Xwayland not using XAUTHORITY, prevents root applications from connecting

I have found that after switching from Xorg to Wayland on Ubuntu GNOME 16.10 with GNOME 3.22 that GParted does not run when I try to run it as root. That is when I click the icon and enter my password nothing happens. I have found that when running what is run when the icon is clicked that the output in Terminal is (gparted-pkexec):

    Created symlink /run/systemd/system/-.mount → /dev/null.
    Created symlink /run/systemd/system/boot-efi.mount → /dev/null.
    Created symlink /run/systemd/system/boot.mount → /dev/null.
    Created symlink /run/systemd/system/run-user-1000.mount → /dev/null.
    Created symlink /run/systemd/system/run-user-120.mount → /dev/null.
    Created symlink /run/systemd/system/tmp.mount → /dev/null.
    No protocol specified

    (gpartedbin:16832): Gtk-WARNING **: cannot open display: :0
    Removed /run/systemd/system/-.mount.
    Removed /run/systemd/system/boot-efi.mount.
    Removed /run/systemd/system/boot.mount.
    Removed /run/systemd/system/run-user-1000.mount.
    Removed /run/systemd/system/run-user-120.mount.
    Removed /run/systemd/system/tmp.mount.

So I am now unable to launch and use GParted as root which is really the only way I can run it in order to make changes.

I originally reported this issue here: https://bugs.launchpad.net/ubuntu/+source/gparted/+bug/1652282 But thought I should also do so upstream.

This is a known limitation and design choice that Wayland doesn't allow
root privileged applications to work.

One workaround is to run the following in a terminal before running
GParted to allow root applications to connect to the X server under
Wayland.
  xhost +si:localuser:root

Another workaround it to continue to use the X.org display server rather
than the Wayland display server.

More information can be found in the:
  Common Fedora 25 Bugs / Running graphical apps with root privileges
  (e.g. gparted) does not work on Wayland
  https://fedoraproject.org/wiki/Common_F25_bugs#wayland-root-apps

*** Bug 776707 has been marked as a duplicate of this bug. ***

Those workarounds are fine for now, but the real solution to boldly move us all into the Wayland future is to make GParted run its main UI as a normally-privileged user, and only request elevated permissions for actions that actually require them.

Hi Nate,

For past discussion on this issue, see also:

Bug 758131 - Don't run GUI as root
             (Was: [wayland] gparted fails to start under wayland)

Curtis

> All the code is predicated on a single process querying the storage,
> running the GUI and manipulating the storage. It would be a very large
> task to change. For a spare time only hobby this might never get done.

Sadly that will eventually result in GParted dying as more and more distros move to Wayland. :(

> For a spare time only hobby this might never get done.

Curtis, transferring maintenance of GParted to GNU or GNOME teams would solve that. They have long queues for maintenance requests and it is able to finish the process (find a full time maintainer) in a fortnight.

(In reply to Erkin Alp Güney from comment #6)
> > For a spare time only hobby this might never get done.
>
> Curtis, transferring maintenance of GParted to GNU or GNOME teams would
> solve that. They have long queues for maintenance requests and it is able to
> finish the process (find a full time maintainer) in a fortnight.

Sounds like a whole lot of irony. Anyway, they also have gnome-disks, which has less features and a more "modern" UI.

gnome-disks is completely different. It is a frontend to udisks.

*** Bug 783932 has been marked as a duplicate of this bug. ***

GParted should not run its UI as root. It should run its UI as a regular user and use PolicyKit or something else similar to gain elevated privileges only when necessary to query or modify devices. This needed for supporting modern Linux distributives wich migrated to Wayland.

Please read comments 33, 36 and 37
https://bugzilla.redhat.com/show_bug.cgi?id=1274451#c33

Created attachment 357573
Interim workaround for display access (draft 1)

Hi Curtis,

Here's an interim workaround for this bug. The patchset is only draft
because of an installation issue / dilemma with the location of the
polkit action file. More on that below.

Suggested NEWS fragments describing the change
==============================================

Release Notes
-------------

Provides an interim workaround to allow GParted to run under Wayland by
using xhost to grant and revoke root access to the X11 display. This
must be enabled while building the software with:
    ./configure --enable-xhost-root

Pkexec from Polkit has been made the first choice graphical SU program
as all the desktops have settled on using Polkit as the privileged
access mechanism. Also execution of the graphical SU program has been
moved from gparted.desktop to the gparted shell wrapper. Therefore
gparted can be run either by an unprivileged user or by root and as such
is installed in $prefix/bin rather than $prefix/sbin. This additionally
means distributions can drop their pkexec scripts used to launch
gparted.

