GNOME Bugzilla – Bug 776437
GParted fails to run as root under Wayland
Last modified: 2017-10-10 19:33:49 UTC
I have found that after switching from Xorg to Wayland on Ubuntu GNOME 16.10 with GNOME 3.22 that GParted does not run when I try to run it as root. That is when I click the icon and enter my password nothing happens. I have found that when running what is run when the icon is clicked that the output in Terminal is (gparted-pkexec): Created symlink /run/systemd/system/-.mount → /dev/null. Created symlink /run/systemd/system/boot-efi.mount → /dev/null. Created symlink /run/systemd/system/boot.mount → /dev/null. Created symlink /run/systemd/system/run-user-1000.mount → /dev/null. Created symlink /run/systemd/system/run-user-120.mount → /dev/null. Created symlink /run/systemd/system/tmp.mount → /dev/null. No protocol specified (gpartedbin:16832): Gtk-WARNING **: cannot open display: :0 Removed /run/systemd/system/-.mount. Removed /run/systemd/system/boot-efi.mount. Removed /run/systemd/system/boot.mount. Removed /run/systemd/system/run-user-1000.mount. Removed /run/systemd/system/run-user-120.mount. Removed /run/systemd/system/tmp.mount. So I am now unable to launch and use GParted as root which is really the only way I can run it in order to make changes. I originally reported this issue here: https://bugs.launchpad.net/ubuntu/+source/gparted/+bug/1652282 But thought I should also do so upstream.
This is a known limitation and design choice that Wayland doesn't allow root privileged applications to work. One workaround is to run the following in a terminal before running GParted to allow root applications to connect to the X server under Wayland. xhost +si:localuser:root Another workaround it to continue to use the X.org display server rather than the Wayland display server. More information can be found in the: Common Fedora 25 Bugs / Running graphical apps with root privileges (e.g. gparted) does not work on Wayland https://fedoraproject.org/wiki/Common_F25_bugs#wayland-root-apps
*** Bug 776707 has been marked as a duplicate of this bug. ***
Those workarounds are fine for now, but the real solution to boldly move us all into the Wayland future is to make GParted run its main UI as a normally-privileged user, and only request elevated permissions for actions that actually require them.
Hi Nate, For past discussion on this issue, see also: Bug 758131 - Don't run GUI as root (Was: [wayland] gparted fails to start under wayland) Curtis
> All the code is predicated on a single process querying the storage, > running the GUI and manipulating the storage. It would be a very large > task to change. For a spare time only hobby this might never get done. Sadly that will eventually result in GParted dying as more and more distros move to Wayland. :(
> For a spare time only hobby this might never get done. Curtis, transferring maintenance of GParted to GNU or GNOME teams would solve that. They have long queues for maintenance requests and it is able to finish the process (find a full time maintainer) in a fortnight.
(In reply to Erkin Alp Güney from comment #6) > > For a spare time only hobby this might never get done. > > Curtis, transferring maintenance of GParted to GNU or GNOME teams would > solve that. They have long queues for maintenance requests and it is able to > finish the process (find a full time maintainer) in a fortnight. Sounds like a whole lot of irony. Anyway, they also have gnome-disks, which has less features and a more "modern" UI.
gnome-disks is completely different. It is a frontend to udisks.
