| 1 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 2 |
DENIED
|
moderate
|
App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
} |
|
Show voter details
|
| 3 |
DENIED
|
edit
|
App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
} |
|
Show voter details
|
| 4 |
DENIED
|
moderate
|
App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
} |
|
Show voter details
|
| 5 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 6 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4209
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: App\Entity\EntryComment {#4063 …}
+root: App\Entity\EntryComment {#4063 …}
+body: "Does waypipe also work with XWayland apps?"
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1705167825 {#4210
date: 2024-01-13 18:43:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@shadowintheday2@lemmy.world"
"@skullgiver@popplesburger.hilciferous.nl"
]
+children: Doctrine\ORM\PersistentCollection {#4206 …}
+nested: Doctrine\ORM\PersistentCollection {#4202 …}
+votes: Doctrine\ORM\PersistentCollection {#4200 …}
+reports: Doctrine\ORM\PersistentCollection {#4215 …}
+favourites: Doctrine\ORM\PersistentCollection {#4217 …}
+notifications: Doctrine\ORM\PersistentCollection {#4219 …}
-id: 305773
-bodyTs: "'also':3 'app':7 'waypip':2 'work':4 'xwayland':6"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6649284"
+editedAt: null
+createdAt: DateTimeImmutable @1705167825 {#4213
date: 2024-01-13 18:43:45.0 +01:00
}
} |
|
Show voter details
|
| 7 |
DENIED
|
edit
|
App\Entity\EntryComment {#4209
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: App\Entity\EntryComment {#4063 …}
+root: App\Entity\EntryComment {#4063 …}
+body: "Does waypipe also work with XWayland apps?"
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1705167825 {#4210
date: 2024-01-13 18:43:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@shadowintheday2@lemmy.world"
"@skullgiver@popplesburger.hilciferous.nl"
]
+children: Doctrine\ORM\PersistentCollection {#4206 …}
+nested: Doctrine\ORM\PersistentCollection {#4202 …}
+votes: Doctrine\ORM\PersistentCollection {#4200 …}
+reports: Doctrine\ORM\PersistentCollection {#4215 …}
+favourites: Doctrine\ORM\PersistentCollection {#4217 …}
+notifications: Doctrine\ORM\PersistentCollection {#4219 …}
-id: 305773
-bodyTs: "'also':3 'app':7 'waypip':2 'work':4 'xwayland':6"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6649284"
+editedAt: null
+createdAt: DateTimeImmutable @1705167825 {#4213
date: 2024-01-13 18:43:45.0 +01:00
}
} |
|
Show voter details
|
| 8 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4209
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: App\Entity\EntryComment {#4063 …}
+root: App\Entity\EntryComment {#4063 …}
+body: "Does waypipe also work with XWayland apps?"
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1705167825 {#4210
date: 2024-01-13 18:43:45.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@shadowintheday2@lemmy.world"
"@skullgiver@popplesburger.hilciferous.nl"
]
+children: Doctrine\ORM\PersistentCollection {#4206 …}
+nested: Doctrine\ORM\PersistentCollection {#4202 …}
+votes: Doctrine\ORM\PersistentCollection {#4200 …}
+reports: Doctrine\ORM\PersistentCollection {#4215 …}
+favourites: Doctrine\ORM\PersistentCollection {#4217 …}
+notifications: Doctrine\ORM\PersistentCollection {#4219 …}
-id: 305773
-bodyTs: "'also':3 'app':7 'waypip':2 'work':4 'xwayland':6"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6649284"
+editedAt: null
+createdAt: DateTimeImmutable @1705167825 {#4213
date: 2024-01-13 18:43:45.0 +01:00
}
} |
|
Show voter details
|
| 9 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 10 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4106
+user: App\Entity\User {#4087 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: null
+root: null
+body: """
I got interested, so I spent some time looking into what’s going on here. I’m not intimately familiar with X11 or Wayland, but I figured out some stuff.\n
\n
Why `sudo ip netns exec protected sudo -u user -i` doesn’t work for X11 apps\n
----------------------------------------------------------------------------\n
\n
Short answer: file permissions and abstract unix sockets (which I didn’t know were a thing before now).\n
\n
File permissions: when I start an X11 login session, the `DISPLAY` is `:0` and `/tmp/.X11-unix/` has only 1 file `X0`. This file has 777 access. When I start my wayland session with Xwayland, the `DISPLAY` is `:1` and `/tmp/.X11-unix/` has 2 files `X0` (777) and `X1` (755). I can’t figure out how to connect to display `:0`, so I guess I’m stuck with `:1`. When you change to a different (non-root) user, the user no longer has access to `/tmp/.X11-unix/X1`.\n
\n
