Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 116 lines (96 sloc) 3.38 KB
#!/bin/sh
# Copyright (C)2011 Laurence Tratt <http://tratt.net/laurie/>
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
# DEALINGS IN THE SOFTWARE.
# http://tratt.net/laurie/src/xcage/
#
# This utility runs an Xnest (i.e. X Windows-inside-X Windows), and inside
# that executes a command as another user. This allows one to conveniently
# run an X Windows "jail" or "sandbox" where programs can execute without
# impacting upon one's normal user account.
#
# This utility requires sudo to work appropriately.
#
# This utility was inspired by xsandbox:
# http://shoestringfoundation.org/cgi-bin/blosxom.cgi/2005/11/16
user=""
cmd=""
xnest_args=""
if [ -f ~/.xcagerc ]; then
. ~/.xcagerc
fi
ae=0
while getopts ":hc:u:" f
do
case "$f" in
c) cmd="$OPTARG";;
u) user="$OPTARG";;
h) ae=1; break;;
[?]) ae=2; break;;
esac
done
if [[ "X$user" = "X" || "X$cmd" = "X" ]]; then
ae=2
fi
if [ $ae -gt 0 ]; then
echo "Usage: xcage [-c <cmd>] [-u <user>] [-- <arguments for Xnest>]" >&2
if [ $ae -eq 1 ]; then
exit 0
else
exit 1
fi
fi
shift $((OPTIND-1))
function die {
echo $1
exit $2
}
# Setup the appropriate authorisation - we use two files to ensure that only
# the current user and $user can access the X authorisation files.
which jot > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
hexkey=`jot -p 64 -s "" -r -w "%.2x" 16 0 255`
else
hexkey=`head -c 16 < /dev/urandom | hexdump -v -e '/1 "%02x"'` ||
die "Can't create hex key" $?
fi
umask 022
xauthmef=`mktemp` ||
die "Can't create temporary file" $?
trap "rm -f $xauthmef" 0 1 2 3 13 15
xauthof=`sudo su -l $user -c mktemp` ||
die "Can't create temporary file as user $user" $?
trap "rm -f $xauthmef; sudo -u $user rm -f $xauthof" 0 1 2 3 13 15
xauth -i -f $xauthmef add :1.0 . $hexkey ||
exit $?
xauth -i -f $xauthmef nextract - :1.0 |
sudo -u $user xauth -f $xauthof nmerge - ||
exit $?
# Run Xnest using the override args or not, as appropriate.
if [ $# -eq 0 ]; then
Xnest :1 -auth $xauthmef -sss $xnest_args &
else
Xnest :1 -auth $xauthmef -sss $* &
fi
# Run the specified command $cmd as $user.
sudo su -l $user -c "XAUTHORITY=$xauthof DISPLAY=:1.0 $cmd"
# Sometimes Xnest exits unexpectedly, and there may be other Xnests running
# in the system, so we're careful only to kill an Xnest process (should
# there be any running) if it was started by this script.
pkill -P $$ Xnest