -LAB_VNC_TOKEN="$CONFIG_DOCKER_DIR"/.vnc_token LAB_TPROXY="$CONFIG_DOCKER_DIR"/.tproxy LAB_TPROXY_IP="$CONFIG_DOCKER_DIR"/.tproxy_ip LAB_SCREEN_SIZE="$CONFIG_DOCKER_DIR"/.screen_size @@ -145,9 +143,9 @@ LAB_CONTAINER_RUN="$CONFIG_TOOL_DIR"/container-run # Default variables [ -z "$LAB_SECURITY" ] && LAB_SECURITY=0 -DEF_USER=ubuntu -DEF_UID=1000 - +DEF_UNIX_USER=ubuntu +DEF_UNIX_UID=1000 +DEF_HOSTNAME=localhost DEF_PWD_LENGTH=6 DEF_PWD_TOTAL=100 @@ -156,13 +154,15 @@ DEF_TOKEN_LENGTH=6 [ -z "$DEF_TOKEN_DIR" ] && DEF_TOKEN_DIR=.vnc-tokens DEF_VNC_IP="0.0.0.0" +DEF_MIRROR_SITE="mirrors.ustc.edu.cn" + for cs in sha1sum shasum; do which $cs >/dev/null 2>&1 && DEF_ENCRYPT_CMD=$cs && break done [ -z "$ENCRYPT_CMD" ] && ENCRYPT_CMD=$DEF_ENCRYPT_CMD # Variables passed from host to container -VARS="UNIX_USER UNIX_UID UNIX_PWD VNC_PWD VNC_PWD_VIEWONLY VNC_IP VNC_TOKEN TPROXY_IP TPROXY VNC_SHARED SCREEN_SIZE HOST_NAME UNIX_IDENTIFY VNC_IDENTIFY SUDO_IDENTIFY HOST_OS LAB_SECURITY" +VARS="UNIX_USER UNIX_UID UNIX_PWD VNC_PWD VNC_PWD_VIEWONLY VNC_IP VNC_TOKEN TPROXY_IP TPROXY VNC_SHARED SCREEN_SIZE HOST_NAME UNIX_IDENTIFY VNC_IDENTIFY SUDO_IDENTIFY HOST_OS LAB_SECURITY MIRROR_SITE PWD_LENGTH PWD_TOTAL" debug_print () { @@ -260,6 +260,8 @@ if [ $LAB_SECURITY -eq 1 ]; then DEF_UNIX_IDENTIFY=0 # No sudo, no way to switch to root in clients DEF_SUDO_IDENTIFY=0 + # Enable vnc identify + DEF_VNC_IDENTIFY=1 [ -z "$VNC_SHARED" ] && VNC_SHARED=0 elif [ $LAB_SECURITY -eq 2 ]; then WEB_NOSSL=1 @@ -269,6 +271,8 @@ elif [ $LAB_SECURITY -eq 2 ]; then DEF_UNIX_IDENTIFY=1 # No sudo, no way to switch to root in clients DEF_SUDO_IDENTIFY=0 + # Enable vnc identify + DEF_VNC_IDENTIFY=1 [ -z "$VNC_SHARED" ] && VNC_SHARED=0 elif [ $LAB_SECURITY -eq 3 ]; then WEB_NOSSL=1 @@ -278,6 +282,8 @@ elif [ $LAB_SECURITY -eq 3 ]; then DEF_UNIX_IDENTIFY=1 # Can get root simply with sudo and password DEF_SUDO_IDENTIFY=1 + # Enable vnc identify + DEF_VNC_IDENTIFY=1 [ -z "$VNC_SHARED" ] && VNC_SHARED=1 else WEB_NOSSL=1 @@ -287,6 +293,8 @@ else DEF_UNIX_IDENTIFY=1 # Can get root simply with sudo and no password DEF_SUDO_IDENTIFY=2 + # Enable vnc identify + DEF_VNC_IDENTIFY=1 [ -z "$VNC_SHARED" ] && VNC_SHARED=1 fi @@ -313,8 +321,14 @@ get_var () #VAR #defval fi # If no variable specified or cached, use the default value if specified, otherwise, reserve empty - [ -z "$var_value" -a -n "$defval" ] && eval `eval echo \\$VAR='$defval'` - + if [ -z "$var_value" ]; then + if [ -n "$defval" ]; then + eval `eval echo \\$VAR='$defval'` + else + defval="`eval echo '$DEF_'${VAR}`" + eval `eval echo \\$VAR='$defval'` + fi + fi debug_print "`eval echo GET: $VAR=\\$${VAR}`" } @@ -396,4 +410,4 @@ host_init() LAB_NAME=$CURRENT } -[ ! -n "$IN_CONTAINER" ] && host_init +host_init diff --git a/tools/docker/container b/tools/docker/container new file mode 100644 index 0000000000000000000000000000000000000000..a5f4a1b0b5054408412ace2221080fb238b3d3ba --- /dev/null +++ b/tools/docker/container @@ -0,0 +1,153 @@ +#!