*** Bug 783932 has been marked as a duplicate of this bug. ***
GParted should not run its UI as root. It should run its UI as a regular user and use PolicyKit or something else similar to gain elevated privileges only when necessary to query or modify devices. This needed for supporting modern Linux distributives wich migrated to Wayland. Please read comments 33, 36 and 37 https://bugzilla.redhat.com/show_bug.cgi?id=1274451#c33
Created attachment 357573 [details] [review] Interim workaround for display access (draft 1) Hi Curtis, Here's an interim workaround for this bug. The patchset is only draft because of an installation issue / dilemma with the location of the polkit action file. More on that below. Suggested NEWS fragments describing the change ============================================== Release Notes ------------- Provides an interim workaround to allow GParted to run under Wayland by using xhost to grant and revoke root access to the X11 display. This must be enabled while building the software with: ./configure --enable-xhost-root Pkexec from Polkit has been made the first choice graphical SU program as all the desktops have settled on using Polkit as the privileged access mechanism. Also execution of the graphical SU program has been moved from gparted.desktop to the gparted shell wrapper. Therefore gparted can be run either by an unprivileged user or by root and as such is installed in $prefix/bin rather than $prefix/sbin. This additionally means distributions can drop their pkexec scripts used to launch gparted. Dependencies (new/updated) -------------------------- * Uses pkexec command (part of polkit) for root privilege escalation when available. * Uses xhost command to grant and revoke root access to the display when configured to do so. Issue / dilemma with polkit action file installation location ============================================================= The ./Makefile.am contains this line: polkit_actiondir = /usr/share/polkit-1/actions from this commit in the patchset: Add required polkit action file (#776437) This is to install the gparted polkit action file into that location, the only location which polkit looks for action files. (See the above mentioned commit comment for more details). Without it being there polkit won't authorise GParted to run as root. However that setting breaks 'make distcheck' because it doesn't install the file in the ./gparted-$version/_inst and is against GNU programming standards for program installations. [1][2] To make 'make distcheck' work and satisfy the standards it should be: polkit_actiondir = $(datadir)/polkit-1/actions But with the default prefix being /usr/local it will install the file into /usr/local/polkit-1/actions and fail authorising GParted as detailed above. So you can either have 'make install' do the needed thing or make have 'make distcheck' work, not both! [1] Automake Manual, 27.10 Installing to Hard-Coded Locations https://www.gnu.org/software/automake/manual/automake.html#Hard_002dCoded-Install-Paths [2] GNU Coding Standards, 7.2.5 Variables for Installation Directories https://www.gnu.org/prep/standards/standards.html#Directory-Variables I have also looked at some other packages which install polkit action files. They seem to use polkit_actiondir = $(datadir)/polkit-1/actions so I assume only produce an installion with the polkit action file installed correctly when prefix = /usr. [3][4][5][6] [3] gnome-settings-daemon plugins/power/Makefile.am polkit_policydir = $(datadir)/polkit-1/actions https://github.com/GNOME/gnome-settings-daemon/blob/master/plugins/power/Makefile.am#L16 [4] udisks data/Makefile.am polkitdir = $(datadir)/polkit-1/actions https://github.com/storaged-project/udisks/blob/master/data/Makefile.am#L31 [5] firewalld config/Makefile.am polkit1_actiondir = $(datadir)/polkit-1/actions https://github.com/firewalld/firewalld/blob/master/config/Makefile.am#L22 but firewalld also sets the default prefix to /usr with this line in configure.ac AC_PREFIX_DEFAULT([/usr]) https://github.com/firewalld/firewalld/blob/master/configure.ac#L12 configure.ac AC_PREFIX_DEFAULT([/usr]), therefore $(datadir) is [6] polkit actions/Makefile.am polkit_actiondir = $(datadir)/polkit-1/actions https://cgit.freedesktop.org/polkit/tree/actions/Makefile.am#n2 I am thinking of following GNU standards and using polkit_policydir = $(datadir)/polkit-1/actions. This will work when configured with './configure --prefix=/usr' and with 'make distcheck'. So it will work for distros building gparted packages. Then for user installations using the default prefix of /usr/local they will continue to use the distro provided copy of org.gnome.gparted.policy, if any. Otherwise there will be an extra (manual) step of copying org.gnome.gparted.policy from /usr/local/polkit-1/actions/ to /usr/polkit-1/actions/. Summary ======= Apart from the polkit action file question the patchset is quite close to being ready. Mike
