Bug 38769 - pkexec: Support running X11 apps
Summary: pkexec: Support running X11 apps
Status: RESOLVED FIXED
Alias: None
Product: PolicyKit
Classification: Unclassified
Component: libpolkit (show other bugs)
Version: unspecified
Hardware: Other All
: medium enhancement
Assignee: Martin Pitt
QA Contact: David Zeuthen (not reading bugmail)
URL:
Whiteboard:
Keywords:
: 23673 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-06-29 04:08 UTC by Marc Deslauriers
Modified: 2011-08-01 06:53 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:


Attachments
pkexec: Support running X11 apps (5.70 KB, patch)
2011-06-29 14:53 UTC, Martin Pitt
Details | Splinter Review

Description Marc Deslauriers 2011-06-29 04:08:00 UTC
This is a feature request for a --title command line option to display a friendly name in the policykit authentication dialog instead of the full application binary's path.

Use case:

pkexec --title "Cool Calculator" /usr/bin/coolcalc
Comment 1 Martin Pitt 2011-06-29 04:16:24 UTC
Some more context: We'd like to write a "pkexecdesktop" wrapper which is able to run the program in a .desktop file as root, with something like

  pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY pkexec --title "(translated Name= from .desktop)" (Exec= from .desktop)

With that we can finally get rid of the remaining usage of gksu, to provide a consistent UI.
Comment 2 Martin Pitt 2011-06-29 04:17:20 UTC
David, does that sound ok to you? I can work on a patch for it, but would like to discuss the design first.
Comment 3 David Zeuthen (not reading bugmail) 2011-06-29 06:59:21 UTC
It's a great idea to discuss the design first! Did you try using the org.freedesktop.policykit.exec.path annotation

 http://hal.freedesktop.org/docs/polkit/pkexec.1.html

Looks to me like that's exactly what you need - just include a .policy file along with the few binaries that you expect to launch via pkexec(1).
Comment 4 David Zeuthen (not reading bugmail) 2011-06-29 07:33:23 UTC
(In reply to comment #0)
> This is a feature request for a --title command line option to display a
> friendly name in the policykit authentication dialog instead of the full
> application binary's path.
> 
> Use case:
> 
> pkexec --title "Cool Calculator" /usr/bin/coolcalc

Btw, note that pkexec(1) will not launch X11 applications running as root (by design). So unless /usr/bin/coolcalc is a curses app or something, this example is not very useful.
Comment 5 Marc Deslauriers 2011-06-29 08:29:57 UTC
Right...my example didn't exactly illustrate what we intend to do, which is to run an X11 application using the example Martin provided.

I tried creating a policy file, and it works as intended. This doesn't exactly provide the functionality we are looking for though, as we're actually using pkexec to run env in order to set the required environment variables necessary to run an X11 app (which pkexec doesn't support).
Comment 6 Martin Pitt 2011-06-29 09:00:10 UTC
Summary from IRC discussion:

 * Using --title/--programname is spoofable, so we don't want that.

 * We can introduce a new org.freedesktop.policykit.exec.allow_gui flag in the .policy file, and then use its <message> field to produce a proper message.

 * For now this flag would preserve $DISPLAY and $XAUTHORITY, like in http://cgit.freedesktop.org/PolicyKit/tree/src/programs/pkexec.c#n411
Comment 7 Martin Pitt 2011-06-29 13:55:30 UTC
While I was playing with this I noticed that polkitd segfaults when there is a .policy file without a <message> field. I fixed that in trunk (675e4337d7f83ffaf9612cadf7f365c545c51243) while I was at it, straightforward patch. Please LART me if that was inappropriate.
Comment 8 Martin Pitt 2011-06-29 14:53:25 UTC
Created attachment 48572 [details] [review]
pkexec: Support running X11 apps

It works nicely with this patch. It checks whether org.freedesktop.policykit.exec.allow_gui is set to any nonzero value, which avoids having to check for particular variations of "yes", "True", etc.

I also updated the documentation, but tried to not encourage using this too much.

With that we can finally move the remaining few root X11 apps to pkexec, which will provide a consistent and also accessible auth UI, and make the auth dialogs less spoofable than gksu.

Tested with this .policy file:

--------------- 8< --------------
?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>

  <action id="com.ubuntu.pkexec.synaptic">
    <message>Authentication is required to run the Synaptic package manager</message>
    <icon_name>synaptic</icon_name>
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/synaptic</annotate>
    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
  </action>

</policyconfig>
--------------- 8< --------------

As before, $DISPLAY and $XAUTHORITY are not kept if the contents of the tag is empty, or the annotation is not set at all.
Comment 9 David Zeuthen (not reading bugmail) 2011-08-01 06:45:30 UTC
*** Bug 23673 has been marked as a duplicate of this bug. ***
Comment 10 David Zeuthen (not reading bugmail) 2011-08-01 06:53:41 UTC
Committed, thanks!


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.