/bin/sh +# +# container -- Configure the common variables for container +# +# Copyright (C) 2016-2021 Wu Zhangjin +# + +if [ -z "$TOP_DIR" ]; then + TOP_DIR="$(cd "$(dirname "$0")"/../../ && pwd)" +else + TOP_DIR="$(cd "$(dirname "$TOP_DIR"/null)" && pwd)" +fi + +# Basic files/directories +TOOL_WORKDIR=//tools + +CONFIGS_DIR="$TOP_DIR"/configs/ +CONFIG_WORKDIR=//configs + +TOOL_DIR="$TOOL_WORKDIR" +CONFIG_DIR="$CONFIG_WORKDIR" + +CORE_SYSTEM_DIR="$TOOL_DIR"/system +CONFIG_SYSTEM_DIR="$CONFIG_DIR"/system + +CONFIG_DOCKER_DIR="$CONFIG_DIR"/docker +CONFIG_CONTAINER_DIR="$CONFIG_DIR"/docker/container + +# Container writable +LAB_UNIX_PWD="$CONFIG_CONTAINER_DIR"/.unix_pwd +LAB_VNC_PWD="$CONFIG_CONTAINER_DIR"/.vnc_pwd +LAB_VNC_PWD_VIEWONLY="$CONFIG_CONTAINER_DIR"/.vnc_pwd_viewonly +LAB_VNC_IP="$CONFIG_CONTAINER_DIR"/.vnc_ip +LAB_VNC_TOKEN="$CONFIG_CONTAINER_DIR"/.vnc_token +LAB_UNIX_USER="$CONFIG_CONTAINER_DIR"/.unix_user +LAB_UNIX_UID="$CONFIG_CONTAINER_DIR"/.unix_uid +LAB_HOST_NAME="$CONFIG_CONTAINER_DIR"/.host_name +LAB_MIRROR_SITE="$CONFIG_CONTAINER_DIR"/.mirror_site + +# Default variables +DEF_UNIX_USER=ubuntu +DEF_UNIX_UID=1000 +DEF_HOSTNAME=localhost +DEF_PWD_LENGTH=6 +DEF_PWD_TOTAL=100 + +DEF_MIRROR_SITE="mirrors.ustc.edu.cn" + +# Get default encrypt command +for cs in sha1sum shasum; do + which $cs >/dev/null 2>&1 && DEF_ENCRYPT_CMD=$cs && break +done +[ -z "$ENCRYPT_CMD" ] && ENCRYPT_CMD=$DEF_ENCRYPT_CMD + +# Lock the important files for security +__do_lock () +{ + [ `id -u` -ne 0 ] && SUDO=sudo + + [ -d "$CONFIG_DOCKER_DIR" ] && \ + $SUDO find "$CONFIG_DOCKER_DIR" -iname ".[^.]*" -exec chmod -f -R a-rw "{}" \; + + which chattr >/dev/null 2>&1 + if [ $? -eq 0 ]; then + $SUDO chattr -R +i "$CONFIGS_DIR" + $SUDO chattr -R +i "$TOOL_DIR" + fi +} + +# Unlock the important files for configuration +__do_unlock () +{ + [ `id -u` -ne 0 ] && SUDO=sudo + + which chattr >/dev/null 2>&1 + if [ $? -eq 0 ]; then + $SUDO chattr -R -i "$CONFIGS_DIR" + $SUDO chattr -R -i "$TOOL_DIR" + fi + [ -d "$CONFIG_DOCKER_DIR" ] && \ + $SUDO find "$CONFIG_DOCKER_DIR" -iname ".[^.]*" -exec chmod -f -R 664 "{}" \; +} + +do_lock () +{ + [ $LAB_SECURITY -ge 1 ] && __do_lock +} + +do_unlock () +{ + [ $LAB_SECURITY -ge 1 ] && __do_unlock +} + +get_var () #VAR #defval +{ + local var_value + local VAR + local defval + + VAR=$1 + defval=$2 + + # Get potential variable cache file + var_file="`eval echo \\${LAB_$VAR}`" + + # Init it as user input + var_value=`eval echo \\$${VAR}` + + # Load from variable cached file, if no user input specified + if [ -f "$var_file" -a -z "$var_value" ]; then + eval var_value=\\\'$\(sed -e \'':a;N;$!ba;s/\r//g;s/\n/ /g;s/#[^ ]* //g;s%^\s*$%%g;s%\s\{1,\}$%%g'\' \'$var_file\'\)\\\' + eval `eval echo \\$VAR='$var_value'` + var_value="`eval echo '$'${VAR}`" + fi + + # If no variable specified or cached, use the default value if specified, otherwise, reserve empty + if [ -z "$var_value" ]; then + if [ -n "$defval" ]; then + eval `eval echo \\$VAR='$defval'` + else + defval="`eval echo '$DEF_'${VAR}`" + eval `eval echo \\$VAR='$defval'` + fi + fi +} + +get_vars () +{ + for var in $@; do + get_var $var + done +} + +set_var () #VAR +{ + local VAR + local var + local var_file + + VAR=$1 + + var=`eval echo \\$${VAR} | egrep -v "^$|^ *$"` + var_file="`eval echo \\${LAB_$VAR}`" + + [ -n "$var" ] && echo "$var" | sed -e ':a;N;$!ba;s/\r//g;s%^\s*$%%g;s%\s\{1,\}$%%g;s/ /\n/g' > "$var_file" +} + +set_vars () +{ + for var in $@; do + set_var $var + done +} diff --git a/tools/docker/libs b/tools/docker/libs index 512fb81340e7a84d73c8ed49a5124ff4dac7503d..c330f92ee688c084a89a409110de46b10e37af2d 100755 --- a/tools/docker/libs +++ b/tools/docker/libs @@ -690,7 +690,10 @@ create_shortcuts () BROWSER_ICON=/usr/share/pixmaps/${WEB_BROWSER}.png DEFAULT_BROWSER_ICON=$BROWSER_ICON if [ ! -f "$BROWSER_ICON" ]; then - BROWSER_ICON=$(find /usr/share/ -name "${WEB_BROWSER}*.png" 2>/dev/null | egrep "hicolor" | head -1) + BROWSER_ICON=$(find /usr/share/ -name "*${WEB_BROWSER}*.png" -o -name "*${WEB_BROWSER}*.svg" 2>/dev/null | egrep -i "hicolor|bloom" | egrep "48|64|96" | tail -1) + fi + if [ ! -f "$BROWSER_ICON" ]; then + BROWSER_ICON=$TOP_DIR/images/3rd-party/${WEB_BROWSER}.png fi if [ "x$LAB_DESKTOP_SHORTCUT" = "x1" -a ! -f "$LOCAL_DESKTOP_SHORTCUT" ]; then @@ -742,8 +745,8 @@ create_shortcuts () fi fi if [ ! -f "$XTERM_ICON" ]; then - XTERM_ICON=$(find /usr/share/ -name "${XTERM}*.png" 2>/dev/null | grep icon | head -1) - [ -z "$XTERM_ICON" ] && XTERM_ICON=$(find /usr/share/ -name "${XTERM}*.png" 2>/dev/null | head -1) + XTERM_ICON=$(find /usr/share/ -name "${XTERM}*.png" -o -name "${XTERM}*.svg" 2>/dev/null | egrep -i "hicolor|bloom" | egrep "48|64|96|128" | tail -1) + [ -z "$XTERM_ICON" ] && XTERM_ICON=$(find /usr/share/ -name "${XTERM}*.png" 2>/dev/null | tail -1) fi fi diff --git a/tools/docker/run b/tools/docker/run index 2e1e7df77da455c2fc60a55b8f17d4b0c1177c6b..a11fbb79e2667f3d27d227354795b993b3a2427b 100755 --- a/tools/docker/run +++ b/tools/docker/run @@ -149,8 +149,13 @@ envs="" # ref: https://headsigned.com/posts/mounting-docker-volumes-with-docker-toolbox-for-windows/ volumemap="-v '/$GIT_DIR':'$GIT_WORKDIR'" volumemap="$volumemap -v '/$LAB_DIR':'$LAB_WORKDIR'" -volumemap="$volumemap -v '/$TOOL_DIR':'$TOOL_WORKDIR'" -volumemap="$volumemap -v '/$CONFIG_DIR':'$CONFIG_WORKDIR'" +volumemap="$volumemap -v '/$TOOL_DIR/docker/container':'$TOOL_WORKDIR/docker/container':ro" +volumemap="$volumemap -v '/$TOOL_DIR/lab/run':'$TOOL_WORKDIR/lab/run':ro" +volumemap="$volumemap -v '/$TOOL_DIR/system':'$TOOL_WORKDIR/system':ro" +volumemap="$volumemap -v '/$CONFIG_DIR/tools':'$CONFIG_WORKDIR/tools':ro" +volumemap="$volumemap -v '/$CONFIG_DIR/system':'$CONFIG_WORKDIR/system':ro" +volumemap="$volumemap -v '/$CONFIG_DIR/lab-logo.png':'$CONFIG_WORKDIR/lab-logo.png':ro" +volumemap="$volumemap -v '/$CONFIG_DIR/docker/container':'$CONFIG_WORKDIR/docker/container'" limits=$LIMITS # Get a new ip for our new container if no one cached @@ -167,11 +172,15 @@ get_var SCREEN_SIZE # Sync UID before running [ "x$HOST_OS" = "xLinux" ] && UNIX_UID=$(id -u `get_host_user`) -[ "x$UNIX_UID" = "x0" -o -z "$UNIX_UID" ] && UNIX_UID=$DEF_UID -[ -z "$UNIX_USER" ] && UNIX_USER=$DEF_USER +[ "x$UNIX_UID" = "x0" -o -z "$UNIX_UID" ] && UNIX_UID=$DEF_UNIX_UID +[ -z "$UNIX_USER" ] && UNIX_USER=$DEF_UNIX_USER # Build vars passed to container log_print "Build variables for $CONTAINER_NAME" + +# Init environment variables instead of parsing it in container +get_vars UNIX_IDENTIFY SUDO_IDENTIFY VNC_IDENTIFY + for var in $VARS; do # Available encrypt cmds: sha1sum, sha224sum, cksum, sha256sum, sha512sum, md5sum, sha384sum, sum value=$(eval echo \$${var}) @@ -203,17 +212,18 @@ done # Get configured settings log_print "Build more arguments ..." if [ "x$HOST_OS" = "xWindows" ]; then - get_vars CAPS DEVICES VOLUMEMAP + get_vars CAPS DEVICES VOLUMEMAP PRIV_MODE else - get_vars ENVS CAPS DNS DEVICES PORTMAP VOLUMEMAP + get_vars ENVS CAPS DNS DEVICES PORTMAP VOLUMEMAP PRIV_MODE fi for env in $ENVS; do vars="$vars -e $env"; done for cap in $CAPS; do caps="$caps --cap-add $cap"; done for dns in $DNS; do dnss="$dnss --dns $dns"; done -for dev in $DEVICES; do devs="$devs --device $dev"; done +for dev in $DEVICES; do [ -e "$dev" ] && devs="$devs --device $dev"; done for map in $PORTMAP; do portmap="$portmap -p $map"; done for map in $VOLUMEMAP; do volumemap="$volumemap -v $map"; done +[ "x$PRIV_MODE" = "x1" ] && privmode=--privileged # Build container name container="--name $CONTAINER_NAME" @@ -229,7 +239,9 @@ net="$ip --network $VNC_NET_NAME" info_print "Wait for lab launching ..." -lab_id=$(eval docker run -d --privileged $coredump -h $LAB_NAME $net $audio $container $portmap $caps $dnss $devices $limits $volumemap $vars $EXTRA_ARGS $IMAGE) +seccomp="--security-opt seccomp=$TOP_DIR/configs/common/seccomp-profiles-default.json" + +lab_id=$(eval docker run -d $privmode $coredump -h $LAB_NAME $seccomp $net $audio $container $portmap $caps $dnss $devs $limits $volumemap $vars $EXTRA_ARGS $IMAGE) [ $? -ne 0 ] && err_print "docker running error." && exit 1 @@ -270,6 +282,10 @@ get_host # Save the lab's information (for restore the container for 'docker start') set_vars CONTAINER_NAME CONTAINER_ID SCREEN_SIZE +[ -n "$PRIV_MODE" -a "x$PRIV_MODE" = "x1" ] && set_var PRIV_MODE +[ "$MIRROR_SITE" != "$DEF_MIRROR_SITE" ] && set_var