Dependencies (new/updated)
--------------------------
  * Uses pkexec command (part of polkit) for root privilege escalation
    when available.
  * Uses xhost command to grant and revoke root access to the display
    when configured to do so.

Issue / dilemma with polkit action file installation location
=============================================================

The ./Makefile.am contains this line:
    polkit_actiondir = /usr/share/polkit-1/actions
from this commit in the patchset:
    Add required polkit action file (#776437)

This is to install the gparted polkit action file into that location,
the only location which polkit looks for action files. (See the above
mentioned commit comment for more details). Without it being there
polkit won't authorise GParted to run as root.

However that setting breaks 'make distcheck' because it doesn't install
the file in the ./gparted-$version/_inst and is against GNU programming
standards for program installations. [1][2] To make 'make distcheck'
work and satisfy the standards it should be:
    polkit_actiondir = $(datadir)/polkit-1/actions
But with the default prefix being /usr/local it will install the file
into /usr/local/polkit-1/actions and fail authorising GParted as
detailed above.

So you can either have 'make install' do the needed thing or make have
'make distcheck' work, not both!

[1] Automake Manual, 27.10 Installing to Hard-Coded Locations
https://www.gnu.org/software/automake/manual/automake.html#Hard_002dCoded-Install-Paths

[2] GNU Coding Standards, 7.2.5 Variables for Installation Directories
https://www.gnu.org/prep/standards/standards.html#Directory-Variables

I have also looked at some other packages which install polkit action
files. They seem to use polkit_actiondir = $(datadir)/polkit-1/actions
so I assume only produce an installion with the polkit action file
installed correctly when prefix = /usr. [3][4][5][6]

[3] gnome-settings-daemon plugins/power/Makefile.am
        polkit_policydir = $(datadir)/polkit-1/actions
https://github.com/GNOME/gnome-settings-daemon/bl...

Hi Mike,

The draft patch in comment #11 looks pretty good to me. I did observe two locations in the comment of P 4/7 "Add required polkit action file" where "install" should be "installed".

  Note that all polkit action files must be install in
                                            ^^^^^^^
  <snip>
  packages, action files must always be install in the same location.
                                        ^^^^^^^

I applaud your choice to require packagers to manually enable the --enable-xhost-root configure option. That way they make a conscious choice to enable the work-around to run on Wayland. Otherwise the default is not to use xhost.

I tested on fedora 25.

With --enable-xhost-root, gparted successfully runs.
Without --enable-xhost-root, gparted fails to run as it cannot open the display.

I also confirmed the issue regarding "make distcheck". It's too bad that we can't have it work both ways, but I do understand the dilemma.

Curtis

Hi Mike,

I forgot to mention another suggestion for the draft patch. We should consider including additional generated files in the .gitignore file.

Some possible candidates are:

  .dirstamp
  org.gnome.gparted.policy
  org.gnome.gparted.policy.in

Curtis

Hi Curtis,

To keep you up to date; I have just asked in the automake email list to
see if there are any alternative solutions to the above polkit
installation location dilemma.[1]

I will address the spelling issue and .gitignore entries in the next
round of updates.

Mike

[1]
Not installing to hard-coded locations vs polkit's fixed location
http://lists.gnu.org/archive/html/automake/2017-08/msg00015.html

Created attachment 358405
Interim workaround for display access (v1)

Hi Curtis,

Here is patchset v1 ready for fully review. Compared to draft 1 from
comment #11 the changes are:
* Incrementally updates the README file in a number of patches for
  various changes.
* P4/9 "Add required polkit action file"
** Installs polkit action file into $(datadir)/polkit-1/actions so
   make distcheck works, but needs to be manually installed when prefix
   is other than /usr.
** Documents this in the README file.
** Mark relevant strings in and the file org.gnome.gparted.policy.in.in
   for translation.
** Increases minimum intltool to 0.36.0 in configure.ac because of the
   use of INTLTOOL_POLICY_RULE in Makefile.am.
** Adds .gitignore entries for new build files
   org.gnome.gparted.policy{,.in}.
* P6/9 "Check for pkexec >= 0.102 which supports execution of X11..."
  moves before P8/9 "Only when configured, grant root access to the..."
* Adds new patches:
  P7/9 "Remove unnecessary autoconf check for pkexec --disable-inter..."
  P9/9 "Add .dirstamp to .gitignore"
* Minor commit wording updates and corrections.

