20日 11月 2017

CentOS 7: Run Ubuntu 18.04's TorBrowser on LXD

Latest updated Tor Browser needs glibc 2.8. But CentOS 7 has only glibc 2.7. Upgrading glibc to 2.8 may affect many packages. This article will describe how to run Ubuntu 18.04 on LXD with snap, to install Tor Browser to Ubuntu 18.04 and to enable CentOS 7 to access Ubuntu 18.04's Tor Browser.

1 Install snapd 

#!/bin/sh

sudo yum install -y snapd
sudo ln -s /var/lib/snapd/snap /snap
sudo systemctl enable snapd
sudo systemctl start snapd

2 Install LXD with snap 

#!/bin/sh -e

sudo snap install lxd
sudo gpasswd -a "${USER}" lxd

cat <<EOF | sudo tee /etc/sysctl.d/lxd.conf
user.max_user_namespaces=15076
EOF

# shellcheck disable=SC1091
. /etc/default/grub

if [ -z "${GRUB_CMDLINE_LINUX_DEFAULT}" ]; then
    cat <<EOF | sudo tee -a /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="user_namespace.enable=1 namespace.unpriv_enable=1
EOF
else
    D="${GRUB_CMDLINE_LINUX_DEFAULT} user_namespace.enable=1"
    D="${D} namespace.unpriv_enable=1"
    sudo sed -i /etc/default/grub \
         -e "s;^GRUB_CMDLINE_LINUX_DEFAULT=.*;GRUB_CMDLINE_LINUX_DEFAULT=\"${D}\";g"
fi

if which grub-mkconfig > /dev/null 2>&1; then
    sudo grub-mkconfig -o /boot/grub/grub.cfg
elif which grub2-mkconfig > /dev/null 2>&1; then
    sudo grub2-mkconfig -o /boot/grub/grub.cfg
else
    echo "Add user_namespace.enable=1 namespace.unpriv_enable=1 to grub.cfg."
    exit 0
fi

sudo reboot

3 Install Tor Browser to Ubuntu 18.04 on LXD

  • This article installs ibus-mozc and fonts-takao for Japanese input method. If you do not use it, please remove it.
  • This downloads Tor Browser from torproject.org.
  • This creates desktop file which runs Ubuntu 18.04's Tor Browser on LXD. 
#!/bin/sh -ex

# User name and home directory in container. This user runs Tor Browser.
LXD_TORBROWSER_USER="${USER}"
LXD_TORBROWSER_HOME="${HOME}"

# Tor Browser URL.
TORBROWSER_URL=https://www.torproject.org/dist/torbrowser/10.5.2
TORBROWSER_URL="${TORBROWSER_URL}/tor-browser-linux64-10.5.2_en-US.tar.xz"

# Create container which can run GUI application.
cat <<EOF | lxc init ubuntu:18.04 lxd-ubuntu-1804-torbrowser
config:
  environment.DISPLAY: :0
  environment.PULSE_LATENCY_MSEC: "30"
  environment.PULSE_SERVER: /mnt/.pulse-native
  environment.QT_X11_NO_MITSHM: "1"
devices:
  pulse:
    bind: container
    connect: unix:/run/user/1000/pulse/native
    listen: unix:/mnt/.pulse-native
    mode: "0666"
    security.gid: "1000"
    security.uid: "1000"
    type: proxy
  x11:
    bind: container
    connect: unix:@/tmp/.X11-unix/X0
    listen: unix:@/tmp/.X11-unix/X0
    security.gid: "1000"
    security.uid: "1000"
    type: proxy
EOF
lxc start lxd-ubuntu-1804-torbrowser

# Settings on container.
cat <<EOF | lxc exec lxd-ubuntu-1804-torbrowser -- /bin/sh -ex
# Add user who runs Tor Browser.
useradd -m "${LXD_TORBROWSER_USER}" -d "${LXD_TORBROWSER_HOME}"

# Install packages.
apt update -y
apt upgrade -y
apt install -y wget pulseaudio ibus-mozc dbus-x11 firefox fonts-takao
sed -i "s/; enable-shm = yes/enable-shm = no/g" /etc/pulse/client.conf

# The umount.target prevents container reboot on CentOS 7's LXD.
find /lib/systemd/system -maxdepth 1 -type f -exec \
     sed -e 's/umount\.target//g' -i {} \\;
systemctl --system daemon-reload

# Setting for mozc-jp.
su - "${LXD_TORBROWSER_USER}" -c \
    "dconf write /desktop/ibus/general/preload-engines \"['mozc-jp']\""

# Run torbrowser-launcher to download Tor Browser
cat <<eof | su - "${LXD_TORBROWSER_USER}" -c /bin/sh
wget -q "${TORBROWSER_URL}" -O - | tar Jxf -
mv tor-browser_en-US/* "${LXD_TORBROWSER_HOME}"
rmdir tor-browser_en-US
eof

# Create Tor Browser wrapper.
sudo -u "${LXD_TORBROWSER_USER}" mkdir -p "${LXD_TORBROWSER_HOME}/bin"
cat <<eof | sudo -u "${LXD_TORBROWSER_USER}" tee \
"${LXD_TORBROWSER_HOME}/bin/lxd-ubuntu-1804-torbrowser"
#!/bin/sh -e

export DISPLAY=:0
export PULSE_SERVER=unix:/mnt/.pulse-native
export QT4_IM_MODULE=ibus
export QT_IM_MODULE=ibus
export XMODIFIERS="@im=ibus"
export GTK_IM_MODULE=ibus

# If you have already run ibus-daemon -xd, ibus-daemon -xd does nothing.
ibus-daemon -xd

"${LXD_TORBROWSER_HOME}/Browser/start-tor-browser" "\\\$@"
eof
chmod a+x "${LXD_TORBROWSER_HOME}/bin/lxd-ubuntu-1804-torbrowser"
EOF
# lxc restart causes the following error.
# Error: Create restart (for start) operation: Instance is busy running
# a stop operation
lxc stop lxd-ubuntu-1804-torbrowser
lxc start lxd-ubuntu-1804-torbrowser

# Create Tor Browser desktop file on host machine.
PNG="${LXD_TORBROWSER_HOME}/Browser/browser/chrome/icons/default/default128.png"
mkdir -p "${HOME}/.local/share/icons"
lxc file pull lxd-ubuntu-1804-torbrowser"${PNG}" \
    "${HOME}/.local/share/icons/lxd-ubuntu-1804-torbrowser.png"
mkdir -p "${HOME}/.local/share/applications"
cat <<EOF > lxd-ubuntu-1804-torbrowser.desktop
[Desktop Entry]
Version=1.0
Type=Application
Name=LXD Tor Browser
Comment=Run Ubuntu 18.04's Tor Browser on LXD
Categories=Network;WebBrowser;Security;
Icon=${HOME}/.local/share/icons/lxd-ubuntu-1804-torbrowser.png
Exec=lxc exec lxd-ubuntu-1804-torbrowser -- \
su - "${LXD_TORBROWSER_USER}" -c \
"${LXD_TORBROWSER_HOME}/bin/lxd-ubuntu-1804-torbrowser %k"
EOF
desktop-file-install --dir="${HOME}/.local/share/applications" \
                     --delete-original lxd-ubuntu-1804-torbrowser.desktop

4 Run Ubuntu 18.04's Tor Browser on LXD

0001_lxd-ubuntu-1804-torbrowser.png

カテゴリ: centos-7, lxd, en, tor, 202107