X programs don't run from job definitions with user: root
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
PlainBox (Toolkit) |
Fix Released
|
High
|
Sylvain Pineau |
Bug Description
A job that has user: root and whose command invokes an X application will fail to run the application. This uses the trusted launcher whose policy regarding GUI applications is correctly set in the policy file.
For instance, mediacard/
This has been confirmed in both Trusty and Precise.
I created a bogus job that just prints the environment and tries to run gedit as an example, to rule out a problem with zenity. With user: root it doesn't launch gedit and I see this in the test result:
PATH=/tmp/
PWD=/root
LANG=C.UTF-8
SHLVL=1
CHECKBOX_
CHECKBOX_
_=/usr/bin/env
error: XDG_RUNTIME_DIR not set in the environment.
(gedit:30425): Gtk-WARNING **: cannot open display:
If I remove user: root to bypass the trusted launcher, gedit runs and I see this:
XDG_VTNR=7
SSH_AGENT_PID=1294
XDG_SESSION_ID=c1
CLUTTER_
SELINUX_INIT=YES
DBUS_STARTER_
XDG_GREETER_
GPG_AGENT_
SHELL=/bin/bash
XDG_MENU_
UPSTART_
GNOME_KEYRING_
GTK_MODULES=
USER=roadmr
XDG_SESSION_
XDG_SEAT_
SSH_AUTH_
ZEITGEIST_
DEFAULTS_
SESSION_
XDG_CONFIG_
PATH=/tmp/
DESKTOP_
JOB=xsession-init
PWD=/
XMODIFIERS=@im=ibus
LANG=C.UTF-8
GDM_LANG=en_US
MANDATORY_
UBUNTU_MENUPROXY=1
COMPIZ_
IM_CONFIG_PHASE=1
GDMSESSION=ubuntu
DBUS_STARTER_
SESSIONTYPE=
SHLVL=1
HOME=/home/roadmr
XDG_SEAT=seat0
GNOME_DESKTOP_
UPSTART_INSTANCE=
UPSTART_
LOGNAME=roadmr
DBUS_SESSION_
QT4_IM_MODULE=xim
XDG_DATA_
TEXTDOMAIN=
UPSTART_JOB=dbus
INSTANCE=
XDG_RUNTIME_
DBUS_DEBUG_OUTPUT=1
DISPLAY=:0
CHECKBOX_
XDG_CURRENT_
GTK_IM_MODULE=ibus
CHECKBOX_
TEXTDOMAINDIR=
XAUTHORITY=
_=/usr/bin/env
Fontconfig warning: ignoring C.UTF-8: not a valid language tag
Related branches
- Sylvain Pineau (community): Approve
- Zygmunt Krynicki (community): Approve
-
Diff: 36 lines (+19/-0)1 file modifiedplainbox/plainbox/impl/secure/test_launcher1.py (+19/-0)
description: | updated |
Changed in checkbox-ihv-ng: | |
milestone: | none → version1.7 |
importance: | Undecided → High |
Changed in checkbox: | |
status: | In Progress → Fix Committed |
Changed in checkbox-ihv-ng: | |
assignee: | nobody → Sylvain Pineau (sylvain-pineau) |
status: | New → Fix Committed |
Changed in checkbox-ihv-ng: | |
status: | Fix Committed → Fix Released |
affects: | checkbox → plainbox |
Changed in plainbox: | |
milestone: | 2014-mar-14 → none |
Changed in plainbox: | |
status: | Fix Committed → Fix Released |
tags: | removed: plainbox |
Thanks for the details bug report. I'll see if I can fix this. The odd thing is that we pass all the client side environment to plainbox- trusted- launcher but apparently (somehow) it is not being respected. Are you sure this job got started with plainbox- trusted- launcher and not sudo?