Skip to content

Commit

Permalink
Ignore PR pipeline on master
Browse files Browse the repository at this point in the history
  • Loading branch information
Dramelac committed Sep 4, 2024
1 parent 943180a commit 4178c5d
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 10 deletions.
1 change: 1 addition & 0 deletions .github/workflows/entrypoint_pull_request.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ on:
push:
branches-ignore:
- "dev"
- "master"
paths-ignore:
- ".github/**"
- "**.md"
Expand Down
20 changes: 10 additions & 10 deletions exegol/model/ExegolContainer.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import os
import shutil
import subprocess
import tempfile
import shutil
from datetime import datetime
from typing import Optional, Dict, Sequence, Tuple, Union

Expand All @@ -17,8 +17,8 @@
from exegol.model.SelectableInterface import SelectableInterface
from exegol.utils.ContainerLogStream import ContainerLogStream
from exegol.utils.ExeLog import logger, console
from exegol.utils.imgsync.ImageScriptSync import ImageScriptSync
from exegol.utils.GuiUtils import GuiUtils
from exegol.utils.imgsync.ImageScriptSync import ImageScriptSync


class ExegolContainer(ExegolContainerTemplate, SelectableInterface):
Expand Down Expand Up @@ -339,12 +339,12 @@ def __applyX11ACLs(self):
logger.error(f"The [green]xhost[/green] command is not available on your [bold]host[/bold]. "
f"Exegol was unable to allow your container to access your graphical environment ({debug_msg}).")
return

logger.debug(f"DISPLAY variable: {GuiUtils.getDisplayEnv()}")
# Extracts the left part of the display variable to determine if remote access is used
display_host = GuiUtils.getDisplayEnv().split(':')[0]
# Left part is empty, local access is used to start Exegol
if display_host=='' or EnvInfo.isMacHost():
if display_host == '' or EnvInfo.isMacHost():
logger.debug("Connecting to container from local GUI, no X11 forwarding to set up")
# TODO verify that the display format is the same on macOS, otherwise might not set up xauth and xhost correctly
if EnvInfo.isMacHost():
Expand All @@ -357,7 +357,7 @@ def __applyX11ACLs(self):
# add linux local ACL
os.system(f"xhost +local:{self.config.getUsername()} > /dev/null")
return

if shutil.which("xauth") is None:
if EnvInfo.is_linux_shell:
debug_msg = "Try to install the package [green]xorg-xauth[/green] to support X11 forwarding in your current environment?"
Expand All @@ -366,10 +366,10 @@ def __applyX11ACLs(self):
logger.error(f"The [green]xauth[/green] command is not available on your [bold]host[/bold]. "
f"Exegol was unable to allow your container to access your graphical environment ({debug_msg}).")
return

# If the left part of the display variable is "localhost", x11 socket is exposed only on loopback and remote access is used
# If the container is not in host mode, it won't be able to reach the loopback interface of the host
if display_host=="localhost" and self.config.getNetworkMode() != "host":
if display_host == "localhost" and self.config.getNetworkMode() != "host":
logger.warning("X11 forwarding won't work on a bridged container unless you specify \"X11UseLocalhost no\" in your host sshd_config")
logger.warning("[red]Be aware[/red] changing \"X11UseLocalhost\" value can [red]expose your device[/red], correct firewalling is [red]required[/red]")
# TODO Add documentation to restrict the exposure of the x11 socket to the docker subnet
Expand All @@ -379,18 +379,18 @@ def __applyX11ACLs(self):
_, tmpXauthority = tempfile.mkstemp()
logger.debug(f"Extracting xauth entries to {tmpXauthority}")
os.system(f"xauth extract {tmpXauthority} $DISPLAY > /dev/null 2>&1")
xauthEntry = subprocess.check_output(f"xauth -f {tmpXauthority} list 2>/dev/null",shell=True).decode()
xauthEntry = subprocess.check_output(f"xauth -f {tmpXauthority} list 2>/dev/null", shell=True).decode()
logger.debug(f"xauthEntry to propagate: {xauthEntry}")

# Replacing the hostname with localhost to support loopback exposed x11 socket and container in host mode (loopback is the same)
if display_host=="localhost":
if display_host == "localhost":
logger.debug("X11UseLocalhost directive is set to \"yes\" or unspecified, X11 connections can be received only on loopback");
# Modifing the entry to convert <hostname>/unix:<display_number> to localhost:<display_number>
xauthEntry = f"localhost:{xauthEntry.split(':')[1]}"
else:
# TODO latter implement a check to see if the x11 socket is correctly firewalled and warn the user if it is not
logger.debug("X11UseLocalhost directive is set to \"no\", X11 connections can be received from anywere");

# Check if the host has a xauth entry corresponding to the current display.
if xauthEntry:
logger.debug(f"Adding xauth cookie to container: {xauthEntry}")
Expand Down

0 comments on commit 4178c5d

Please sign in to comment.