Abstract unix sockets: When I start my wayland/xwayland session, it creates abstract unix sockets with ids `@/tmp/.X11-unix/X0` and `@/tmp/.X11-unix/X1`. See `ss -lnp | grep Xwayland`. The network namespace also sandboxes these abstract unix sockets. Compare `socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN` and `sudo ip netns exec private socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN`.\n
\n
When you do `sudo ip netns exec protected su - user`, you loose access to both the filesystem unix socket `/tmp/.X11-unix/X1` and the abstract unix socket `@/tmp/.X11-unix/X1`. You need access to one or the other for X11 applications to work.\n
\n
I tried using socat to forward X1 such that it works in the network namespace… and it kinda works. `sudo ip netns exec protected socat ABSTRACT-LISTEN:/tmp/.X11-unix/X1,fork UNIX-CONNECT:/tmp/.X11-unix/X1`. It appears having ABSTRACT-LISTEN before UNIX-CONNECT is important, I guess it would be worth it to properly learn socat. With this `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 xmessage hi’` works, but `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 QT_QPA_PLATFORM=xcb kcalc’` does not work. 😞\n
\n
Changing the file permissions on `/tmp/.X11-unix/X1` to give the user access seems to work better.\n
\n
Wayland waypipe\n
---------------\n
\n
Waypipe works as advertised. But it’s still a little bit tricky because you need to have two separate processes for the waypipe client and server, wait for the waypipe socket to be created, adjust file permissions for the waypipe socket file, and set (and probably mkdir) `XDG_RUNTIME_DIR`.\n
\n
```\n
\n
<span style="color:#323232;">waypipe -s /tmp/mywaypipe client &\n
</span><span style="color:#323232;">sleep 0.1\n
</span><span style="color:#323232;">chgrp shared-display /tmp/mywaypipe\n
</span><span style="color:#323232;">chmod g+w /tmp/mywaypipe\n
</span><span style="color:#323232;">sudo ip netns exec protected su - testuser -c 'mkdir -p -m 0700 /tmp/runtime-testuser && env XDG_RUNTIME_DIR=/tmp/runtime-testuser waypipe -s /tmp/mywaypipe server -- env QT_QPA_PLATFORM=wayland kcalc'\n
</span><span style="color:#323232;">kill -SIGINT %1\n
</span>\n
```\n
\n
Combined\n
--------\n
\n
into this script [github.com/…/run-netns-user-wayland.bash](https://github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1725312343 {#4112
date: 2024-09-02 23:25:43.0 +02:00
}
+ip: null
+tags: [
"323232"
]
+mentions: [
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4103 …}
+nested: Doctrine\ORM\PersistentCollection {#4101 …}
+votes: Doctrine\ORM\PersistentCollection {#4100 …}
+reports: Doctrine\ORM\PersistentCollection {#4091 …}
+favourites: Doctrine\ORM\PersistentCollection {#4094 …}
+notifications: Doctrine\ORM\PersistentCollection {#4089 …}
-id: 309187
-bodyTs: "'/run-netns-user-wayland.bash':451 '/tmp/.x11-unix':79,103 '/tmp/.x11-unix/x0':165 '/tmp/.x11-unix/x1':148,167,187,199,220,226,268,273,338 '/tmp/mywaypipe':402,410,414,435 '/tmp/runtime-testuser':427,432 '/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':454 '0':77,122 '0.1':405 '0700':426 '1':82,101,130,309,324,445 '2':105 '755':111 '777':88,108 'abstract':52,149,160,179,185,197,223,266,278 'abstract-connect':184,196 'abstract-listen':265,277 'access':89,146,213,229,343 'adjust':384 'advertis':353 'also':176 'answer':48 'app':46 'appear':275 'applic':237 'better':347 'bit':360 'c':306,321,422 'chang':133,333 'chgrp':406 'chmod':411 'client':373,403 'combin':446 'compar':182 'connect':119,186,198,272,283 'creat':159,383 'didn':57 'differ':136 'dir':399,431 'display':75,99,121,308,323,409 'doesn':41 'env':307,322,428,437 'exec':35,193,207,262,302,317,418 'familiar':20 'figur':27,115 'file':49,65,83,86,106,335,385,391 'filesystem':217 'fork':269 'forward':245 'g':412 'github.com':450,453 'github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':452 'give':340 'go':13 'got':2 'grep':171 'guess':125,287 'hi':311 'id':164 'import':285 'interest':3 'intim':19 'ip':33,191,205,260,300,315,416 'kcalc':329,442 'kill':443 'kinda':257 'know':59 'learn':295 'listen':267,279 'littl':359 'lnp':170 'login':72 'longer':144 'look':9 'loos':212 'm':17,127,425 'mkdir':396,423 'namespac':175,254 'need':228,364 'netn':34,192,206,261,301,316,417 'network':174,253 'non':138 'non-root':137 'one':231 'p':424 'permiss':50,66,336,386 'platform':327,440 'privat':194 'probabl':395 'process':369 'proper':294 'protect':36,208,263,303,318,419 'qpa':326,439 'qt':325,438 'root':139 'runtim':398,430 'sandbox':177 'script':449 'see':168 'seem':344 'separ':368 'server':375,436 'session':73,95,157 'set':393 'share':408 'shared-display':407 'short':47 'sigint':444 'sleep':404 'socat':183,195,243,264,296 'socket':54,151,162,181,219,225,380,390 'spent':6 'ss':169 'start':69,92,154 'stdin':188,200 'still':357 'stuck':128 'stuff':30 'su':209,304,319,420 'sudo':32,37,190,204,259,299,314,415 'testus':305,320,421 'thing':62 'time':8 'tri':241 'tricki':361 'two':367 'u':38 'unix':53,150,161,180,218,224,271,282 'unix-connect':270,281 'use':242 'user':39,140,142,210,342 'w':413 'wait':376 'wayland':24,94,348,441 'wayland/xwayland':156 'waypip':349,350,372,379,389,400,433 'work':43,239,250,258,312,332,346,351 'worth':291 'would':289 'x0':84,107 'x1':110,246 'x11':22,45,71,236 'xcb':328 'xdg':397,429 'xmessag':310 'xwayland':97,172"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6694986"
