X2Go Bug report logs - #458
Apps launched by pkexec fail to start on specific distros

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Michael DePaulo <mikedep333@gmail.com>

Date: Sat, 22 Mar 2014 16:05:02 UTC

Severity: normal

Tags: pending

Found in version 4.0.1.13

Fixed in version 4.0.1.16

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#458; Package x2goserver. (Sat, 22 Mar 2014 16:05:02 GMT) (full text, mbox, link).


Acknowledgement sent to Michael DePaulo <mikedep333@gmail.com>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Sat, 22 Mar 2014 16:05:02 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Michael DePaulo <mikedep333@gmail.com>
To: submit@bugs.x2go.org
Subject: Apps launched by pkexec fail to start on specific distros
Date: Sat, 22 Mar 2014 12:03:12 -0400
Package: x2goserver
Version: 4.0.1.13

Notes:

1. I am not sure if this is a bug in x2goserver, x2goserver-xsession,
or in nx-libs.

2. PolicyKit depends on ConsoleKit (and on systemd-logind in
newer distros.)

3. RHEL7 beta (systemd-logind) is not affected and pkexec commands do
work. However, PolicyKit authentication within apps fails. I will file
a separate bug about this.

4. I also tested CentOS 6.5 64-bit (ConsoleKit) and saw an issue that
precludes even testing for this bug.
(polkit-gnome-authentication-agent-1 fails to start) I wrote bug 457
about this.

5. The workaround I discovered is to set your XAUTHORITY env var. I
demonstrated this below.

Test system:
Ubuntu 12.04.4 32-bit
x2goserver: 4.0.1.13
x2goserver-xsession: 4.0.1.13
nx-libs: 3.5.0.22
mate-desktop: 1.6.0-3+precise from this apt repo:
deb http://packages.mate-desktop.org/repo/ubuntu precise main
(This distro uses ConsoleKit, not systemd-logind)

Test Case 1:
Unity desktop

(The authentication window opens and prompts me for my password both
times. Only the latter time does synaptic start.)

mike@mothership-u-p:~$ ps -ef | grep polkit
root       755     1  0 10:55 ?        00:00:01
/usr/lib/policykit-1/polkitd --no-debug
mike     25151 25098  0 11:51 ?        00:00:00
/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
mike     25515 25447  0 11:51 pts/0    00:00:00 grep --color=auto polkit
mike@mothership-u-p:~$ pkexec synaptic
No protocol specified
No protocol specified

(synaptic:25559): Gtk-WARNING **: cannot open display: :50
mike@mothership-u-p:~$ export XAUTHORITY=/home/mike/.Xauthority
mike@mothership-u-p:~$ pkexec synaptic
mike@mothership-u-p:~$

Test Case 2:
MATE desktop

(This time I am prompted to authentication on the command-line, which
works fine for me. I assume that me not being prompted the 2nd time is
intentional because sudo works in a similar manner. Only the latter
time does synaptic start.)

(And in case isn't clear, polkit-mate-authentication-agent-1 doesn't
start until I run the pkexec command the 1st time. This differs from
Unity where it is launched during login. When I login locally to MATE)

mike@mothership-u-p:~$ ps -ef | grep polkit
root       755     1  0 10:55 ?        00:00:01
/usr/lib/policykit-1/polkitd --no-debug
mike     21645 21522  0 11:46 pts/0    00:00:00 grep --color=auto polkit
mike@mothership-u-p:~$ pkexec synaptic
==== AUTHENTICATING FOR com.ubuntu.pkexec.synaptic ===
Authentication is required to run the Synaptic Package Manager
Authenticating as: Michael DePaulo,,, (mike)
Password:
==== AUTHENTICATION COMPLETE ===
No protocol specified
No protocol specified

(synaptic:21673): Gtk-WARNING **: cannot open display: :50.0
mike@mothership-u-p:~$ ps -ef | grep polkit
root       755     1  0 10:55 ?        00:00:01
/usr/lib/policykit-1/polkitd --no-debug
mike     21701 21379  0 11:47 ?        00:00:00
/usr/lib/polkit-mate/polkit-mate-authentication-agent-1
mike     21803 21522  0 11:47 pts/0    00:00:00 grep --color=auto polkit
mike@mothership-u-p:~$ export XAUTHORITY=/home/mike/.Xauthority
mike@mothership-u-p:~$ pkexec synaptic
mike@mothership-u-p:~$


Test Case 3:
MATE desktop from a local login

Same behavior as test case 2. I wanted to verify that
polkit-mate-authentication-agent-1 is not supposed to start until you
call pkexec, and that you are normally prompted to authentication on
the command-line.


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#458; Package x2goserver. (Wed, 20 Aug 2014 09:15:03 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Wed, 20 Aug 2014 09:15:03 GMT) (full text, mbox, link).


