[apparmor] aa-notify still broken :-(

Seth Arnold seth.arnold at gmail.com
Fri Sep 23 23:18:54 UTC 2011 

When I was on SuSE, undoing the env_reset option was always the second thing I fixed -- immediately after fixing sudo asking for the target user's password instead of the current user's password.

If you almost never use sudo to start graphical programs you can instead use: ssh -X root at localhost aa-notify

But guessing on a DISPLAY feels very wrong to me. Keeping one that is correct feels so much more correct than guessing a replacement.
-----Original Message-----
From: Christian Boltz <apparmor at cboltz.de>
Sender: apparmor-bounces at lists.ubuntu.com
Date: Sat, 24 Sep 2011 01:01:25 
To: <apparmor at lists.ubuntu.com>
Subject: Re: [apparmor] aa-notify still broken :-(

Hello,

Am Freitag, 23. September 2011 schrieb Christian Boltz:
> I just noticed that aa-notify is still (partly) broken :-(
> 
> If I start it with sudo ("sudo /usr/sbin/aa-notify -p" or with
> additional "-u cb"), I don't get any desktop notification :-(
> 
> If I use "su" and then "aa-notify -p -u cb", it works.

After a long debugging session with John on IRC I found out that sudo on 
openSUSE resets or deletes too many environment variables. It turned out 
that $HOME and $DISPLAY need to be set to the correct value - otherwise
$notify_exe can't connect to DBUS to display the message.

Getting the correct $HOME is easy.

$DISPLAY is a different beast - if sudo unsets it, the best thing I can
do is to hardcode it to ":0" which should fit most systems.
I'm open for better ideas, but please ACK my patch before - it makes the
situation much better compared to the current aa-notify ;-)


=== modified file 'utils/aa-notify'
--- utils/aa-notify     2011-08-17 14:48:12 +0000
+++ utils/aa-notify     2011-09-23 22:54:46 +0000
@@ -305,6 +305,12 @@
         # notify-send needs $< to be the unprivileged user
         $< = $>;
 
+        # we need correct values for $HOME and $DISPLAY environment variables, otherwise
+        # $notify_exe won't be able to connect to DBUS to display the message
+        $ENV{'HOME'} = (getpwuid $>)[7]; # homedir of the user
+        if (!defined($ENV{'DISPLAY'})) { 
+            $ENV{'DISPLAY'} = ':0'; # best-possible guess
+        }
         # 'system' uses execvp() so no shell metacharacters here.
         # $notify_exe is an absolute path so execvp won't search PATH.
         system "$notify_exe", "-i", "gtk-dialog-warning", "-u", "critical", "--", "AppArmor Message", "$msg";



Regards,

Christian Boltz
-- 
> > > Ein Update auf eine EIN JAHR alte Version?
> > Ich denke er hat einfach auf das geupdated, was bei Debian derzeit
> > als "aktuell" ausgeliefert wird...
> Ja, ist mir dann auch aufgegangen.
Immer diese "Debian-Hasser". :)
[>> nighthawk, >(>>) Ralf Hildebrandt und crandler in postfixbuch-users]

-- 
AppArmor mailing list
AppArmor at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

More information about the AppArmor mailing list