+editedAt: DateTimeImmutable @1723633148 {#4108
date: 2024-08-14 12:59:08.0 +02:00
}
+createdAt: DateTimeImmutable @1705271475 {#4110
date: 2024-01-14 23:31:15.0 +01:00
}
} |
|
Show voter details
|
| 11 |
DENIED
|
edit
|
App\Entity\EntryComment {#4106
+user: App\Entity\User {#4087 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: null
+root: null
+body: """
I got interested, so I spent some time looking into what’s going on here. I’m not intimately familiar with X11 or Wayland, but I figured out some stuff.\n
\n
Why `sudo ip netns exec protected sudo -u user -i` doesn’t work for X11 apps\n
----------------------------------------------------------------------------\n
\n
Short answer: file permissions and abstract unix sockets (which I didn’t know were a thing before now).\n
\n
File permissions: when I start an X11 login session, the `DISPLAY` is `:0` and `/tmp/.X11-unix/` has only 1 file `X0`. This file has 777 access. When I start my wayland session with Xwayland, the `DISPLAY` is `:1` and `/tmp/.X11-unix/` has 2 files `X0` (777) and `X1` (755). I can’t figure out how to connect to display `:0`, so I guess I’m stuck with `:1`. When you change to a different (non-root) user, the user no longer has access to `/tmp/.X11-unix/X1`.\n
\n
Abstract unix sockets: When I start my wayland/xwayland session, it creates abstract unix sockets with ids `@/tmp/.X11-unix/X0` and `@/tmp/.X11-unix/X1`. See `ss -lnp | grep Xwayland`. The network namespace also sandboxes these abstract unix sockets. Compare `socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN` and `sudo ip netns exec private socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN`.\n
\n
When you do `sudo ip netns exec protected su - user`, you loose access to both the filesystem unix socket `/tmp/.X11-unix/X1` and the abstract unix socket `@/tmp/.X11-unix/X1`. You need access to one or the other for X11 applications to work.\n
\n
I tried using socat to forward X1 such that it works in the network namespace… and it kinda works. `sudo ip netns exec protected socat ABSTRACT-LISTEN:/tmp/.X11-unix/X1,fork UNIX-CONNECT:/tmp/.X11-unix/X1`. It appears having ABSTRACT-LISTEN before UNIX-CONNECT is important, I guess it would be worth it to properly learn socat. With this `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 xmessage hi’` works, but `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 QT_QPA_PLATFORM=xcb kcalc’` does not work. 😞\n
\n
Changing the file permissions on `/tmp/.X11-unix/X1` to give the user access seems to work better.\n
\n
Wayland waypipe\n
---------------\n
\n
Waypipe works as advertised. But it’s still a little bit tricky because you need to have two separate processes for the waypipe client and server, wait for the waypipe socket to be created, adjust file permissions for the waypipe socket file, and set (and probably mkdir) `XDG_RUNTIME_DIR`.\n
\n
```\n
\n
<span style="color:#323232;">waypipe -s /tmp/mywaypipe client &\n
</span><span style="color:#323232;">sleep 0.1\n
</span><span style="color:#323232;">chgrp shared-display /tmp/mywaypipe\n
</span><span style="color:#323232;">chmod g+w /tmp/mywaypipe\n
</span><span style="color:#323232;">sudo ip netns exec protected su - testuser -c 'mkdir -p -m 0700 /tmp/runtime-testuser && env XDG_RUNTIME_DIR=/tmp/runtime-testuser waypipe -s /tmp/mywaypipe server -- env QT_QPA_PLATFORM=wayland kcalc'\n
</span><span style="color:#323232;">kill -SIGINT %1\n
</span>\n
```\n
\n
Combined\n
--------\n
\n
into this script [github.com/…/run-netns-user-wayland.bash](https://github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1725312343 {#4112
date: 2024-09-02 23:25:43.0 +02:00
}
+ip: null
+tags: [
"323232"
]
+mentions: [
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4103 …}
+nested: Doctrine\ORM\PersistentCollection {#4101 …}
+votes: Doctrine\ORM\PersistentCollection {#4100 …}
+reports: Doctrine\ORM\PersistentCollection {#4091 …}
+favourites: Doctrine\ORM\PersistentCollection {#4094 …}
+notifications: Doctrine\ORM\PersistentCollection {#4089 …}
-id: 309187