Testing:
1) On Ubuntu 16.10 using Wayland display that configuring with
   --enable-xhost-root allows gparted run as normal user to display and
   without the config option gparted is not allowed to display.
   Note:
   sudo doesn't grant access to the X11 server under Wayland display so
   sudo gparted doesn't work. Have to run gparted as normal user to
   allow it to use xhost to grant root access to the display.
2) On Fedora 26 using Wayland display same results when configured with
   and without --enable-xhost-root.
3) On CentOS 7 with X11 display and configured without
   --enable-xhost-root allows gparted run as normal user and as root to
   display.
4) That make && make distcheck works for every commit.

Thanks,
Mike

Hi Mike,

I've just started reviewing the patch set from comment #15.

Following is the first issue I've encountered when building on kubuntu 16.04:

$ make distcheck
<snip>
INTLTOOL_EXTRACT="/usr/bin/intltool-extract" XGETTEXT="/usr/bin/xgettext" srcdir=../../../po /usr/bin/intltool-update --gettext-package gparted --pot
rm -f missing notexist
srcdir=../../../po /usr/bin/intltool-update -m
The following files contain translations and are currently not in use. Please
consider adding these to the POTFILES.in file, located in the po/ directory.

sub/org.gnome.gparted.policy.in

If some of these files are left out on purpose then please add them to
POTFILES.skip instead of POTFILES.in. A file 'missing' containing this list
of left out files has been written in the current directory.
Please report to https://bugzilla.gnome.org/enter_bug.cgi?product=gparted
if [ -r missing -o -r notexist ]; then \
  exit 1; \
fi
Makefile:209: recipe for target 'check' failed

This issue is not holding me up and I will continue with my review and testing.

Curtis

Hi Curtis,

It looks like the make distcheck failure is another repeat of an
intltool bug we have had to workaround before:
https://git.gnome.org/browse/gparted/commit/?id=4cc5103dbdd42583c3ce7481e0e4f08d16e2009a

After fixing that make distcheck still fails though:

$ make distcheck
...
 ( cd '/home/ubuntu/programming/c/gparted/gparted-0.29.0-git/_inst/share/polkit-1/actions' && rm -f org.gnome.gparted.policy )
make[2]: Leaving directory '/home/ubuntu/programming/c/gparted/gparted-0.29.0-git/_build/sub'
make[1]: Leaving directory '/home/ubuntu/programming/c/gparted/gparted-0.29.0-git/_build/sub'
make[1]: Entering directory '/home/ubuntu/programming/c/gparted/gparted-0.29.0-git/_build/sub'
ERROR: files left after uninstall:
./share/icons/hicolor/icon-theme.cache
Makefile:892: recipe for target 'distuninstallcheck' failed
make[1]: *** [distuninstallcheck] Error 1
make[1]: Leaving directory '/home/ubuntu/programming/c/gparted/gparted-0.29.0-git/_build/sub'
Makefile:836: recipe for target 'distcheck' failed
make: *** [distcheck] Error 1

Investigation continues.

Mike

Hi Mike,

Thank you for this updated patch set.

From a visual review I discovered only two minor typos to consider
fixing:

P4/9 - Add required polkit action file (#776437)

  intltool to 0.36.0 where it was first introduced in intllool.m4. This
                                                         ^^^
  intltool to 0.36.0 where it was first introduced in intltool.m4. This

P8/9 - Only when configured, grant root access to the X11 display (#776437)

  As an interim workaround make the gparted shell wrapper uses xhost to
                                                            ^^^
  As an interim workaround make the gparted shell wrapper use xhost to

My testing has gone fairly well. Other than the issue with 'make
distcheck', gparted is able to run on both X11 and Wayland with this
patch set.

Following are my test steps and results.