Hi Mike, The draft patch in comment #11 looks pretty good to me. I did observe two locations in the comment of P 4/7 "Add required polkit action file" where "install" should be "installed". Note that all polkit action files must be install in ^^^^^^^ <snip> packages, action files must always be install in the same location. ^^^^^^^ I applaud your choice to require packagers to manually enable the --enable-xhost-root configure option. That way they make a conscious choice to enable the work-around to run on Wayland. Otherwise the default is not to use xhost. I tested on fedora 25. With --enable-xhost-root, gparted successfully runs. Without --enable-xhost-root, gparted fails to run as it cannot open the display. I also confirmed the issue regarding "make distcheck". It's too bad that we can't have it work both ways, but I do understand the dilemma. Curtis
Hi Mike, I forgot to mention another suggestion for the draft patch. We should consider including additional generated files in the .gitignore file. Some possible candidates are: .dirstamp org.gnome.gparted.policy org.gnome.gparted.policy.in Curtis
Hi Curtis, To keep you up to date; I have just asked in the automake email list to see if there are any alternative solutions to the above polkit installation location dilemma.[1] I will address the spelling issue and .gitignore entries in the next round of updates. Mike [1] Not installing to hard-coded locations vs polkit's fixed location http://lists.gnu.org/archive/html/automake/2017-08/msg00015.html
Created attachment 358405 [details] [review] Interim workaround for display access (v1) Hi Curtis, Here is patchset v1 ready for fully review. Compared to draft 1 from comment #11 the changes are: * Incrementally updates the README file in a number of patches for various changes. * P4/9 "Add required polkit action file" ** Installs polkit action file into $(datadir)/polkit-1/actions so make distcheck works, but needs to be manually installed when prefix is other than /usr. ** Documents this in the README file. ** Mark relevant strings in and the file org.gnome.gparted.policy.in.in for translation. ** Increases minimum intltool to 0.36.0 in configure.ac because of the use of INTLTOOL_POLICY_RULE in Makefile.am. ** Adds .gitignore entries for new build files org.gnome.gparted.policy{,.in}. * P6/9 "Check for pkexec >= 0.102 which supports execution of X11..." moves before P8/9 "Only when configured, grant root access to the..." * Adds new patches: P7/9 "Remove unnecessary autoconf check for pkexec --disable-inter..." P9/9 "Add .dirstamp to .gitignore" * Minor commit wording updates and corrections. Testing: 1) On Ubuntu 16.10 using Wayland display that configuring with --enable-xhost-root allows gparted run as normal user to display and without the config option gparted is not allowed to display. Note: sudo doesn't grant access to the X11 server under Wayland display so sudo gparted doesn't work. Have to run gparted as normal user to allow it to use xhost to grant root access to the display. 2) On Fedora 26 using Wayland display same results when configured with and without --enable-xhost-root. 3) On CentOS 7 with X11 display and configured without --enable-xhost-root allows gparted run as normal user and as root to display. 4) That make && make distcheck works for every commit. Thanks, Mike
Hi Mike, I've just started reviewing the patch set from comment #15. Following is the first issue I've encountered when building on kubuntu 16.04: $ make distcheck <snip> INTLTOOL_EXTRACT="/usr/bin/intltool-extract" XGETTEXT="/usr/bin/xgettext" srcdir=../../../po /usr/bin/intltool-update --gettext-package gparted --pot rm -f missing notexist srcdir=../../../po /usr/bin/intltool-update -m The following files contain translations and are currently not in use. Please consider adding these to the POTFILES.in file, located in the po/ directory. sub/org.gnome.gparted.policy.in If some of these files are left out on purpose then please add them to POTFILES.skip instead of POTFILES.in. A file 'missing' containing this list of left out files has been written in the current directory. Please report to https://bugzilla.gnome.org/enter_bug.cgi?product=gparted if [ -r missing -o -r notexist ]; then \ exit 1; \ fi Makefile:209: recipe for target 'check' failed This issue is not holding me up and I will continue with my review and testing. Curtis
Hi Curtis, It looks like the make distcheck failure is another repeat of an intltool bug we have had to workaround before: https://git.gnome.org/browse/gparted/commit/?id=4cc5103dbdd42583c3ce7481e0e4f08d16e2009a After fixing that make distcheck still fails though: $ make distcheck ... ( cd '/home/ubuntu/programming/c/gparted/gparted-0.29.0-git/_inst/share/polkit-1/actions' && rm -f org.gnome.gparted.policy ) make[2]: Leaving directory '/home/ubuntu/programming/c/gparted/gparted-0.29.0-git/_build/sub' make[1]: Leaving directory '/home/ubuntu/programming/c/gparted/gparted-0.29.0-git/_build/sub' make[1]: Entering directory '/home/ubuntu/programming/c/gparted/gparted-0.29.0-git/_build/sub' ERROR: files left after uninstall: ./share/icons/hicolor/icon-theme.cache Makefile:892: recipe for target 'distuninstallcheck' failed make[1]: *** [distuninstallcheck] Error 1 make[1]: Leaving directory '/home/ubuntu/programming/c/gparted/gparted-0.29.0-git/_build/sub' Makefile:836: recipe for target 'distcheck' failed make: *** [distcheck] Error 1 Investigation continues. Mike