-bodyTs: "'/run-netns-user-wayland.bash':451 '/tmp/.x11-unix':79,103 '/tmp/.x11-unix/x0':165 '/tmp/.x11-unix/x1':148,167,187,199,220,226,268,273,338 '/tmp/mywaypipe':402,410,414,435 '/tmp/runtime-testuser':427,432 '/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':454 '0':77,122 '0.1':405 '0700':426 '1':82,101,130,309,324,445 '2':105 '755':111 '777':88,108 'abstract':52,149,160,179,185,197,223,266,278 'abstract-connect':184,196 'abstract-listen':265,277 'access':89,146,213,229,343 'adjust':384 'advertis':353 'also':176 'answer':48 'app':46 'appear':275 'applic':237 'better':347 'bit':360 'c':306,321,422 'chang':133,333 'chgrp':406 'chmod':411 'client':373,403 'combin':446 'compar':182 'connect':119,186,198,272,283 'creat':159,383 'didn':57 'differ':136 'dir':399,431 'display':75,99,121,308,323,409 'doesn':41 'env':307,322,428,437 'exec':35,193,207,262,302,317,418 'familiar':20 'figur':27,115 'file':49,65,83,86,106,335,385,391 'filesystem':217 'fork':269 'forward':245 'g':412 'github.com':450,453 'github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':452 'give':340 'go':13 'got':2 'grep':171 'guess':125,287 'hi':311 'id':164 'import':285 'interest':3 'intim':19 'ip':33,191,205,260,300,315,416 'kcalc':329,442 'kill':443 'kinda':257 'know':59 'learn':295 'listen':267,279 'littl':359 'lnp':170 'login':72 'longer':144 'look':9 'loos':212 'm':17,127,425 'mkdir':396,423 'namespac':175,254 'need':228,364 'netn':34,192,206,261,301,316,417 'network':174,253 'non':138 'non-root':137 'one':231 'p':424 'permiss':50,66,336,386 'platform':327,440 'privat':194 'probabl':395 'process':369 'proper':294 'protect':36,208,263,303,318,419 'qpa':326,439 'qt':325,438 'root':139 'runtim':398,430 'sandbox':177 'script':449 'see':168 'seem':344 'separ':368 'server':375,436 'session':73,95,157 'set':393 'share':408 'shared-display':407 'short':47 'sigint':444 'sleep':404 'socat':183,195,243,264,296 'socket':54,151,162,181,219,225,380,390 'spent':6 'ss':169 'start':69,92,154 'stdin':188,200 'still':357 'stuck':128 'stuff':30 'su':209,304,319,420 'sudo':32,37,190,204,259,299,314,415 'testus':305,320,421 'thing':62 'time':8 'tri':241 'tricki':361 'two':367 'u':38 'unix':53,150,161,180,218,224,271,282 'unix-connect':270,281 'use':242 'user':39,140,142,210,342 'w':413 'wait':376 'wayland':24,94,348,441 'wayland/xwayland':156 'waypip':349,350,372,379,389,400,433 'work':43,239,250,258,312,332,346,351 'worth':291 'would':289 'x0':84,107 'x1':110,246 'x11':22,45,71,236 'xcb':328 'xdg':397,429 'xmessag':310 'xwayland':97,172"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6694986"
+editedAt: DateTimeImmutable @1723633148 {#4108
date: 2024-08-14 12:59:08.0 +02:00
}
+createdAt: DateTimeImmutable @1705271475 {#4110
date: 2024-01-14 23:31:15.0 +01:00
}
} |
|
Show voter details
|
| 12 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4106
+user: App\Entity\User {#4087 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: null
+root: null
+body: """
I got interested, so I spent some time looking into what’s going on here. I’m not intimately familiar with X11 or Wayland, but I figured out some stuff.\n
\n
Why `sudo ip netns exec protected sudo -u user -i` doesn’t work for X11 apps\n
----------------------------------------------------------------------------\n
\n
Short answer: file permissions and abstract unix sockets (which I didn’t know were a thing before now).\n
\n
File permissions: when I start an X11 login session, the `DISPLAY` is `:0` and `/tmp/.X11-unix/` has only 1 file `X0`. This file has 777 access. When I start my wayland session with Xwayland, the `DISPLAY` is `:1` and `/tmp/.X11-unix/` has 2 files `X0` (777) and `X1` (755). I can’t figure out how to connect to display `:0`, so I guess I’m stuck with `:1`. When you change to a different (non-root) user, the user no longer has access to `/tmp/.X11-unix/X1`.\n
\n
Abstract unix sockets: When I start my wayland/xwayland session, it creates abstract unix sockets with ids `@/tmp/.X11-unix/X0` and `@/tmp/.X11-unix/X1`. See `ss -lnp | grep Xwayland`. The network namespace also sandboxes these abstract unix sockets. Compare `socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN` and `sudo ip netns exec private socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN`.\n
\n
When you do `sudo ip netns exec protected su - user`, you loose access to both the filesystem unix socket `/tmp/.X11-unix/X1` and the abstract unix socket `@/tmp/.X11-unix/X1`. You need access to one or the other for X11 applications to work.\n
\n
I tried using socat to forward X1 such that it works in the network namespace… and it kinda works. `sudo ip netns exec protected socat ABSTRACT-LISTEN:/tmp/.X11-unix/X1,fork UNIX-CONNECT:/tmp/.X11-unix/X1`. It appears having ABSTRACT-LISTEN before UNIX-CONNECT is important, I guess it would be worth it to properly learn socat. With this `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 xmessage hi’` works, but `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 QT_QPA_PLATFORM=xcb kcalc’` does not work. 😞\n
