Merge [4.1] aa-notify: Add --xauthority to set $XAUTHORITY under sudo

Fixes #449 Tkinter (used by aa-notify) needs the $XAUTHORITY envvar to start but on some systems (e.g. OpenSuse), sudo clears it. This change add a --xauthority command-line option to set it explicitly, so aa-notify works under sudo. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com> (in master) (cherry picked from commit fbd266c63f657a2b046c77a7a209e556ec1bdf12 / https://gitlab.com/apparmor/apparmor/-/merge_requests/1771, adjusted test-aa-notify.py to 4.1 branch) MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1772 Approved-by: Maxime Bélair <maxime.belair@canonical.com> Merged-by: John Johansen <john@jjmx.net>
2025-08-21 17:47:10 +00:00 · 2025-08-14 12:33:23 +00:00 · 2025-08-14 12:33:23 +00:00 · d9dd03c1ed
commit d9dd03c1ed
parent 2a274ff616 36546f8c35
2 changed files with 12 additions and 5 deletions
--- a/utils/aa-notify
+++ b/utils/aa-notify
@ -646,6 +646,7 @@ def main():
    parser = argparse.ArgumentParser(description=_('Display AppArmor notifications or messages for DENIED entries.'))
    parser.add_argument('-p', '--poll', action='store_true', help=_('poll AppArmor logs and display notifications'))
    parser.add_argument('--display', type=str, help=_('set the DISPLAY environment variable (might be needed if sudo resets $DISPLAY)'))
+    parser.add_argument('--xauthority', type=str, help=_('set the XAUTHORITY environment variable (might be needed if sudo resets XAUTHORITY)'))
    parser.add_argument('-f', '--file', type=str, help=_('search FILE for AppArmor messages'))
    parser.add_argument('-l', '--since-last', action='store_true', help=_('display stats since last login'))
    parser.add_argument('-s', '--since-days', type=int, metavar=('NUM'), help=_('show stats for last NUM days (can be used alone or with -p)'))
@ -873,6 +874,8 @@ def main():

    if args.display:
        os.environ['DISPLAY'] = args.display
+    if args.xauthority:
+        os.environ['XAUTHORITY'] = args.xauthority

    if args.poll:
        # Exit immediately if show_notifications is no or any of the options below
--- a/utils/test/test-aa-notify.py
+++ b/utils/test/test-aa-notify.py
@ -195,11 +195,12 @@ class AANotifyTest(AANotifyBase):

        expected_return_code = 0
        expected_output_1 = \
-'''usage: aa-notify [-h] [-p] [--display DISPLAY] [-f FILE] [-l] [-s NUM] [-v]
-                 [-u USER] [-w NUM] [--prompt-filter PF] [--debug]
-                 [--filter.profile PROFILE] [--filter.operation OPERATION]
-                 [--filter.name NAME] [--filter.denied DENIED]
-                 [--filter.family FAMILY] [--filter.socket SOCKET]
+'''usage: aa-notify [-h] [-p] [--display DISPLAY] [--xauthority XAUTHORITY]
+                 [-f FILE] [-l] [-s NUM] [-v] [-u USER] [-w NUM]
+                 [--prompt-filter PF] [--debug] [--filter.profile PROFILE]
+                 [--filter.operation OPERATION] [--filter.name NAME]
+                 [--filter.denied DENIED] [--filter.family FAMILY]
+                 [--filter.socket SOCKET]

 Display AppArmor notifications or messages for DENIED entries.
 '''  # noqa: E128
@ -210,6 +211,9 @@ Display AppArmor notifications or messages for DENIED entries.
  -p, --poll            poll AppArmor logs and display notifications
  --display DISPLAY     set the DISPLAY environment variable (might be needed if
                        sudo resets $DISPLAY)
+  --xauthority XAUTHORITY
+                        set the XAUTHORITY environment variable (might be needed
+                        if sudo resets XAUTHORITY)
  -f, --file FILE       search FILE for AppArmor messages
  -l, --since-last      display stats since last login
  -s, --since-days NUM  show stats for last NUM days (can be used alone or with