Hi Mike, Thank you for this updated patch set. From a visual review I discovered only two minor typos to consider fixing: P4/9 - Add required polkit action file (#776437) intltool to 0.36.0 where it was first introduced in intllool.m4. This ^^^ intltool to 0.36.0 where it was first introduced in intltool.m4. This P8/9 - Only when configured, grant root access to the X11 display (#776437) As an interim workaround make the gparted shell wrapper uses xhost to ^^^ As an interim workaround make the gparted shell wrapper use xhost to My testing has gone fairly well. Other than the issue with 'make distcheck', gparted is able to run on both X11 and Wayland with this patch set. Following are my test steps and results. Compile with: $ ./configure --enable-xhost-root --prefix=/usr $ make # make install Run with: gparted | sudo gparted | gparted.desktop (menu) OR gparted | su -c "gparted" | gparted.desktop (menu) Test Results: Distro gparted sudo gparted gparted.desktop ------------ ---------------- ------------ ---------------- Debian 7 Works Works Root needed msg Debian 9 ### Issues compiling - Bad VM??? ### Fedora 24 Works Works Works Fedora 25 Works Can't open display Works openSUSE 42.1 Works Can't open display Works openSUSE 42.2 Works Can't open display Works Ubuntu 14.04 Root needed msg Works Root needed msg Ubuntu 17.04 Works Works Works Curtis
Created attachment 358687 [details] [review] Interim workaround for display access (v2) Hi Curtis, Here's patchset v2. It fixes make distcheck failure by adding sub/org.gnome.gparted.policy.in to POTFILES.skip and corrects the spelling mistakes. My second distcheck failure was because I was doing a parallel make, 'make -j 2 distcheck' which was leading to ERROR: files left after uninstall. Doing a single threaded 'make distcheck' works successfully. Thanks, Mike
Hi Mike, Thanks the updated patch set. My testing has gone well, with no new issues to report. Following are my test steps and additional distro results. Compile with: $ ./configure --enable-xhost-root --prefix=/usr $ make # make install Run with: gparted | sudo gparted | gparted.desktop (menu) OR gparted | su -c "gparted" | gparted.desktop (menu) Test Results: Distro gparted sudo gparted gparted.desktop ------------ ---------------- ------------ ---------------- Debian 9 [1] Works Works Works openSUSE 42.3 Works Can't open display Works Ubuntu 16.04 Works Works Works [1] My previous Debian 9 VM was indeed broken. A newly built VM has no issues when compiling GParted. Mike, in comment #11 you provided some suggested text for the NEWS announcement. Are there any changes or updates you would like made now that the patch set is working as expected? Provided there are no objections I will commit patch set v2 from comment #19 in the next day or so. Curtis
Hi Curtis, Push patchset v2 upstream when ready. Thank you for your through testing on lots of distros. The results on Ubuntu 14.04 LTS look odd though. > Distro gparted sudo gparted gparted.desktop > ------------ ---------------- ------------ ---------------- > Ubuntu 14.04 Root needed msg Works Root needed msg That would be the case if no graphical SU program was found during configure. My Ubuntu 14.04 LTS (XFCE) VM does have polkit 0.105 installed and pkexec is found during configure. I did both: ./configure --prefix=/usr/local ./configure --prefix=/usr/local --enable-xhost-root along with additionally installing the action file: sudo install -m 644 org.gnome.gparted.policy \ /usr/share/polkit-1/actions/org.gnome/gparted.local.policy and made sure that I uninstalled Ubuntu provided gparted package (so that there was only one gparted.desktop file for the desktop to choose from and/or display). In both cases (with and without --enable-xhost-root) it all worked. Distro gparted sudo gparted gparted.desktop ------------ ---------------- ------------ ---------------- Ubuntu 14.04 Works Works Works Here's an updated Release Notes section of NEWS mentioning about possibly having to manually install the polkit action file. Release Notes ------------- Provides an interim workaround to allow GParted to run under Wayland by using xhost to grant and revoke root access to the X11 display. This must be enabled while building the software with: ./configure --enable-xhost-root Pkexec from polkit has been made the first choice graphical SU program as all the desktops have settled on using polkit as the privileged access mechanism. See "Installing polkit's Action File" section in the README file for when an additional installation step may be needed. Also execution of the graphical SU program has been moved from gparted.desktop to the gparted shell wrapper. Therefore gparted can be run either by an unprivileged user or by root and as such is installed in $prefix/bin rather than $prefix/sbin. This additionally means distributions can drop their pkexec scripts used to launch gparted. Thanks, Mike