\n
Changing the file permissions on `/tmp/.X11-unix/X1` to give the user access seems to work better.\n
\n
Wayland waypipe\n
---------------\n
\n
Waypipe works as advertised. But it’s still a little bit tricky because you need to have two separate processes for the waypipe client and server, wait for the waypipe socket to be created, adjust file permissions for the waypipe socket file, and set (and probably mkdir) `XDG_RUNTIME_DIR`.\n
\n
```\n
\n
<span style="color:#323232;">waypipe -s /tmp/mywaypipe client &\n
</span><span style="color:#323232;">sleep 0.1\n
</span><span style="color:#323232;">chgrp shared-display /tmp/mywaypipe\n
</span><span style="color:#323232;">chmod g+w /tmp/mywaypipe\n
</span><span style="color:#323232;">sudo ip netns exec protected su - testuser -c 'mkdir -p -m 0700 /tmp/runtime-testuser && env XDG_RUNTIME_DIR=/tmp/runtime-testuser waypipe -s /tmp/mywaypipe server -- env QT_QPA_PLATFORM=wayland kcalc'\n
</span><span style="color:#323232;">kill -SIGINT %1\n
</span>\n
```\n
\n
Combined\n
--------\n
\n
into this script [github.com/…/run-netns-user-wayland.bash](https://github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1725312343 {#4112
date: 2024-09-02 23:25:43.0 +02:00
}
+ip: null
+tags: [
"323232"
]
+mentions: [
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4103 …}
+nested: Doctrine\ORM\PersistentCollection {#4101 …}
+votes: Doctrine\ORM\PersistentCollection {#4100 …}
+reports: Doctrine\ORM\PersistentCollection {#4091 …}
+favourites: Doctrine\ORM\PersistentCollection {#4094 …}
+notifications: Doctrine\ORM\PersistentCollection {#4089 …}
-id: 309187
-bodyTs: "'/run-netns-user-wayland.bash':451 '/tmp/.x11-unix':79,103 '/tmp/.x11-unix/x0':165 '/tmp/.x11-unix/x1':148,167,187,199,220,226,268,273,338 '/tmp/mywaypipe':402,410,414,435 '/tmp/runtime-testuser':427,432 '/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':454 '0':77,122 '0.1':405 '0700':426 '1':82,101,130,309,324,445 '2':105 '755':111 '777':88,108 'abstract':52,149,160,179,185,197,223,266,278 'abstract-connect':184,196 'abstract-listen':265,277 'access':89,146,213,229,343 'adjust':384 'advertis':353 'also':176 'answer':48 'app':46 'appear':275 'applic':237 'better':347 'bit':360 'c':306,321,422 'chang':133,333 'chgrp':406 'chmod':411 'client':373,403 'combin':446 'compar':182 'connect':119,186,198,272,283 'creat':159,383 'didn':57 'differ':136 'dir':399,431 'display':75,99,121,308,323,409 'doesn':41 'env':307,322,428,437 'exec':35,193,207,262,302,317,418 'familiar':20 'figur':27,115 'file':49,65,83,86,106,335,385,391 'filesystem':217 'fork':269 'forward':245 'g':412 'github.com':450,453 'github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':452 'give':340 'go':13 'got':2 'grep':171 'guess':125,287 'hi':311 'id':164 'import':285 'interest':3 'intim':19 'ip':33,191,205,260,300,315,416 'kcalc':329,442 'kill':443 'kinda':257 'know':59 'learn':295 'listen':267,279 'littl':359 'lnp':170 'login':72 'longer':144 'look':9 'loos':212 'm':17,127,425 'mkdir':396,423 'namespac':175,254 'need':228,364 'netn':34,192,206,261,301,316,417 'network':174,253 'non':138 'non-root':137 'one':231 'p':424 'permiss':50,66,336,386 'platform':327,440 'privat':194 'probabl':395 'process':369 'proper':294 'protect':36,208,263,303,318,419 'qpa':326,439 'qt':325,438 'root':139 'runtim':398,430 'sandbox':177 'script':449 'see':168 'seem':344 'separ':368 'server':375,436 'session':73,95,157 'set':393 'share':408 'shared-display':407 'short':47 'sigint':444 'sleep':404 'socat':183,195,243,264,296 'socket':54,151,162,181,219,225,380,390 'spent':6 'ss':169 'start':69,92,154 'stdin':188,200 'still':357 'stuck':128 'stuff':30 'su':209,304,319,420 'sudo':32,37,190,204,259,299,314,415 'testus':305,320,421 'thing':62 'time':8 'tri':241 'tricki':361 'two':367 'u':38 'unix':53,150,161,180,218,224,271,282 'unix-connect':270,281 'use':242 'user':39,140,142,210,342 'w':413 'wait':376 'wayland':24,94,348,441 'wayland/xwayland':156 'waypip':349,350,372,379,389,400,433 'work':43,239,250,258,312,332,346,351 'worth':291 'would':289 'x0':84,107 'x1':110,246 'x11':22,45,71,236 'xcb':328 'xdg':397,429 'xmessag':310 'xwayland':97,172"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6694986"
+editedAt: DateTimeImmutable @1723633148 {#4108
date: 2024-08-14 12:59:08.0 +02:00
}
+createdAt: DateTimeImmutable @1705271475 {#4110
date: 2024-01-14 23:31:15.0 +01:00
}
} |
|
Show voter details
|
| 13 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 14 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4223
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: App\Entity\EntryComment {#4106
