Bug 91071 - XWayland security settings prohibits applications running as root from connecting by default
Summary: XWayland security settings prohibits applications running as root from connec...
Alias: None
Product: Wayland
Classification: Unclassified
Component: XWayland (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Wayland bug list
QA Contact: Xorg Project Team
Depends on:
Reported: 2015-06-23 11:38 UTC by nerdopolis1
Modified: 2018-06-04 07:21 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Description nerdopolis1 2015-06-23 11:38:21 UTC

It seems the security changes in XWayland prevents applications running as root from connecting. The users will have to run xhost +LOCAL: in order to run a graphical application as root

There are a few graphical applications that run as root (Some applications I can think of is ubiquity (The Ubuntu installer) and synaptic), 

These applications, even ones that are built against a toolkit that supports Wayland, connect to X because most *sudo applications strip out $WAYLAND_DISPLAY by default (along with all other variables). 

Is there a way to whitelist root by default, if it makes sense to do so? It makes sense to keep the other users out though...

Most Wayland servers I think currently allow applications running as root to connect. (including Weston)
Comment 1 Alan Coopersmith 2015-06-23 15:03:54 UTC
xhost +si:localuser:root
Comment 2 nerdopolis1 2015-06-23 15:54:04 UTC
...I did post the wrong xhost command... I guess gksudo & kdesudo will need to be updated to do this...?
Comment 3 Daniel Stone 2015-06-23 16:29:14 UTC
Or, whoever spawns the session (e.g. Weston) would have to generate their own X authority data, add that manually to the server, and then set $XAUTHORITY for clients.
Comment 4 Daniel Stone 2018-06-04 07:21:46 UTC
Marking as NOTABUG, since the 'localuser' change works for all kinds of X sessions (Xwayland as well as native) and is better by being more explicitly targeted.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.