Hi Mike, Thank you for the updated NEWS text and for the tip about your Ubuntu 14.04 testing. I investigated and discovered that I had installed an older version into /usr/local. Since this older version was first in the path, my tests were running the older version. Testing with only patch set v2 installed revealed the same results as you (it all worked). Following are some changes I made to the NEWS announcement to try to highlight that installation locations are different. Please feel free to suggest further updates. *** BEGIN *** ATTENTION PACKAGERS: The install location has changed for both the gparted script and the gpartedbin executable. This release provides an interim workaround to allow GParted to run under Wayland by using xhost to grant and revoke root access to the X11 display. This must be enabled while building the software with: ./configure --enable-xhost-root Pkexec from polkit has been made the first choice graphical SU program as all the desktops have settled on using polkit as the privileged access mechanism. See "Installing polkit's Action File" section in the README file for when an additional installation step may be needed. Also changed is that execution of the graphical SU program has been moved from gparted.desktop to the gparted shell wrapper. Therefore gparted can be run either by an unprivileged user or by root and as such is installed in $prefix/bin rather than $prefix/sbin. This additionally means distributions can drop their pkexec scripts used to launch gparted. *** END *** Patch set v2 from comment #19 has been committed to the git repository for inclusion in the next release of GParted. The relevant git commits can be viewed at the following links: Move root privilege escalation into gparted wrapper script (#776437) https://git.gnome.org/browse/gparted/commit/?id=a2cc5014c652a7e15b5460fa58d9680d146c6be4 Now install gparted wrapper script into $prefix/bin (#776437) https://git.gnome.org/browse/gparted/commit/?id=778e21e94c9c5608a7087f31f1491e5744b864b8 Add detection of pkexec root privilege escalation program (#776437) https://git.gnome.org/browse/gparted/commit/?id=b47528b6f976633b49be192ab8e4e8455f95b6e4 Add required polkit action file (#776437) https://git.gnome.org/browse/gparted/commit/?id=f35e734a0c21869c5cdff61ffb2b5724e6ae431b Only install polkit action file when pkexec is used (#776437) https://git.gnome.org/browse/gparted/commit/?id=2f559ec3b5a95f8781979c80bd260ad952645f36 Check for pkexec >= 0.102 which supports execution of X11 apps (#776437) https://git.gnome.org/browse/gparted/commit/?id=11c251293e6fd156b57905409efc5464bd85b202 Remove unnecessary autoconf check for pkexec --disable-internal-agent option (#776437) https://git.gnome.org/browse/gparted/commit/?id=6f521c4d98e0fd6a33e40bd5910aacda89564126 Only when configured, grant root access to the X11 display (#776437) https://git.gnome.org/browse/gparted/commit/?id=f38ccd028425552a1116180387e5307f23b8a688 Add .dirstamp to .gitignore https://git.gnome.org/browse/gparted/commit/?id=576d0f7cbf5a8ef61840f17315e8c7b3f66d7a65 Curtis
Hi Curtis, (In reply to Curtis Gedak from comment #22) > ATTENTION PACKAGERS: > > The install location has changed for both the gparted script and the > gpartedbin executable. Only the install location of the gparted script has changed to $prefix/bin. The gpartedbin executable is still installed in $prefix/sbin as it always has. For an ATTENTION PACKAGES sentence I would say this: The installation location of the gparted script has changed and package scripts calling pkexec can be dropped. Thanks, Mike
Thanks Mike for the ATTENTION PACKAGERS correction. I have made this change in the NEWS file I am building for our next release. Curtis
This enhancement was included in the GParted 0.30.0 release on October 10, 2017.
Just updated to 0.30 on Arch, Wayland session... Clicking shell icon gparted shows a message "...only root can run it". I get "(gpartedbin:24508): Gtk-WARNING **: cannot open display: :0" running "sudo gparted" from terminal.
Hi Strangiato, "sudo gparted" does not work on all distros (see test results starting in comment #18). First ensure that all older versions of GParted are removed. Next compile and install with: ./configure --prefix=/usr --enable-xhost-root make sudo make install Then run gparted with: gparted 'Hope that helps. Curtis
In my previous comment I said "just updated". Sorry, my mistake. I just installed it from Arch testing repositories, no previous gparted release was installed.
Hi Strangiato, If you are using GParted from a distro repository, such as Arch, and experience problems then I suggest you raise the issue with that distro. Curtis