Compile with:
  $ ./configure --enable-xhost-root --prefix=/usr
  $ make
  # make install

Run with:
  gparted | sudo gparted | gparted.desktop (menu)
OR
  gparted | su -c "gparted" | gparted.desktop (menu)

Test Results:

Distro gparted sudo gparted gparted.desktop
------------ ---------------- ------------ ----------------
Debian 7 Works Works Root needed msg
Debian 9 ### Issues compiling - Bad VM??? ###
Fedora 24 Works Works Works
Fedora 25 Works Can't open display Works
openSUSE 42.1 Works Can't open display Works
openSUSE 42.2 Works Can't open display Works
Ubuntu 14.04 Root needed msg Works Root needed msg
Ubuntu 17.04 Works Works Works

Curtis

Created attachment 358687
Interim workaround for display access (v2)

Hi Curtis,

Here's patchset v2. It fixes make distcheck failure by adding
sub/org.gnome.gparted.policy.in to POTFILES.skip and corrects the
spelling mistakes.

My second distcheck failure was because I was doing a parallel make,
'make -j 2 distcheck' which was leading to ERROR: files left after
uninstall. Doing a single threaded 'make distcheck' works successfully.

Thanks,
Mike

Hi Mike,

Thanks the updated patch set. My testing has gone well, with no new
issues to report.

Following are my test steps and additional distro results.

Compile with:
  $ ./configure --enable-xhost-root --prefix=/usr
  $ make
  # make install

Run with:
  gparted | sudo gparted | gparted.desktop (menu)
OR
  gparted | su -c "gparted" | gparted.desktop (menu)

Test Results:

Distro gparted sudo gparted gparted.desktop
------------ ---------------- ------------ ----------------
Debian 9 [1] Works Works Works
openSUSE 42.3 Works Can't open display Works
Ubuntu 16.04 Works Works Works

[1] My previous Debian 9 VM was indeed broken. A newly built VM has
    no issues when compiling GParted.

Mike, in comment #11 you provided some suggested text for the NEWS announcement.
Are there any changes or updates you would like made now that the patch set is working as expected?

Provided there are no objections I will commit patch set v2 from
comment #19 in the next day or so.

Curtis

Hi Curtis,

Push patchset v2 upstream when ready.

Thank you for your through testing on lots of distros.

The results on Ubuntu 14.04 LTS look odd though.
> Distro gparted sudo gparted gparted.desktop
> ------------ ---------------- ------------ ----------------
> Ubuntu 14.04 Root needed msg Works Root needed msg

That would be the case if no graphical SU program was found during
configure. My Ubuntu 14.04 LTS (XFCE) VM does have polkit 0.105
installed and pkexec is found during configure. I did both:
    ./configure --prefix=/usr/local
    ./configure --prefix=/usr/local --enable-xhost-root
along with additionally installing the action file:
    sudo install -m 644 org.gnome.gparted.policy \
         /usr/share/polkit-1/actions/org.gnome/gparted.local.policy
and made sure that I uninstalled Ubuntu provided gparted package (so
that there was only one gparted.desktop file for the desktop to choose
from and/or display). In both cases (with and without
--enable-xhost-root) it all worked.

Distro gparted sudo gparted gparted.desktop
------------ ---------------- ------------ ----------------
Ubuntu 14.04 Works Works Works

Here's an updated Release Notes section of NEWS mentioning about
possibly having to manually install the polkit action file.

Release Notes
-------------

Provides an interim workaround to allow GParted to run under Wayland by
using xhost to grant and revoke root access to the X11 display. This
must be enabled while building the software with:
    ./configure --enable-xhost-root

Pkexec from polkit has been made the first choice graphical SU program
as all the desktops have settled on using polkit as the privileged
access mechanism. See "Installing polkit's Action File" section in the
README file for when an additional installation step may be needed.
Also execution of the graphical SU program has been moved from
gparted.desktop to the gparted shell wrapper. Therefore gparted can be
run either by an unprivileged user or by root and as such is installed
in $prefix/bin rather than $prefix/sbin. This additionally means
distributions can drop their pkexec scripts used to launch gparted.

Thanks,
Mike

Hi Mike,

Thank you for the updated NEWS text and for the tip about your Ubuntu
14.04 testing.

I investigated and discovered that I had installed an older version
into /usr/local. Since this older version was first in the path, my
tests were running the older version. Testing with only patch set v2
installed revealed the same results as you (it all worked).