+user: App\Entity\User {#4087 …}
+entry: App\Entity\Entry {#2413}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: null
+root: null
+body: """
I got interested, so I spent some time looking into what’s going on here. I’m not intimately familiar with X11 or Wayland, but I figured out some stuff.\n
\n
Why `sudo ip netns exec protected sudo -u user -i` doesn’t work for X11 apps\n
----------------------------------------------------------------------------\n
\n
Short answer: file permissions and abstract unix sockets (which I didn’t know were a thing before now).\n
\n
File permissions: when I start an X11 login session, the `DISPLAY` is `:0` and `/tmp/.X11-unix/` has only 1 file `X0`. This file has 777 access. When I start my wayland session with Xwayland, the `DISPLAY` is `:1` and `/tmp/.X11-unix/` has 2 files `X0` (777) and `X1` (755). I can’t figure out how to connect to display `:0`, so I guess I’m stuck with `:1`. When you change to a different (non-root) user, the user no longer has access to `/tmp/.X11-unix/X1`.\n
\n
Abstract unix sockets: When I start my wayland/xwayland session, it creates abstract unix sockets with ids `@/tmp/.X11-unix/X0` and `@/tmp/.X11-unix/X1`. See `ss -lnp | grep Xwayland`. The network namespace also sandboxes these abstract unix sockets. Compare `socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN` and `sudo ip netns exec private socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN`.\n
\n
When you do `sudo ip netns exec protected su - user`, you loose access to both the filesystem unix socket `/tmp/.X11-unix/X1` and the abstract unix socket `@/tmp/.X11-unix/X1`. You need access to one or the other for X11 applications to work.\n
\n
I tried using socat to forward X1 such that it works in the network namespace… and it kinda works. `sudo ip netns exec protected socat ABSTRACT-LISTEN:/tmp/.X11-unix/X1,fork UNIX-CONNECT:/tmp/.X11-unix/X1`. It appears having ABSTRACT-LISTEN before UNIX-CONNECT is important, I guess it would be worth it to properly learn socat. With this `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 xmessage hi’` works, but `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 QT_QPA_PLATFORM=xcb kcalc’` does not work. 😞\n
\n
Changing the file permissions on `/tmp/.X11-unix/X1` to give the user access seems to work better.\n
\n
Wayland waypipe\n
---------------\n
\n
Waypipe works as advertised. But it’s still a little bit tricky because you need to have two separate processes for the waypipe client and server, wait for the waypipe socket to be created, adjust file permissions for the waypipe socket file, and set (and probably mkdir) `XDG_RUNTIME_DIR`.\n
\n
```\n
\n
<span style="color:#323232;">waypipe -s /tmp/mywaypipe client &\n
</span><span style="color:#323232;">sleep 0.1\n
</span><span style="color:#323232;">chgrp shared-display /tmp/mywaypipe\n
</span><span style="color:#323232;">chmod g+w /tmp/mywaypipe\n
</span><span style="color:#323232;">sudo ip netns exec protected su - testuser -c 'mkdir -p -m 0700 /tmp/runtime-testuser && env XDG_RUNTIME_DIR=/tmp/runtime-testuser waypipe -s /tmp/mywaypipe server -- env QT_QPA_PLATFORM=wayland kcalc'\n
</span><span style="color:#323232;">kill -SIGINT %1\n
</span>\n
```\n
\n
Combined\n
--------\n
\n
into this script [github.com/…/run-netns-user-wayland.bash](https://github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1725312343 {#4112
date: 2024-09-02 23:25:43.0 +02:00
}
+ip: null
+tags: [
"323232"
]
+mentions: [
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4103 …}
+nested: Doctrine\ORM\PersistentCollection {#4101 …}
+votes: Doctrine\ORM\PersistentCollection {#4100 …}
+reports: Doctrine\ORM\PersistentCollection {#4091 …}
+favourites: Doctrine\ORM\PersistentCollection {#4094 …}
+notifications: Doctrine\ORM\PersistentCollection {#4089 …}
-id: 309187
-bodyTs: "'/run-netns-user-wayland.bash':451 '/tmp/.x11-unix':79,103 '/tmp/.x11-unix/x0':165 '/tmp/.x11-unix/x1':148,167,187,199,220,226,268,273,338 '/tmp/mywaypipe':402,410,414,435 '/tmp/runtime-testuser':427,432 '/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':454 '0':77,122 '0.1':405 '0700':426 '1':82,101,130,309,324,445 '2':105 '755':111 '777':88,108 'abstract':52,149,160,179,185,197,223,266,278 'abstract-connect':184,196 'abstract-listen':265,277 'access':89,146,213,229,343 'adjust':384 'advertis':353 'also':176 'answer':48 'app':46 'appear':275 'applic':237 'better':347 'bit':360 'c':306,321,422 'chang':133,333 'chgrp':406 'chmod':411 'client':373,403 'combin':446 'compar':182 'connect':119,186,198,272,283 'creat':159,383 'didn':57 'differ':136 'dir':399,431 'display':75,99,121,308,323,409 'doesn':41 'env':307,322,428,437 'exec':35,193,207,262,302,317,418 