[Bug 1713313] Re: Unable to launch pkexec'ed applications on Wayland session

Phillip Susi psusi at ubuntu.com
Mon Dec 11 18:50:28 UTC 2017 

On 12/7/2017 8:15 PM, bodhi.zazen wrote:
> Wayland , upstream, does not and will not support running graphical
> applications, as root, from the terminal using sudo , period, end of story.
> There are other mechanisms to grant graphical applications root access, but
> again the application itself is not going to run as root.

Yes, it does, as you can easily test by suing to root and running gedit.

> And if you take your fat head out of your ass and look upstream you will
> see every bug files against wayland regarding the problem of running
> graphical applications with sudo has been closed as either not a bug or
> wont fix.

https://bugs.freedesktop.org/show_bug.cgi?id=91071 is not.

Neither is https://bugzilla.gnome.org/show_bug.cgi?id=789867

And there it is noted that wayland does not explicitly allow or deny
root applications.

> On the forums, we would ban him for a period of time, 1-3 months
> depending on his behavior. Often we would start with a week or a month,
> but on his return he would start right back up with his violations, and
> we would extend the ban. Eventually he would cool down and we would
> restore his  privileges.

Well now you're just lieing.  You banned me permanently one time because
I dared to point out that you incorrectly closed another user's thread
for breaking the rules when he did no such thing.

> reference 32 is here https://lwn.net/Articles/517375/

This talks about weston not having to be run as root; not disallowing
client applications running as root.

> The blog is here http://mupuf.org/blog/2014/02/19/wayland-compositors-
> why-and-how-to-handle/

This talks about having weston be able to isolate different clients from
interfering with one another.  Nowhere does it talk about refusing
clients with uid=0.

> Please could both of you take a deep breath and stop the personal
> attacks and aggressive language?

I haven't made any personal attacks.  What I have done is point out that
this misconception that disallowing root applications is not true; that
gdm fails to perform its job as described by its man page.  This
therefore is, ipso facto, a bug, whether or not you agree with the
terrible user facing consequences it has.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gparted in Ubuntu.
https://bugs.launchpad.net/bugs/1713313

Title:
  Unable to launch pkexec'ed applications on Wayland session

Status in Back In Time:
  Fix Released
Status in Boot-Info:
  Fix Committed
Status in Boot-Repair:
  Fix Committed
Status in GNOME Terminal:
  New
Status in Settings editor for LightDM GTK+ Greeter:
  New
Status in OS-Uninstaller:
  Fix Committed
Status in Y PPA Manager:
  New
Status in apport package in Ubuntu:
  New
Status in apt-offline package in Ubuntu:
  New
Status in backintime package in Ubuntu:
  Confirmed
Status in budgie-welcome package in Ubuntu:
  Invalid
Status in caja-admin package in Ubuntu:
  New
Status in cinnamon package in Ubuntu:
  Invalid
Status in ettercap package in Ubuntu:
  Confirmed
Status in gdebi package in Ubuntu:
  Confirmed
Status in gdm3 package in Ubuntu:
  Won't Fix
Status in gnunet-gtk package in Ubuntu:
  Confirmed
Status in gparted package in Ubuntu:
  Invalid
Status in gui-ufw package in Ubuntu:
  Confirmed
Status in guidedog package in Ubuntu:
  New
Status in hplip package in Ubuntu:
  Confirmed
Status in italc package in Ubuntu:
  New
Status in laptop-mode-tools package in Ubuntu:
  New
Status in lightdm-gtk-greeter-settings package in Ubuntu:
  Confirmed
Status in nautilus-admin package in Ubuntu:
  New
Status in needrestart-session package in Ubuntu:
  Confirmed
Status in nemo package in Ubuntu:
  Confirmed
Status in policykit-1 package in Ubuntu:
  Invalid
Status in scanmem package in Ubuntu:
  New
Status in scap-workbench package in Ubuntu:
  Confirmed
Status in sirikali package in Ubuntu:
  Fix Released
Status in synaptic package in Ubuntu:
  Confirmed
Status in thunar package in Ubuntu:
  New
Status in tuned package in Ubuntu:
  New
Status in ubuntustudio-controls package in Ubuntu:
  New
Status in ubuntustudio-default-settings package in Ubuntu:
  Invalid
Status in update-notifier package in Ubuntu:
  New
Status in xdiagnose package in Ubuntu:
  Confirmed
Status in xubuntu-default-settings package in Ubuntu:
  Invalid
Status in zulucrypt package in Ubuntu:
  Fix Released

Bug description:
  *****************************
  Main upstream discussion & fixes example to deal with wayland:
  https://bugzilla.gnome.org/show_bug.cgi?id=776437
  *****************************

  ********************************************************************************************************************************************

  Steps to reproduce:
  1. Install Ubuntu 17.10
  2. Install backintime-qt4 or gparted application from above list (full may be acquired from https://codesearch.debian.net/search?q=pkexec+filetype%3Adesktop+path%3A*%2Fapplications%2F*&perpkg=1&page=4 )
  3a. Try to launch backintime-qt4 from shortcut "Back In Time (root)" (located in /usr/share/applications/backintime-qt4-root.desktop, it uses pkexec
  ($ cat /usr/share/applications/backintime-qt4-root.desktop | grep Exec
  Exec=pkexec backintime-qt4)
  3b. Try to launch Gparted from shortcut "GParted" (located in /usr/share/applications/gparted.desktop, it uses gparted-pkexec)
  4a.1. Back In Time does not start from GUI.
  4a.2. Back In Time shows error message in console:
  4b. gparted-pkexec does not start, reports error
  $ gparted-pkexec
  Created symlink /run/systemd/system/-.mount → /dev/null.
  Created symlink /run/systemd/system/run-user-1000.mount → /dev/null.
  Created symlink /run/systemd/system/run-user-121.mount → /dev/null.
  Created symlink /run/systemd/system/tmp.mount → /dev/null.
  No protocol specified

  (gpartedbin:12831): Gtk-WARNING **: cannot open display: :0
  Removed /run/systemd/system/-.mount.
  Removed /run/systemd/system/run-user-1000.mount.
  Removed /run/systemd/system/run-user-121.mount.
  Removed /run/systemd/system/tmp.mount.

  $ pkexec backintime-qt4

  Back In Time
  Version: 1.1.12

  Back In Time comes with ABSOLUTELY NO WARRANTY.
  This is free software, and you are welcome to redistribute it
  under certain conditions; type `backintime --license' for details.

  No protocol specified
  app.py: cannot connect to X server :0

  Expected results:
  * backintime-qt4 may be run as root

  Actual results:
  * unable to run backintime-qt4 as root

  Workaround:
  * setting "xhost +si:localuser:root" helps.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.10
  Package: backintime-qt4 1.1.12-2
  ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5
  Uname: Linux 4.12.0-11-generic i686
  ApportVersion: 2.20.6-0ubuntu7
  Architecture: i386
  CurrentDesktop: GNOME
  Date: Sun Aug 27 14:23:14 2017
  InstallationDate: Installed on 2017-08-26 (0 days ago)
  InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Alpha i386 (20170826)
  PackageArchitecture: all
  SourcePackage: backintime
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/backintime/+bug/1713313/+subscriptions

More information about the foundations-bugs mailing list