Following are some changes I made to the NEWS announcement to try to
highlight that installation locations are different. Please feel free
to suggest further updates.

*** BEGIN ***

ATTENTION PACKAGERS:

The install location has changed for both the gparted script and the
gpartedbin executable.

This release provides an interim workaround to allow GParted to run
under Wayland by using xhost to grant and revoke root access to the
X11 display. This must be enabled while building the software with:

    ./configure --enable-xhost-root

Pkexec from polkit has been made the first choice graphical SU
program as all the desktops have settled on using polkit as the
privileged access mechanism. See "Installing polkit's Action File"
section in the README file for when an additional installation step
may be needed.

Also changed is that execution of the graphical SU program has been
moved from gparted.desktop to the gparted shell wrapper. Therefore
gparted can be run either by an unprivileged user or by root and as
such is installed in $prefix/bin rather than $prefix/sbin. This
additionally means distributions can drop their pkexec scripts used
to launch gparted.

*** END ***

Patch set v2 from comment #19 has been committed to the git repository
for inclusion in the next release of GParted.

The relevant git commits can be viewed at the following links:

Move root privilege escalation into gparted wrapper script (#776437)
https://git.gnome.org/browse/gparted/commit/?id=a2cc5014c652a7e15b5460fa58d9680d146c6be4

Now install gparted wrapper script into $prefix/bin (#776437)
https://git.gnome.org/browse/gparted/commit/?id=778e21e94c9c5608a7087f31f1491e5744b864b8

Add detection of pkexec root privilege escalation program (#776437)
https://git.gnome.org/browse/gparted/commit/?id=b47528b6f976633b49be192ab8e4e8455f95b6e4

Add required polkit action file (#776437)
https://git.gnome.org/browse/gparted/commit/?id=f35e734a0c21869c5cdff61ffb2b5724e6ae431b

Only install polkit action file when pkexec is used (#776437)
https://git.gnome.org/browse/gparted/commit/?id=2f559ec3b5a95f8781979c80bd260ad952645f36

Check for pkexec >= 0.102 which supports execution of X11 apps (#776437)
https://git.gnome.org/browse/gparted/commit/?id=11c251293e6fd156b57905409efc5464bd85b202

Remove unnecessary autoconf check for pkexec --disable-internal-agent option (#776437)
https://git.gnome.org/browse/gparted/commit/?id=6f521c4d98e0fd6a33e40bd5910aacda89564126

Only when configured, grant root access to the X11 display (#776437)
https://git.gnome.org/browse/gparted/commit/?id=f38ccd028425552a1116180387e5307f23b8a688

Add .dirstamp to .gitignore
https://git.gnome.org/browse/gparted/commit/?id=576d0f7cbf5a8ef61840f17315e8c7b3f66d7a65

Curtis

Hi Curtis,

(In reply to Curtis Gedak from comment #22)
> ATTENTION PACKAGERS:
>
> The install location has changed for both the gparted script and the
> gpartedbin executable.

Only the install location of the gparted script has changed to
$prefix/bin. The gpartedbin executable is still installed in
$prefix/sbin as it always has.

For an ATTENTION PACKAGES sentence I would say this:

  The installation location of the gparted script has changed and
  package scripts calling pkexec can be dropped.

Thanks,
Mike

Thanks Mike for the ATTENTION PACKAGERS correction. I have made this change in the NEWS file I am building for our next release.

Curtis

This enhancement was included in the GParted 0.30.0 release on October 10, 2017.

Just updated to 0.30 on Arch, Wayland session...
Clicking shell icon gparted shows a message "...only root can run it".

I get "(gpartedbin:24508): Gtk-WARNING **: cannot open display: :0"
running "sudo gparted" from terminal.

Hi Strangiato,

"sudo gparted" does not work on all distros (see test results starting in comment #18).

First ensure that all older versions of GParted are removed.

Next compile and install with:

  ./configure --prefix=/usr --enable-xhost-root
  make
  sudo make install

Then run gparted with:

  gparted

'Hope that helps.

Curtis

In my previous comment I said "just updated". Sorry, my mistake.
I just installed it from Arch testing repositories,
no previous gparted release was installed.

Hi Strangiato,

If you are using GParted from a distro repository, such as Arch, and experience problems then I suggest you raise the issue with that distro.

Curtis