Bug#872376: Wayland session does not configure Xwayland authorization; cannot run apps as root
Josh Triplett
josh at joshtriplett.org
Wed Aug 16 21:48:42 UTC 2017
Package: gnome-session
Version: 3.24.1-2
Severity: normal
[Reporting this on gnome-session, but it may belong on another
component; please feel free to reassign.]
The new Wayland-based session runs Xwayland for compatibility with X
applications, but does not configure any authorization that would allow
running those applications as another user, such as root. No
~/.Xauthority file exists, and $XAUTHORITY is not set.
As a trivial test, try running `sudo xlsclients` under a Wayland-based
GNOME session.
As one of many practical issues this causes, running KVM as root to
allow its `-net user` mode to send raw packets makes it unable to
connect to Xwayland.
Please consider doing one of the following two things:
- Generating an Xauthority file as part of the Wayland GNOME session,
and setting $XAUTHORITY. This would allow users who can access that
file (which would include root) to connect to Xwayland.
- Telling Xwayland to allow connections from `si:localuser:root` by
default. That seems simpler, and doesn't rely on file permissions,
though it might potentially surprise people who want to run a
graphical application as another non-root user.
Personally, I'd suggest the second approach, but either would work.
- Josh Triplett
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gnome-session depends on:
ii gnome-session-bin 3.24.1-2
ii gnome-session-common 3.24.1-2
ii gnome-settings-daemon 3.24.3-1
ii gnome-shell 3.22.3-3
gnome-session recommends no packages.
Versions of packages gnome-session suggests:
ii desktop-base 9.0.5
ii gnome-keyring 3.20.1-1
ii gnome-user-guide 3.22.0-1
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list