From fbd266c63f657a2b046c77a7a209e556ec1bdf12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20B=C3=A9lair?= Date: Thu, 14 Aug 2025 10:44:16 +0200 Subject: [PATCH] aa-notify: Add --xauthority to set $XAUTHORITY under sudo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #449 Tkinter (used by aa-notify) needs the $XAUTHORITY envvar to start but on some systems (e.g. OpenSuse), sudo clears it. This change add a --xauthority command-line option to set it explicitly, so aa-notify works under sudo. Signed-off-by: Maxime BĂ©lair --- utils/aa-notify | 3 +++ utils/test/test-aa-notify.py | 15 +++++++++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/utils/aa-notify b/utils/aa-notify index eb0e1d09a..b55c29dd7 100755 --- a/utils/aa-notify +++ b/utils/aa-notify @@ -842,6 +842,7 @@ def main(): parser = argparse.ArgumentParser(description=_('Display AppArmor notifications or messages for DENIED entries.')) parser.add_argument('-p', '--poll', action='store_true', help=_('poll AppArmor logs and display notifications')) parser.add_argument('--display', type=str, help=_('set the DISPLAY environment variable (might be needed if sudo resets $DISPLAY)')) + parser.add_argument('--xauthority', type=str, help=_('set the XAUTHORITY environment variable (might be needed if sudo resets XAUTHORITY)')) parser.add_argument('-f', '--file', type=str, help=_('search FILE for AppArmor messages')) parser.add_argument('-l', '--since-last', action='store_true', help=_('display stats since last login')) parser.add_argument('-s', '--since-days', type=int, metavar=('NUM'), help=_('show stats for last NUM days (can be used alone or with -p)')) @@ -1099,6 +1100,8 @@ def main(): if args.display: os.environ['DISPLAY'] = args.display + if args.xauthority: + os.environ['XAUTHORITY'] = args.xauthority if args.poll: # Exit immediately if show_notifications is no or any of the options below diff --git a/utils/test/test-aa-notify.py b/utils/test/test-aa-notify.py index 90b479946..e6e0eb46d 100644 --- a/utils/test/test-aa-notify.py +++ b/utils/test/test-aa-notify.py @@ -167,12 +167,12 @@ class AANotifyTest(AANotifyBase): expected_return_code = 0 expected_output_1 = \ -'''usage: aa-notify [-h] [-p] [--display DISPLAY] [-f FILE] [-l] [-s NUM] [-v] - [-u USER] [-w NUM] [-m] [-F] [-L [{yes,no,auto}]] - [--prompt-filter PF] [--debug] [--filter.profile PROFILE] - [--filter.operation OPERATION] [--filter.name NAME] - [--filter.denied DENIED] [--filter.family FAMILY] - [--filter.socket SOCKET] +'''usage: aa-notify [-h] [-p] [--display DISPLAY] [--xauthority XAUTHORITY] + [-f FILE] [-l] [-s NUM] [-v] [-u USER] [-w NUM] [-m] [-F] + [-L [{yes,no,auto}]] [--prompt-filter PF] [--debug] + [--filter.profile PROFILE] [--filter.operation OPERATION] + [--filter.name NAME] [--filter.denied DENIED] + [--filter.family FAMILY] [--filter.socket SOCKET] Display AppArmor notifications or messages for DENIED entries. ''' # noqa: E128 @@ -183,6 +183,9 @@ Display AppArmor notifications or messages for DENIED entries. -p, --poll poll AppArmor logs and display notifications --display DISPLAY set the DISPLAY environment variable (might be needed if sudo resets $DISPLAY) + --xauthority XAUTHORITY + set the XAUTHORITY environment variable (might be needed + if sudo resets XAUTHORITY) -f, --file FILE search FILE for AppArmor messages -l, --since-last display stats since last login -s, --since-days NUM show stats for last NUM days (can be used alone or with