GNOME Bugzilla – Bug 763531
pkexec in .desktop no longer works
Last modified: 2017-10-05 07:43:05 UTC
I am in need of doing some diagnostics work with "xdiagnose", however when searching for it in the Activities Overview, and then clicking on it, absolutely nothing happens, when in the past it would ask me for my password so that I could run it as root. I looked further into the issue and when trying to run it through Terminal: xdiagnose This was the output I got: Error: Must run as superuser But when running it in Terminal like so: pkexec xdiagnose It prompted for the password as it normally would and should (so pkexec is not the issue). There was also no output from the command: grep -r 'xdiagnose' ~/.local/share/applications And the output of this command "grep -r 'xdiagnose' /usr/share/applications" was: /usr/share/applications/xdiagnose.desktop:Name=xdiagnose /usr/share/applications/xdiagnose.desktop:Exec=pkexec xdiagnose /usr/share/applications/xdiagnose.desktop:Icon=/usr/share/xdiagnose/icons/microscope.svg /usr/share/applications/xdiagnose.desktop:X-Ubuntu-Gettext-Domain=xdiagnose The contents of the file is this: [Desktop Entry] Name=xdiagnose GenericName=Diagnose Graphics Issues Comment=X.org Diagnostic and Repair Utility Exec=pkexec xdiagnose Icon=/usr/share/xdiagnose/icons/microscope.svg Terminal=false Type=Application Categories=System;Settings; X-Ubuntu-Gettext-Domain=xdiagnose I have reinstalled it with "sudo apt-get install --reinstall xdiagnose", however this seems to have made no difference at all to anything. I have also attempted to launch another application via the Activities Overview that uses 'pkexec' to start, and it works fine as normal. I initially experienced this issue on Ubuntu GNOME 15.04 with GNOME 3.16, then on Ubuntu GNOME 15.10 with GNOME 3.18, and now on Ubuntu GNOME 16.04 with GNOME 3.19. Though I remember a time when this issue wasn't present (probably when I was running Ubuntu GNOME 15.04 with GNOME 3.14 - I will test it and then update the report). I also initially report this issue here but thought I should also do so upstream: https://bugs.launchpad.net/ubuntu-gnome/+bug/1483276
Sorry, it seems that I am unable to get an Ubuntu GNOME 15.04 (EOL) version anywhere legit so I will be unable to test whether or not it works there with GNOME 3.14.
I am still experiencing this issue on Ubuntu GNOME 16.04 with GNOME 3.20.
I have tested this on Ubuntu Unity 16.04, and it works fine so this is most likely a GNOME issue.
The fix in this bug report: https://bugs.launchpad.net/ubuntu/xenial/+source/xdiagnose/+bug/1483276 Seemingly fixes the issue so I am closing this bug as it appears to have been a downstream issue even though strangely not affecting all and not affecting my Unity VM at the time.
Just because it was worked around in Ubuntu and just because it doesn't affect Unity does not mean that it's a Ubuntu-specific issue. Someone will need to do more investigation to find out what made 'pkexec xdiagnose' stop working from GNOME Shell's Activities Overview since this may affect other apps that try to do that too. A wrapper script whose only contents is "pkexec xdiagnose' is just a workaround.
A bug that affects gnome-shell in Ubuntu but not gnome-shell in Fedora or other distros might be a downstream bug if Ubuntu did something different in their gnome-shell packaging related to the bug. From your bug report, you haven't tested gnome-shell in other distros.
Created attachment 348678 [details] [review] app: Work around pkexec restriction when launching Unless automatic child reaping is disabled in GSpawnFlags, glib's g_spawn_* functions will reparent the spawned process to init by double-forking. Unfortunately pkexec bails out in this case[0], which means that it no longer works in .desktop files since the PID tracking removal in commit 01c6392c1373. Fix this by going back to manual child reaping when an app is launched through pkexec. [0] https://cgit.freedesktop.org/polkit/tree/src/programs/pkexec.c#n728
Thanks, patch 348678 fixes the xdiagnose test case.
(I applied it locally to gnome-shell 3.24 on Ubuntu GNOME 17.04 Beta).
Review of attachment 348678 [details] [review]: ::: src/shell-app.c @@ +1245,3 @@ + if (g_strcmp0 (g_app_info_get_executable (G_APP_INFO (app->info)), "pkexec") == 0) + { + flags |= G_SPAWN_DO_NOT_REAP_CHILD; probably should just do this unconditionally, right? There's no advantage to orphaning the children by default is there?
(In reply to cc rstrode@redhat.com not me from comment #10) ^ (oops was logged into the wrong account)
Created attachment 359356 [details] [review] app: Work around pkexec restriction when launching (In reply to cc rstrode@redhat.com not me from comment #10) > probably should just do this unconditionally, right? There's no advantage to > orphaning the children by default is there? Not as far as I can see, other than letting GLib do the cleanup for us. Of course if we handle the cleanup for *some* apps, we can do it just as well for all of them ...
Review of attachment 359356 [details] [review]: looks good to me.
Attachment 359356 [details] pushed as 053b8da - app: Work around pkexec restriction when launching