Merge aa-notify: Add --xauthority to set $XAUTHORITY under sudo

Fixes #449 Tkinter (used by aa-notify) needs the $XAUTHORITY envvar to start but on some systems (e.g. OpenSuse), sudo clears it. This change add a --xauthority command-line option to set it explicitly, so aa-notify works under sudo. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com> Closes #449 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1771 Approved-by: Christian Boltz <apparmor@cboltz.de> Merged-by: Christian Boltz <apparmor@cboltz.de>
2025-08-22 10:07:12 +00:00 · 2025-08-14 11:36:15 +00:00 · 2025-08-14 11:36:15 +00:00 · 862d8ec9fc
commit 862d8ec9fc
parent a8875460ed fbd266c63f
2 changed files with 12 additions and 6 deletions
--- a/utils/aa-notify
+++ b/utils/aa-notify
@ -842,6 +842,7 @@ def main():
    parser = argparse.ArgumentParser(description=_('Display AppArmor notifications or messages for DENIED entries.'))
    parser.add_argument('-p', '--poll', action='store_true', help=_('poll AppArmor logs and display notifications'))
    parser.add_argument('--display', type=str, help=_('set the DISPLAY environment variable (might be needed if sudo resets $DISPLAY)'))
    parser.add_argument('--xauthority', type=str, help=_('set the XAUTHORITY environment variable (might be needed if sudo resets XAUTHORITY)'))
    parser.add_argument('-f', '--file', type=str, help=_('search FILE for AppArmor messages'))
    parser.add_argument('-l', '--since-last', action='store_true', help=_('display stats since last login'))
    parser.add_argument('-s', '--since-days', type=int, metavar=('NUM'), help=_('show stats for last NUM days (can be used alone or with -p)'))
@ -1099,6 +1100,8 @@ def main():
    if args.display:
        os.environ['DISPLAY'] = args.display
    if args.xauthority:
        os.environ['XAUTHORITY'] = args.xauthority
    if args.poll:
        # Exit immediately if show_notifications is no or any of the options below
--- a/utils/test/test-aa-notify.py
+++ b/utils/test/test-aa-notify.py
@ -167,12 +167,12 @@ class AANotifyTest(AANotifyBase):
        expected_return_code = 0
        expected_output_1 = \
-'''usage: aa-notify [-h] [-p] [--display DISPLAY] [-f FILE] [-l] [-s NUM] [-v]
+'''usage: aa-notify [-h] [-p] [--display DISPLAY] [--xauthority XAUTHORITY]
-                 [-u USER] [-w NUM] [-m] [-F] [-L [{yes,no,auto}]]
+                 [-f FILE] [-l] [-s NUM] [-v] [-u USER] [-w NUM] [-m] [-F]
-                 [--prompt-filter PF] [--debug] [--filter.profile PROFILE]
+                 [-L [{yes,no,auto}]] [--prompt-filter PF] [--debug]
-                 [--filter.operation OPERATION] [--filter.name NAME]
+                 [--filter.profile PROFILE] [--filter.operation OPERATION]
-                 [--filter.denied DENIED] [--filter.family FAMILY]
+                 [--filter.name NAME] [--filter.denied DENIED]
-                 [--filter.socket SOCKET]
+                 [--filter.family FAMILY] [--filter.socket SOCKET]
 Display AppArmor notifications or messages for DENIED entries.
 '''  # noqa: E128
@ -183,6 +183,9 @@ Display AppArmor notifications or messages for DENIED entries.
  -p, --poll            poll AppArmor logs and display notifications
  --display DISPLAY     set the DISPLAY environment variable (might be needed if
                        sudo resets $DISPLAY)
  --xauthority XAUTHORITY
                        set the XAUTHORITY environment variable (might be needed
                        if sudo resets XAUTHORITY)
  -f, --file FILE       search FILE for AppArmor messages
  -l, --since-last      display stats since last login
  -s, --since-days NUM  show stats for last NUM days (can be used alone or with