Message #10 received at 458@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 458-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 458@bugs.x2go.org
Subject: X2Go issue (in src:x2goserver) has been marked as pending for release
Date: Wed, 20 Aug 2014 11:11:19 +0200 (CEST)
tag #458 pending
fixed #458 4.0.1.16
thanks

Hello,

X2Go issue #458 (src:x2goserver) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=421d42a

The issue will most likely be fixed in src:x2goserver (4.0.1.16).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit 421d42addb2dc10ce80644eb8a3ab30ca7a78dba
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Wed Aug 20 11:11:09 2014 +0200

    Export XAUTHORITY env var in x2goruncommand to enable privilege upgrade for applications started via pkexec. (Fixes: #458).

diff --git a/debian/changelog b/debian/changelog
index fdf038c..a56c63b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -71,6 +71,8 @@ x2goserver (4.0.1.16-0x2go1) UNRELEASED; urgency=low
       #574).
     - Abort session if env var $HOME is not set or if $HOME contains non-ASCII
       characters. (Fixes: #397).
+    - Export XAUTHORITY env var in x2goruncommand to enable privilege upgrade
+      for applications started via pkexec. (Fixes: #458).
   * debian/control, x2goserver.spec:
     + Update versioned D: x2goagent (>= 3.5.0.25). This assures that X2Go
       works with poly-instantiated /tmp directories.


Added tag(s) pending. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Wed, 20 Aug 2014 09:15:03 GMT) (full text, mbox, link).


Marked as fixed in versions 4.0.1.16. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Wed, 20 Aug 2014 09:15:03 GMT) (full text, mbox, link).


Message sent on to Michael DePaulo <mikedep333@gmail.com>:
Bug#458. (Wed, 20 Aug 2014 09:15:04 GMT) (full text, mbox, link).


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#458; Package x2goserver. (Thu, 25 Sep 2014 22:45:06 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Thu, 25 Sep 2014 22:45:06 GMT) (full text, mbox, link).


Message #22 received at 458@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 458-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 458@bugs.x2go.org
Subject: X2Go issue (in src:x2goserver) has been marked as closed
Date: Fri, 26 Sep 2014 00:42:11 +0200 (CEST)
close #458
thanks

Hello,

we are very hopeful that X2Go issue #458 reported by you
has been resolved in the new release (4.0.1.16) of the
X2Go source project »src:x2goserver«.

You can view the complete changelog entry of src:x2goserver (4.0.1.16)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goserver.

    http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=c43b862f2ae0e8980fb7ab5e519d692b07da5a45;hp=98c4f84d83d701823b7887f79d0d9f5ce8233bd4

