Bug#872376: Wayland session does not configure Xwayland authorization; cannot run apps as root

Josh Triplett josh at joshtriplett.org
Wed Aug 16 21:48:42 UTC 2017 

Package: gnome-session
Version: 3.24.1-2
Severity: normal

[Reporting this on gnome-session, but it may belong on another
component; please feel free to reassign.]

The new Wayland-based session runs Xwayland for compatibility with X
applications, but does not configure any authorization that would allow
running those applications as another user, such as root.  No
~/.Xauthority file exists, and $XAUTHORITY is not set.

As a trivial test, try running `sudo xlsclients` under a Wayland-based
GNOME session.

As one of many practical issues this causes, running KVM as root to
allow its `-net user` mode to send raw packets makes it unable to
connect to Xwayland.

Please consider doing one of the following two things:

- Generating an Xauthority file as part of the Wayland GNOME session,
  and setting $XAUTHORITY. This would allow users who can access that
  file (which would include root) to connect to Xwayland.
- Telling Xwayland to allow connections from `si:localuser:root` by
  default. That seems simpler, and doesn't rely on file permissions,
  though it might potentially surprise people who want to run a
  graphical application as another non-root user.

Personally, I'd suggest the second approach, but either would work.

- Josh Triplett

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-session depends on:
ii  gnome-session-bin      3.24.1-2
ii  gnome-session-common   3.24.1-2
ii  gnome-settings-daemon  3.24.3-1
ii  gnome-shell            3.22.3-3

gnome-session recommends no packages.

Versions of packages gnome-session suggests:
ii  desktop-base      9.0.5
ii  gnome-keyring     3.20.1-1
ii  gnome-user-guide  3.22.0-1

-- no debconf information

More information about the pkg-gnome-maintainers mailing list