MIRROR_SITE +[ "$UNIX_USER" != "$DEF_UNIX_USER" ] && set_var UNIX_USER +[ "$UNIX_UID" != "1000" -a "$UNIX_UID" != "0" ] && set_var UNIX_UID do_lock diff --git a/tools/docker/vnc b/tools/docker/vnc index 60f5684f7536f1a53f79ce1ee1c96e6e1a3b5232..7f2c879159485195a17973f0b45cd5698815684a 100755 --- a/tools/docker/vnc +++ b/tools/docker/vnc @@ -188,4 +188,6 @@ copy2clipboard "$VNC_PWD" info_print "Running '$VNC_LOGIN'" echo +sleep 1 + nohup $VNC_LOGIN >/dev/null 2>&1 & diff --git a/tools/lab/run b/tools/lab/run index c4305a698b782e143ebf5f1ca9ac1cd4340aff2f..1f19870a1df26891d6b28a5b88071acd73cd0c2f 100755 --- a/tools/lab/run +++ b/tools/lab/run @@ -9,25 +9,30 @@ if [ ! -d /labs -o ! -d /.git ]; then exit 1 fi -# no argument required of config for container -IN_CONTAINER=1 +# Dump environment variables +# env +# Clean up everything before running +find /var/lib/apt/lists -type f -delete & +find /var/cache -type f -delete & +find /var/log -type f -delete & + +# NOTE: for Security, variables should be passed as environment variables # NOTE: for Security, variables should be passed as environment variables -. /tools/docker/config >/dev/null +. /tools/docker/container >/dev/null do_unlock # Don't touch me -[ -z "$UNIX_USER" ] && get_var UNIX_USER $DEF_USER [ -z "$LAB_SECURITY" ] && LAB_SECURITY=0 -get_var HOST_NAME localhost -get_var UNIX_IDENTIFY $DEF_UNIX_IDENTIFY -get_var SUDO_IDENTIFY $DEF_SUDO_IDENTIFY -get_var UNIX_UID 1000 +get_vars UNIX_USER UNIX_UID HOST_NAME MIRROR_SITE PWD_LENGTH PWD_TOTAL + +# Check and update mirror site +old=$(grep -m1 ^deb /etc/apt/sources.list | cut -d ' ' -f2 | tr -s '/' | cut -d '/' -f2) +[ "$old" != "$MIRROR_SITE" -a -n "$MIRROR_SITE" ] && sed -i -e "s/$old/$MIRROR_SITE/g" /etc/apt/sources.list & [ "x$UNIX_UID" = "x0" ] && UNIX_UID=1000 -set_var UNIX_UID [ -z "$VNC_IP" ] && get_var VNC_IP $DEF_VNC_IP [ -z "$VNC_TOKEN" ] && get_var VNC_TOKEN "" @@ -43,7 +48,7 @@ else fi [ -n "$VNC_IP" -a -z "$VNC_TOKEN" ] && VNC_TOKEN=`echo -n $VNC_IP | tr -d '\n' | $ENCRYPT_CMD | cut -d' ' -f1 | cut -c1-$TOKEN_LENGTH` -[ -n "$VNC_IP" ] && set_var VNC_IP +[ -n "$VNC_IP" -a "$VNC_IP" != "$DEF_VNC_IP" ] && set_var VNC_IP [ -n "$VNC_TOKEN" ] && set_var VNC_TOKEN do_lock @@ -68,8 +73,8 @@ else # Touch a flag touch $CREATE_FLAG - DEF_HOME=/home/$DEF_USER - DEF_SYSTEM_SUDOERS_USER=/etc/sudoers.d/$DEF_USER + DEF_HOME=/home/$DEF_UNIX_USER + DEF_SYSTEM_SUDOERS_USER=/etc/sudoers.d/$DEF_UNIX_USER DESKTOP=$HOME/Desktop/ [ $SUDO_IDENTIFY -ge 1 ] && UNIX_USER_GROUPS="--groups adm,sudo,audio" @@ -108,7 +113,7 @@ else [ -f "$DEF_SYSTEM_SUDOERS_USER" -a "$LAB_SECURITY" != "0" ] \ && mv $DEF_SYSTEM_SUDOERS_USER $SYSTEM_SUDOERS_USER \ - && sed -i -e "s/^$DEF_USER/$UNIX_USER/g" $SYSTEM_SUDOERS_USER \ + && sed -i -e "s/^$DEF_UNIX_USER/$UNIX_USER/g" $SYSTEM_SUDOERS_USER \ && chmod 440 $SYSTEM_SUDOERS_USER chown $UNIX_USER:$UNIX_USER -R $HOME/ @@ -136,23 +141,26 @@ else [ -z "$VNC_PWD" ] && get_var VNC_PWD [ -z "$VNC_PWD_VIEWONLY" ] && get_var VNC_PWD_VIEWONLY - [ -z "$PWD_LENGTH" ] && get_var PWD_LENGTH $DEF_PWD_LENGTH - [ -z "$PWD_TOTAL" ] && get_var PWD_TOTAL $DEF_PWD_TOTAL + [ -z "$PWD_TOTAL" ] && PWD_TOTAL=$DEF_PWD_TOTAL + [ -z "$PWD_LENGTH" ] && PWD_TOTAL=$DEF_PWD_LENGTH PWGEN_OPTS="-B -s -n -v $PWD_LENGTH 1" [ -z "$UNIX_PWD" ] && UNIX_PWD=`pwgen $PWGEN_OPTS | tr '[A-Z]' '[a-z]'` [ -z "$VNC_PWD" ] && VNC_PWD=`pwgen $PWGEN_OPTS | tr '[A-Z]' '[a-z]'` [ -z "$VNC_PWD_VIEWONLY" ] && VNC_PWD_VIEWONLY=`pwgen $PWGEN_OPTS | tr '[A-Z]' '[a-z]'` - [ -n "$UNIX_USER" ] && set_var UNIX_USER [ -n "$UNIX_PWD" ] && set_var UNIX_PWD [ -n "$VNC_PWD" ] && set_var VNC_PWD [ -n "$VNC_PWD_VIEWONLY" ] && set_var VNC_PWD_VIEWONLY # Sync UID between host and container FILES_TO_SYN_PERM="$LAB_UNIX_PWD $LAB_VNC_PWD $LAB_VNC_PWD_VIEWONLY $LAB_UNIX_UID $LAB_UNIX_USER $LAB_VNC_IP $LAB_VNC_TOKEN" - sudo chown $UNIX_USER:$UNIX_USER $FILES_TO_SYN_PERM - sudo chmod a+w $FILES_TO_SYN_PERM + for f in $FILES_TO_SYN_PERM + do + [ ! -f $f ] && continue + sudo chown $UNIX_USER:$UNIX_USER $f + sudo chmod a+w $f + done do_lock @@ -160,9 +168,9 @@ else echo "User: $UNIX_USER ,Password: $UNIX_PWD ,VNC Password: $VNC_PWD ,Viewonly Password: $VNC_PWD_VIEWONLY" SYSTEM_SUPERVISORD_CONF=/etc/supervisor/conf.d/x11vnc.conf - if [ "$UNIX_USER" != "$DEF_USER" ]; then + if [ "$UNIX_USER" != "$DEF_UNIX_USER" ]; then sed -i -e "s%$DEF_HOME%$HOME%g" $SYSTEM_SUPERVISORD_CONF - sed -i -e "s%user=$DEF_USER%user=$UNIX_USER%g" $SYSTEM_SUPERVISORD_CONF + sed -i -e "s%user=$DEF_UNIX_USER%user=$UNIX_USER%g" $SYSTEM_SUPERVISORD_CONF fi # VNC PASS @@ -181,7 +189,6 @@ else chmod o-rwx $VNC_PWD_FILE # Disable the VNC login password - get_var VNC_IDENTIFY 1 [ $VNC_IDENTIFY -eq 0 -a "x$HOST_NAME" = "xlocalhost" ] \ && sed -i -e "s% -usepw$%-nopw%g" $SYSTEM_SUPERVISORD_CONF fi @@ -224,9 +231,14 @@ mount -t tmpfs none /tmp/ # Run Lab specific tasks [ -x $LAB_CONTAINER_RUN ] && UNIX_USER=$UNIX_USER $LAB_CONTAINER_RUN & +# Init lxqt detection +lxqt=0 # Detect lxqt -which startlxqt >/dev/null 2>&1 -[ $? -eq 0 ] && ln -sf /usr/bin/lxqt-session /usr/bin/lxsession +which startlxqt >/dev/null 2>&1 && ln -sf /usr/bin/lxqt-session /usr/bin/lxsession && lxqt=1 +# Detect cinnamon +which cinnamon-session >/dev/null 2>&1 && ln -sf /usr/bin/cinnamon-session /usr/bin/lxsession +# Clean up lxqt specific files +[ $lxqt -eq 0 ] && rm -rf $HOME/.config/lxqt $HOME/.config/pcmanfm-qt $HOME/.config/autostart/lxqt*.desktop & # Run image built-in tasks for f in /etc/startup.aux/*.sh diff --git a/tools/system/usr/bin/showterm b/tools/system/usr/bin/showterm deleted file mode 100755 index ecbaa1912f35686a4acfe24ab89cff3ba5ad3b58..0000000000000000000000000000000000000000 --- a/tools/system/usr/bin/showterm +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash -# A simple Linux-only pure-shell showterm client for those without Ruby. -# -# Mac users (and Linux users with Ruby installed) should use the ruby client: -# (sudo) gem install showterm -# -# Dependencies (please let me know if you don't have them all already) -# mktemp (coreutils) -# script (util-linux) -# tput (ncurses) -# bash -# curl -# -# To install. Just copy this file to your computer, and chmod +x showterm. -# -# curl showterm.io/showterm > ~/bin/showterm -# chmod +x ~/bin/showterm -# -# Otherwise you can run this file without installing: -# -# bash <(curl record.showterm.io) -# - -# set -e - -record_base_url="http://showterm.io/record" -upload_base_url="http://showterm.io" - -if ! which curl >/dev/null -then - # Current docker image system is based on ubuntu - sudo apt-get -y update - sudo apt-get install -y curl -fi - -if ! tty >/dev/null -then - echo "Usage: bash <(curl $record_base_url)" - exit 1 -fi - -if [ "-d" = "$1" -o "--delete" = "$1" ] -then - url="${2?-Usage showterm --delete }" - curl --fail "$url" -X "DELETE" --data-urlencode "secret@$HOME/.showterm" - exit -fi - -scriptfile="$(mktemp /tmp/XXXXX.script)" -timingfile="$(mktemp /tmp/XXXXX.timing)" - -cols="$(tput cols)" -lines="$(tput lines)" - -server="${SHOWTERM_SERVER-$upload_base_url}" -url="${server%/}/scripts" - -if [ "$*" ] -then - echo "$*" - args=-c "$*" -fi - -if [ ! -f "$HOME/.showterm" ] -then - echo -n $(openssl rand -hex 16) > "$HOME/.showterm" -fi - -echo "showterm recording. (Exit shell when done.)" -script $args -q -t"$timingfile" "$scriptfile" -echo "Uploading..." -echo "" - -data=$(curl --fail "$url" --data-urlencode "cols=$cols" --data-urlencode "lines=$lines" --data-urlencode "scriptfile@$scriptfile" --data-urlencode "timingfile@$timingfile" "secret@$HOME/.showterm" 2>/dev/null) -status=$? - -echo "$data" - -# get a browser and check the $data accessible -for b in chromium-browser firefox -do - if which $b >/dev/null - then - ($b $data >/dev/null 2>&1)& - break - fi -done - -if [ $status -eq 0 ] -then - echo "" - rm "$scriptfile" "$timingfile" - exit 0 -else - echo "" - echo "Uploading may failed, but don't worry! Your work is safe." - echo "If the above url not accessible, try uploading again with:" - echo curl "$url" --data-urlencode "cols=$cols" --data-urlencode "lines=$lines" --data-urlencode "scriptfile@$scriptfile" --data-urlencode "timingfile@$timingfile" "secret@$HOME/.showterm" -fi diff --git a/tools/system/usr/share/desktop/home/.config/autostart/lxqt-z-ibus.desktop b/tools/system/usr/share/desktop/home/.config/autostart/ibus-daemon.desktop similarity index 100% rename from tools/system/usr/share/desktop/home/.config/autostart/lxqt-z-ibus.desktop rename to tools/system/usr/share/desktop/home/.config/autostart/ibus-daemon.desktop