From 36546f8c358d364dbaa185776de31918df9d157b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20B=C3=A9lair?= Date: Thu, 14 Aug 2025 10:44:16 +0200 Subject: [PATCH] aa-notify: Add --xauthority to set $XAUTHORITY under sudo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #449 Tkinter (used by aa-notify) needs the $XAUTHORITY envvar to start but on some systems (e.g. OpenSuse), sudo clears it. This change add a --xauthority command-line option to set it explicitly, so aa-notify works under sudo. Signed-off-by: Maxime BĂ©lair (in master) (cherry picked from commit fbd266c63f657a2b046c77a7a209e556ec1bdf12 / https://gitlab.com/apparmor/apparmor/-/merge_requests/1771, adjusted test-aa-notify.py to 4.1 branch) --- utils/aa-notify | 3 +++ utils/test/test-aa-notify.py | 14 +++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/utils/aa-notify b/utils/aa-notify index 6425e04aa..a339c5132 100755 --- a/utils/aa-notify +++ b/utils/aa-notify @@ -646,6 +646,7 @@ def main(): parser = argparse.ArgumentParser(description=_('Display AppArmor notifications or messages for DENIED entries.')) parser.add_argument('-p', '--poll', action='store_true', help=_('poll AppArmor logs and display notifications')) parser.add_argument('--display', type=str, help=_('set the DISPLAY environment variable (might be needed if sudo resets $DISPLAY)')) + parser.add_argument('--xauthority', type=str, help=_('set the XAUTHORITY environment variable (might be needed if sudo resets XAUTHORITY)')) parser.add_argument('-f', '--file', type=str, help=_('search FILE for AppArmor messages')) parser.add_argument('-l', '--since-last', action='store_true', help=_('display stats since last login')) parser.add_argument('-s', '--since-days', type=int, metavar=('NUM'), help=_('show stats for last NUM days (can be used alone or with -p)')) @@ -873,6 +874,8 @@ def main(): if args.display: os.environ['DISPLAY'] = args.display + if args.xauthority: + os.environ['XAUTHORITY'] = args.xauthority if args.poll: # Exit immediately if show_notifications is no or any of the options below diff --git a/utils/test/test-aa-notify.py b/utils/test/test-aa-notify.py index 55e11c71e..98ceef707 100644 --- a/utils/test/test-aa-notify.py +++ b/utils/test/test-aa-notify.py @@ -195,11 +195,12 @@ class AANotifyTest(AANotifyBase): expected_return_code = 0 expected_output_1 = \ -'''usage: aa-notify [-h] [-p] [--display DISPLAY] [-f FILE] [-l] [-s NUM] [-v] - [-u USER] [-w NUM] [--prompt-filter PF] [--debug] - [--filter.profile PROFILE] [--filter.operation OPERATION] - [--filter.name NAME] [--filter.denied DENIED] - [--filter.family FAMILY] [--filter.socket SOCKET] +'''usage: aa-notify [-h] [-p] [--display DISPLAY] [--xauthority XAUTHORITY] + [-f FILE] [-l] [-s NUM] [-v] [-u USER] [-w NUM] + [--prompt-filter PF] [--debug] [--filter.profile PROFILE] + [--filter.operation OPERATION] [--filter.name NAME] + [--filter.denied DENIED] [--filter.family FAMILY] + [--filter.socket SOCKET] Display AppArmor notifications or messages for DENIED entries. ''' # noqa: E128 @@ -210,6 +211,9 @@ Display AppArmor notifications or messages for DENIED entries. -p, --poll poll AppArmor logs and display notifications --display DISPLAY set the DISPLAY environment variable (might be needed if sudo resets $DISPLAY) + --xauthority XAUTHORITY + set the XAUTHORITY environment variable (might be needed + if sudo resets XAUTHORITY) -f, --file FILE search FILE for AppArmor messages -l, --since-last display stats since last login -s, --since-days NUM show stats for last NUM days (can be used alone or with