Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--sudouser cannot run GUI applications with sudo #307

Closed
mviereck opened this issue Nov 29, 2020 · 4 comments
Closed

--sudouser cannot run GUI applications with sudo #307

mviereck opened this issue Nov 29, 2020 · 4 comments
Labels
bug

Comments

@mviereck
Copy link
Owner

mviereck commented Nov 29, 2020
edited
Loading

If running a container with --sudouser, running GUI applications with su or sudo fails with an authentication error.
DISPLAY and XAUTHORITY are set correctly.
Running with --user=root instead works fine.

Workarounds found so far:

  • Run with --sudouser --xoverip
  • Run with --sudouser --hostnet

A message explaining the workarounds is shown if one uses --sudouser.

I am not exactly sure why it does not work to run GUI applications with sudo, but --user=root works.
X has some sort of dbus authentication next to the classic XAUTHORITY cookie method.
This might explain why --xoverip and --hostnet can be used as a workaround. But this does not explain the different behaviour of sudo vs. --user=root. For that case I would expect to fail --user=root the same way like sudo with --sudouser does.
@mviereck mviereck added the bug label Nov 29, 2020
@mviereck mviereck mentioned this issue Nov 29, 2020
Closed
@hongyi-zhao
Copy link

I tried you above suggestion with --home --user=root --sudouser, and meet the following error:

x11docker ERROR: Option --home: Could not create persistent home folder for
  user 'root' on host. Can e.g. happen with option --user.
  Four possibilities to solve issue:
  1.) Run x11docker one time as user 'root'.
  2.) Run x11docker one time as user 'root'.
  3.) Use option --home=DIR with DIR pointing to a writeable folder.
  4.) Use option --home=VOLUME to use a docker volume.

Very strange, in the above message, 1.) and 2.) are completely same.

@mviereck
Copy link
Owner Author

mviereck commented Nov 29, 2020
edited
Loading

Very strange, in the above message, 1.) and 2.) are completely same.

ok, hat looks a bit odd here. It would look different if you would run with another user name, e.g. --user=someoneelse.
However, that is not related to the X authentication issue of this ticket but a special case of --home --user=root.

@hongyi-zhao
Copy link

hongyi-zhao commented Nov 30, 2020
edited
Loading

I still can't figure out why x11docker prevent the use of the following two options at the same time:

--home --user=root

@mviereck
Copy link
Owner Author

mviereck commented Nov 30, 2020
edited
Loading

I still can't figure out why x11docker prevent the use of the following two options at the same time:
--home --user=root

This would need access to HOME of root, i.e. folder /root on host. You would need to run x11docker as root to allow this, at least one time to let it create /root/.local/share/x11docker/IMAGENAME. Your regular user werner is not allowed to do this.

@mviereck mviereck closed this as completed Dec 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hongyi-zhao @mviereck