'familiar':20 'figur':27,115 'file':49,65,83,86,106,335,385,391 'filesystem':217 'fork':269 'forward':245 'g':412 'github.com':450,453 'github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':452 'give':340 'go':13 'got':2 'grep':171 'guess':125,287 'hi':311 'id':164 'import':285 'interest':3 'intim':19 'ip':33,191,205,260,300,315,416 'kcalc':329,442 'kill':443 'kinda':257 'know':59 'learn':295 'listen':267,279 'littl':359 'lnp':170 'login':72 'longer':144 'look':9 'loos':212 'm':17,127,425 'mkdir':396,423 'namespac':175,254 'need':228,364 'netn':34,192,206,261,301,316,417 'network':174,253 'non':138 'non-root':137 'one':231 'p':424 'permiss':50,66,336,386 'platform':327,440 'privat':194 'probabl':395 'process':369 'proper':294 'protect':36,208,263,303,318,419 'qpa':326,439 'qt':325,438 'root':139 'runtim':398,430 'sandbox':177 'script':449 'see':168 'seem':344 'separ':368 'server':375,436 'session':73,95,157 'set':393 'share':408 'shared-display':407 'short':47 'sigint':444 'sleep':404 'socat':183,195,243,264,296 'socket':54,151,162,181,219,225,380,390 'spent':6 'ss':169 'start':69,92,154 'stdin':188,200 'still':357 'stuck':128 'stuff':30 'su':209,304,319,420 'sudo':32,37,190,204,259,299,314,415 'testus':305,320,421 'thing':62 'time':8 'tri':241 'tricki':361 'two':367 'u':38 'unix':53,150,161,180,218,224,271,282 'unix-connect':270,281 'use':242 'user':39,140,142,210,342 'w':413 'wait':376 'wayland':24,94,348,441 'wayland/xwayland':156 'waypip':349,350,372,379,389,400,433 'work':43,239,250,258,312,332,346,351 'worth':291 'would':289 'x0':84,107 'x1':110,246 'x11':22,45,71,236 'xcb':328 'xdg':397,429 'xmessag':310 'xwayland':97,172"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6694986"
+editedAt: DateTimeImmutable @1723633148 {#4108
date: 2024-08-14 12:59:08.0 +02:00
}
+createdAt: DateTimeImmutable @1705271475 {#4110
date: 2024-01-14 23:31:15.0 +01:00
}
}
+root: App\Entity\EntryComment {#4106}
+body: "Sir, you’re awesome! Thank you a lot for taking your time and explaining what you have found I will try these steps when I have some free time to tinker, and the info and script you have provided has cleared a lot of questions that I had"
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1705448855 {#4221
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@shadowintheday2@lemmy.world"
"@vole@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4224 …}
+nested: Doctrine\ORM\PersistentCollection {#4226 …}
+votes: Doctrine\ORM\PersistentCollection {#4228 …}
+reports: Doctrine\ORM\PersistentCollection {#4230 …}
+favourites: Doctrine\ORM\PersistentCollection {#4232 …}
+notifications: Doctrine\ORM\PersistentCollection {#4234 …}
-id: 315375
-bodyTs: "'awesom':4 'clear':41 'explain':14 'found':18 'free':28 'info':34 'lot':8,43 'provid':39 'question':45 're':3 'script':36 'sir':1 'step':23 'take':10 'thank':5 'time':12,29 'tinker':31 'tri':21"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6755915"
+editedAt: null
+createdAt: DateTimeImmutable @1705448855 {#4222
date: 2024-01-17 00:47:35.0 +01:00
}
} |
|
Show voter details
|
| 15 |
DENIED
|
edit
|
App\Entity\EntryComment {#4223
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: App\Entity\EntryComment {#4106
+user: App\Entity\User {#4087 …}
+entry: App\Entity\Entry {#2413}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: null
+root: null
+body: """
I got interested, so I spent some time looking into what’s going on here. I’m not intimately familiar with X11 or Wayland, but I figured out some stuff.\n
\n
Why `sudo ip netns exec protected sudo -u user -i` doesn’t work for X11 apps\n
----------------------------------------------------------------------------\n
\n
Short answer: file permissions and abstract unix sockets (which I didn’t know were a thing before now).\n
\n
File permissions: when I start an X11 login session, the `DISPLAY` is `:0` and `/tmp/.X11-unix/` has only 1 file `X0`. This file has 777 access. When I start my wayland session with Xwayland, the `DISPLAY` is `:1` and `/tmp/.X11-unix/` has 2 files `X0` (777) and `X1` (755). I can’t figure out how to connect to display `:0`, so I guess I’m stuck with `:1`. When you change to a different (non-root) user, the user no longer has access to `/tmp/.X11-unix/X1`.\n
\n
Abstract unix sockets: When I start my wayland/xwayland session, it creates abstract unix sockets with ids `@/tmp/.X11-unix/X0` and `@/tmp/.X11-unix/X1`. See `ss -lnp | grep Xwayland`. The network namespace also sandboxes these abstract unix sockets. Compare `socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN` and `sudo ip netns exec private socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN`.\n
\n