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goserver.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2goserver
Version: 4.0.1.16-0x2go1
Status: RELEASE
Date: Fri, 26 Sep 2014 00:36:32 +0200
Fixes: 122 302 397 406 407 458 468 495 506 511 520 523 524 543 547 558 569 572 573 574 599 605 606 617 619
Changes: 
 x2goserver (4.0.1.16-0x2go1) RELEASED; urgency=low
 .
   [ Mike DePaulo ]
   * New upstream release (4.0.1.16):
     - Make X2Go Server aware of the Openbox desktop environment
       (Command: OPENBOX) (Fixes: #605)
     - Make X2Go Server aware of the IceWM desktop environment
       (Command: ICEWM) (Fixes: #606)
     - Support GNOME Flashback session (GNOME 3.8+) on distro releases such as
       Ubuntu 13.10+ and debian Jessie
       (NOTE: For most users, GNOME Flashback currently will not work.
        This requires that gnome-flashback.session actually be installed. Not
        every Linux distro has it available.
        It also requires that the gnome-session binary not require
        hardware 3D acceleration for said session. Currently, upstream GNOME
        and GNOME 3.8+ in all Linux distros do require this, only 3rd party
        builds do not. See X2Go bug #599 for example.)
       (Thanks Eugene San (eugenesan@gmail.com))
     - Fix launching GNOME 3 Fallback session (GNOME 3.4 & 3.6) on distros other
       than Ubuntu and Debian (Fixes: #599)
     - Fix support for Cinnamon 1.4 (Linux Mint 13) (Fixes: #569)
     - Fix the logic for launching Cinnamon 2.0 and 2.2 (Linux Mint 17).
       (Fixes: #572)
       NOTE: Fixing this bug in x2goserver is not sufficient to make Cinnamon 2.0
       & 2.2 to work properly with X2Go. Bug #150 in nx-libs is still a problem.
       Fixing this bug enables Cinnamon 2.0 and 2.2 to launch to their
       "fallback mode", which has many bugs and missing features when compared to
       "software rendering" mode (cinnamon2d), but is still better than nothing.
   * debian/rules:
     + Improve dh_auto_clean override.
 .
   [ Mike Gabriel ]
   * New upstream version (4.0.1.16):
     - Let x2goversion exit with an error if the X2Go component cannot be
       found.
     - Detect terminated sessions from NX log file. Also interpret a session as
       terminated if terminating just has started.
     - Detect started/starting/resumed/resuming sessions by explicitly scanning
       the NX session log file for those keywords.
     - Interpret NX sessions marked as "aborting session" as (not yet) terminated
       sessions.
     - Provide config option for server-side/global clipboard behaviour in
       x2goagent.options. (Fixes: #506).
     - Be aware of poly-instantiated /tmp directories bind-mounted under
       /tmp-inst. (Fixes: #406).
     - On suspend: Call x2goumount-session before sending SIGHUP to x2goagent.
     - Refuse client communcation if server-side hostname is not set up
       correctly (Fixes: #468).
     - Fix string comparison in x2goumount-session.
     - Fix problems with unmounting shared folders on session suspension/
       termination. Remove extra parentheses from the fusermount execution
       call. (Fixes: #407).
     - Use type -p instead of which in x2goumount-session. Suppress output
       to stdout properly.
     - Use if--then--else--fi during x2goagent resuming in x2goresume-session
       script.
     - More reliably sync the NX session state with the status information in
       the X2Go session DB.
     - x2golistdesktops: Also detect sharable desktop sessions behind abstract
       kernel namespace sockets.
     - Add logcheck rules for X2Go Server. Thanks to Frank Werner for sending
       them in.
     - Correctly use diversions from stderr to stdout in shell commands.
       (Fixes: #520).
     - Don't die if no session state file is found, as it will break X2Go
       completely after upgrading from versions << 4.0.1.16 if sessions
       are still running/suspended during package upgrade.
     - Provide support for client-side choice of clipboard security. (Fixes:
       #524).
     - Use more quotes in x2goruncommand.
     - Detect the exit of rootless applications that forked to background on
       application execution. (Fixes: #122).
     - Make x2goruncommand more robust.
     - Don't fail Xsession startup if any of the profile scripts returns
       with an error.
     - Silently timeout in x2golistdesktops if calls to x2golistsessions and/or
       xwininfo don't produce output within one second. (Fixes: #543).
     - Allow email addresses as login usernames. (Fixes: #573).
     - Abort session startup if env var $USER or $SSH_CLIENT are not set.
       (Fixes: #558).
     - Allow length of username up to 48 characters (was: 32 characters). (Fixes:
       #574).
     - Abort session if env var $HOME is not set or if $HOME contains non-ASCII
       characters. (Fixes: #397).
     - Export XAUTHORITY env var in x2goruncommand to enable privilege upgrade
       for applications started via pkexec. (Fixes: #458).
     - x2gocleansessions: Don't print to stderr if the session state file cannot
       be found. This can happen during session startups. Report to system log
       instead.
     - Don't use Perl package File::ReadBackwards anymore.
     - Fix x2gormforward for 4.0.1.x release series (the X2Go::Log Perl module
       only exists in X2Go Server >= 4.1.0.0, the 4.0.1.x release series has to
       use x2gologlevel.pm in `x2gopath lib`. (Fixes: #617).
     - Pick x2gogetagentstate from 4.1.0.0 release series and adapt to usage
       with X2Go Server 4.0.1.x. (Fixes: #619).
   * debian/control, x2goserver.spec:
     + Update versioned D: x2goagent (>= 3.5.0.25). This assures that X2Go
       works with poly-instantiated /tmp directories.
     + Make sure x2gogetagentstate gets packaged in bin:package x2goserver.
     + Bump Standards: to 3.9.5. No changes needed.
     + Mark x2goserver-pyhoca bin:package as deprecated.
     + Drop D (x2goserver): libfile-readbackwards-perl.
   * x2goserver.spec:
     + Install {libdir}/x2go/x2gormforward into bin:package x2goserver.
     + Drop R (x2goserver): perl(File::ReadBackwards).
 .
   [ Oleksandr Shneyder ]
   * New upstream version (4.0.1.16):
     - x2gostartagent, x2golistsession, x2gosuspend-session and
       x2goresume-session getting agent state from ~/.x2go/C-$SID/state. This
       should help to avoid session damage. Remove nxcleanup. (Fixes: #302,
       #511).
     - Move session file to /tmp/.x2go-$USER. (Fixes: #523).
     - Fix x2gostartagent failures if kbd is not "auto". Remove comma at end of
       options file.
     - Set default value for clipboard to "both" in x2gostartagent and
       x2goresume-session.
     - Clean user SSHD process if connection between server and client lost.
       This should fix error "Global request tcpip-forward failed". (Fixes:
       #495, #547).
 .
   [ Orion Paplowski ]
   * x2goserver.spec:
     + Sync Fedora .spec file with our upstream-provided x2goserver.spec.


Marked Bug as done Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Thu, 25 Sep 2014 22:45:29 GMT) (full text, mbox, link).


Notification sent to Michael DePaulo <mikedep333@gmail.com>:
Bug acknowledged by developer. (Thu, 25 Sep 2014 22:45:29 GMT) (full text, mbox, link).


Message sent on to Michael DePaulo <mikedep333@gmail.com>:
Bug#458. (Thu, 25 Sep 2014 22:45:52 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.x2go.org> to internal_control@bugs.x2go.org. (Fri, 24 Oct 2014 05:24:02 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sun Dec 8 18:25:07 2019; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.