| Summary: | pkexec fails to run X applications | ||
|---|---|---|---|
| Product: | PolicyKit | Reporter: | Michael Biebl <mbiebl> |
| Component: | daemon | Assignee: | David Zeuthen (not reading bugmail) <zeuthen> |
| Status: | RESOLVED DUPLICATE | QA Contact: | David Zeuthen (not reading bugmail) <zeuthen> |
| Severity: | normal | ||
| Priority: | medium | ||
| Version: | unspecified | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
|
Description
Michael Biebl
2009-09-03 00:19:35 UTC
Used versions: polkit: 0.94 polkit-gnome: 0.94 This is kinda on purpose, the man page says
The environment that PROGRAM will run it, will be set to a minimal
known and safe environment in order to avoid injecting code through
LD_LIBRARY_PATH or similar mechanisms. In addition the PKEXEC_UID
environment variable is set to the user id of the process invoking
pkexec. As a result, pkexec will not allow you to run e.g. X11
applications as another user since the $DISPLAY environment variable is
not set.
The source has a comment about it
/* For now, avoiding pretend that running X11 apps as another user in the same session
* will ever work... See
*
* https://bugs.freedesktop.org/show_bug.cgi?id=17970#c26
*
* and surrounding comments for a lot of discussion about this.
*/
#if 0
"DESKTOP_STARTUP_ID",
"DISPLAY",
"XAUTHORITY",
"DBUS_SESSION_BUS_ADDRESS",
"ORBIT_SOCKETDIR",
#endif
so it's easy to enable if you really want this... I'm not sure it's a good idea however.
Update: someone on the list asked about this - this was my reply http://lists.freedesktop.org/archives/polkit-devel/2009-November/000264.html Executive summary: would be nice to have but probably too much work and too many unanswered questions. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.