diff --git a/suse/opensuse/leap/15.2/README.md b/suse/opensuse/leap/15.2/README.md new file mode 100644 index 0000000..672f4ec --- /dev/null +++ b/suse/opensuse/leap/15.2/README.md @@ -0,0 +1,71 @@ +# Script to enable XRDP on openSUSE Tumbleweed + +## Info + +- Designed to be idempotent, you can run it repeatedly +- Installs required packages +- Configures XRDP ini files +- Will compile selinux module in case SELinux is installed on machine (it doesn't need to be enabled though) +- support changing session to KDE Plasma + +## Run + +- If using GNOME + +```sh +sudo sh install.sh +``` + +- If using KDE + +```sh +sudo sh install.sh --kde +``` + +If using different DE + +Looks like xrdp on openSUSE leap 15.2 supports below DEs by default + +```sh +sudo sed -i_orig -e 's/SESSION=".*"/SESSION="sle"/g' /etc/xrdp/startwm.sh # set to 'SLE classic' +sudo sed -i_orig -e 's/SESSION=".*"/SESSION="gnome"/g' /etc/xrdp/startwm.sh # set to 'GNOME' +sudo sed -i_orig -e 's/SESSION=".*"/SESSION="plasma"/g' /etc/xrdp/startwm.sh # set to 'KDE' +sudo sed -i_orig -e 's/SESSION=".*"/SESSION="icewm"/g' /etc/xrdp/startwm.sh # set to 'IceWM' +``` + +## Known issues + +### I can't shutdown/restart machine from xrdp session, session just logoff, but muchine keeps running + +- There is a simple fix to that, but it is not a part of script as it might not be an intended change + - This solution does not work for Tumbleweed strangely +- Below will allow any user that is part of group `power` to reboot/suspend/shutdown/hibernate the machine from GUI +- Please adjust below solution in case you want this to be available for different group. e.g. `admins` or `wheel` + +```sh +# group 'power' is not available on openSUSE by default, so we will create it +sudo groupadd power + +# add your user to group power +sudo usermod -a -G power + +# add polkit rule +sudo bash -c 'cat > /etc/polkit-1/rules.d/48-shutdown-power-group <&2 + exit 1 +fi + +# Use rpm -q to check for exact package name, install if missing +if ! rpm -q xrdp 2>&1 > /dev/null ; then + echo 'Refreshing repo cache' + zypper refresh + echo 'Installing missing xrdp package using zypper' + zypper -n install xrdp +fi + +############################################################### +# Configure XRDP +# +systemctl enable xrdp +systemctl enable xrdp-sesman + +XRDP_INI_FILE=/etc/xrdp/xrdp.ini +XRDP_INI_BAK_FILE=$XRDP_INI_FILE.enh_sess_orig.bak +# Create backup of original XRDP ini file +if [ ! -f "$XRDP_INI_BAK_FILE" ]; then + cp $XRDP_INI_FILE $XRDP_INI_BAK_FILE + echo "Original config file saved in $XRDP_INI_BAK_FILE" +fi +# Configure the installed XRDP ini files +# use vsock transport +sed -i_orig -e 's/port=3389/port=vsock:\/\/-1:3389/g' $XRDP_INI_FILE +# use rdp security +sed -i_orig -e 's/security_layer=negotiate/security_layer=rdp/g' $XRDP_INI_FILE +# remove encryption validation +sed -i_orig -e 's/crypt_level=high/crypt_level=none/g' $XRDP_INI_FILE +# disable bitmap compression since its local its much faster +sed -i_orig -e 's/bitmap_compression=true/bitmap_compression=false/g' $XRDP_INI_FILE +# +# sed -n -e 's/max_bpp=32/max_bpp=24/g' $XRDP_INI_FILE + +XRDP_SESMAN_INI_FILE=/etc/xrdp/sesman.ini +# use the default lightdm x display +sed -i_orig -e 's/X11DisplayOffset=10/X11DisplayOffset=0/g' $XRDP_SESMAN_INI_FILE +# rename the redirected drives to 'shared-drives' +sed -i_orig -e 's/FuseMountName=thinclient_drives/FuseMountName=shared-drives/g' $XRDP_SESMAN_INI_FILE + +# adjust startwm.sh (this is needed only in Leap, not needed in Tumbleweed) +if [ "$(grep -e 'SESSION=".*"' /etc/xrdp/startwm.sh)" ]; then + sed -i_orig -e "s/SESSION=\".*\"/SESSION=\"$desktop_env\"/g" /etc/xrdp/startwm.sh + echo "Changed session to '${desktop_env^^}'" +fi + +# Change the allowed_users +echo "allowed_users=anybody" > /etc/X11/Xwrapper.config + +# Ensure hv_sock gets loaded +if [ ! -e /etc/modules-load.d/hv_sock.conf ]; then + echo "hv_sock" > /etc/modules-load.d/hv_sock.conf +fi + +# Configure the policy xrdp session +cat > /etc/polkit-1/rules.d/02-allow-colord.rules <&1 > /dev/null ; then + checkmodule -M -m -o allow-vsock.mod allow-vsock.te + semodule_package -o allow-vsock.pp -m allow-vsock.mod + # Install the selinux module! + semodule -i allow-vsock.pp +fi + +############################################################################### + +echo "####### Configuration Done #######" +echo "Next to do" +echo "Shutdown this VM" +echo "On your host machine in an Administrator powershell prompt, execute this command: " +echo " Set-VM -VMName -EnhancedSessionTransportType HvSocket" +echo "Start this VM, and you will see Enhanced mode available!" diff --git a/suse/opensuse/tumbleweed/README.md b/suse/opensuse/tumbleweed/README.md new file mode 100644 index 0000000..7c6d86b --- /dev/null +++ b/suse/opensuse/tumbleweed/README.md @@ -0,0 +1,8 @@ +# Script to enable XRDP on openSUSE Tumbleweed + +## Info + +- Designed to be idempotent, you can run it repeatedly +- Installs required packages +- Configures XRDP ini files +- Will compile selinux module in case SELinux is installed on machine (it doesn't need to be enabled though) diff --git a/suse/opensuse/tumbleweed/allow-vsock.te b/suse/opensuse/tumbleweed/allow-vsock.te new file mode 100644 index 0000000..5f02b9a --- /dev/null +++ b/suse/opensuse/tumbleweed/allow-vsock.te @@ -0,0 +1,10 @@ +module allow-vsock 1.0; + +require { + type unconfined_service_t; + type unlabeled_t; + class vsock_socket { getattr read write }; +} + +#============= unconfined_service_t ============== +allow unconfined_service_t unlabeled_t:vsock_socket { getattr read write }; diff --git a/suse/opensuse/tumbleweed/install.sh b/suse/opensuse/tumbleweed/install.sh new file mode 100644 index 0000000..1088b33 --- /dev/null +++ b/suse/opensuse/tumbleweed/install.sh @@ -0,0 +1,95 @@ +#!/bin/bash + +# +# This script is for openSUSE Tumbleweed Linux to configure XRDP for enhanced session mode +# +# The confioguration is adapted from the Arch script. +# + +############################################################### +# Install XRDP +# +if [ "$(id -u)" -ne 0 ]; then + echo 'This script must be run with root privileges' >&2 + exit 1 +fi + +# Use rpm -q to check for exact package name, install if missing +if ! rpm -q xrdp 2>&1 > /dev/null ; then + echo 'Refreshing repo cache' + zypper refresh + echo 'Installing missing xrdp package using zypper' + zypper -n install xrdp +fi + +############################################################### +# Configure XRDP +# +systemctl enable xrdp +systemctl enable xrdp-sesman + +XRDP_INI_FILE=/etc/xrdp/xrdp.ini +XRDP_INI_BAK_FILE=$XRDP_INI_FILE.enh_sess_orig.bak +# Create backup of original XRDP ini file +if [ ! -f "$XRDP_INI_BAK_FILE" ]; then + cp $XRDP_INI_FILE $XRDP_INI_BAK_FILE + echo "Original config file saved in $XRDP_INI_BAK_FILE" +fi +# Configure the installed XRDP ini files +# use vsock transport +sed -i_orig -e 's/port=3389/port=vsock:\/\/-1:3389/g' $XRDP_INI_FILE +# use rdp security +sed -i_orig -e 's/security_layer=negotiate/security_layer=rdp/g' $XRDP_INI_FILE +# remove encryption validation +sed -i_orig -e 's/crypt_level=high/crypt_level=none/g' $XRDP_INI_FILE +# disable bitmap compression since its local its much faster +sed -i_orig -e 's/bitmap_compression=true/bitmap_compression=false/g' $XRDP_INI_FILE +# +# sed -n -e 's/max_bpp=32/max_bpp=24/g' $XRDP_INI_FILE + +XRDP_SESMAN_INI_FILE=/etc/xrdp/sesman.ini +# use the default lightdm x display +#sed -i_orig -e 's/X11DisplayOffset=200/X11DisplayOffset=0/g' $XRDP_SESMAN_INI_FILE +# rename the redirected drives to 'shared-drives' +sed -i_orig -e 's/FuseMountName=thinclient_drives/FuseMountName=shared-drives/g' $XRDP_SESMAN_INI_FILE + +# Change the allowed_users +echo "allowed_users=anybody" > /etc/X11/Xwrapper.config + +# Ensure hv_sock gets loaded +if [ ! -e /etc/modules-load.d/hv_sock.conf ]; then + echo "hv_sock" > /etc/modules-load.d/hv_sock.conf +fi + +# Configure the policy xrdp session +cat > /etc/polkit-1/rules.d/02-allow-colord.rules <&1 > /dev/null ; then + checkmodule -M -m -o allow-vsock.mod allow-vsock.te + semodule_package -o allow-vsock.pp -m allow-vsock.mod + # Install the selinux module! + semodule -i allow-vsock.pp +fi + +############################################################################### + +echo "####### Configuration Done #######" +echo "Next to do" +echo "Shutdown this VM" +echo "On your host machine in an Administrator powershell prompt, execute this command: " +echo " Set-VM -VMName -EnhancedSessionTransportType HvSocket" +echo "Start this VM, and you will see Enhanced mode available!"