When you do `sudo ip netns exec protected su - user`, you loose access to both the filesystem unix socket `/tmp/.X11-unix/X1` and the abstract unix socket `@/tmp/.X11-unix/X1`. You need access to one or the other for X11 applications to work.\n
\n
I tried using socat to forward X1 such that it works in the network namespace… and it kinda works. `sudo ip netns exec protected socat ABSTRACT-LISTEN:/tmp/.X11-unix/X1,fork UNIX-CONNECT:/tmp/.X11-unix/X1`. It appears having ABSTRACT-LISTEN before UNIX-CONNECT is important, I guess it would be worth it to properly learn socat. With this `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 xmessage hi’` works, but `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 QT_QPA_PLATFORM=xcb kcalc’` does not work. 😞\n
\n
Changing the file permissions on `/tmp/.X11-unix/X1` to give the user access seems to work better.\n
\n
Wayland waypipe\n
---------------\n
\n
Waypipe works as advertised. But it’s still a little bit tricky because you need to have two separate processes for the waypipe client and server, wait for the waypipe socket to be created, adjust file permissions for the waypipe socket file, and set (and probably mkdir) `XDG_RUNTIME_DIR`.\n
\n
```\n
\n
<span style="color:#323232;">waypipe -s /tmp/mywaypipe client &\n
</span><span style="color:#323232;">sleep 0.1\n
</span><span style="color:#323232;">chgrp shared-display /tmp/mywaypipe\n
</span><span style="color:#323232;">chmod g+w /tmp/mywaypipe\n
</span><span style="color:#323232;">sudo ip netns exec protected su - testuser -c 'mkdir -p -m 0700 /tmp/runtime-testuser && env XDG_RUNTIME_DIR=/tmp/runtime-testuser waypipe -s /tmp/mywaypipe server -- env QT_QPA_PLATFORM=wayland kcalc'\n
</span><span style="color:#323232;">kill -SIGINT %1\n
</span>\n
```\n
\n
Combined\n
--------\n
\n
into this script [github.com/…/run-netns-user-wayland.bash](https://github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1725312343 {#4112
date: 2024-09-02 23:25:43.0 +02:00
}
+ip: null
+tags: [
"323232"
]
+mentions: [
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4103 …}
+nested: Doctrine\ORM\PersistentCollection {#4101 …}
+votes: Doctrine\ORM\PersistentCollection {#4100 …}
+reports: Doctrine\ORM\PersistentCollection {#4091 …}
+favourites: Doctrine\ORM\PersistentCollection {#4094 …}
+notifications: Doctrine\ORM\PersistentCollection {#4089 …}
-id: 309187
-bodyTs: "'/run-netns-user-wayland.bash':451 '/tmp/.x11-unix':79,103 '/tmp/.x11-unix/x0':165 '/tmp/.x11-unix/x1':148,167,187,199,220,226,268,273,338 '/tmp/mywaypipe':402,410,414,435 '/tmp/runtime-testuser':427,432 '/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':454 '0':77,122 '0.1':405 '0700':426 '1':82,101,130,309,324,445 '2':105 '755':111 '777':88,108 'abstract':52,149,160,179,185,197,223,266,278 'abstract-connect':184,196 'abstract-listen':265,277 'access':89,146,213,229,343 'adjust':384 'advertis':353 'also':176 'answer':48 'app':46 'appear':275 'applic':237 'better':347 'bit':360 'c':306,321,422 'chang':133,333 'chgrp':406 'chmod':411 'client':373,403 'combin':446 'compar':182 'connect':119,186,198,272,283 'creat':159,383 'didn':57 'differ':136 'dir':399,431 'display':75,99,121,308,323,409 'doesn':41 'env':307,322,428,437 'exec':35,193,207,262,302,317,418 'familiar':20 'figur':27,115 'file':49,65,83,86,106,335,385,391 'filesystem':217 'fork':269 'forward':245 'g':412 'github.com':450,453 'github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':452 'give':340 'go':13 'got':2 'grep':171 'guess':125,287 'hi':311 'id':164 'import':285 'interest':3 'intim':19 'ip':33,191,205,260,300,315,416 'kcalc':329,442 'kill':443 'kinda':257 'know':59 'learn':295 'listen':267,279 'littl':359 'lnp':170 'login':72 'longer':144 'look':9 'loos':212 'm':17,127,425 'mkdir':396,423 'namespac':175,254 'need':228,364 'netn':34,192,206,261,301,316,417 'network':174,253 'non':138 'non-root':137 'one':231 'p':424 'permiss':50,66,336,386 'platform':327,440 'privat':194 'probabl':395 'process':369 'proper':294 'protect':36,208,263,303,318,419 'qpa':326,439 'qt':325,438 'root':139 'runtim':398,430 'sandbox':177 'script':449 'see':168 'seem':344 'separ':368 'server':375,436 'session':73,95,157 'set':393 'share':408 'shared-display':407 'short':47 'sigint':444 'sleep':404 'socat':183,195,243,264,296 'socket':54,151,162,181,219,225,380,390 'spent':6 'ss':169 'start':69,92,154 'stdin':188,200 'still':357 'stuck':128 'stuff':30 'su':209,304,319,420 'sudo':32,37,190,204,259,299,314,415 'testus':305,320,421 'thing':62 'time':8 'tri':241 'tricki':361 'two':367 'u':38 'unix':53,150,161,180,218,224,271,282 'unix-connect':270,281 'use':242 'user':39,140,142,210,342 'w':413 'wait':376 'wayland':24,94,348,441 'wayland/xwayland':156 'waypip':349,350,372,379,389,400,433 'work':43,239,250,258,312,332,346,351 'worth':291 'would':289 'x0':84,107 'x1':110,246 'x11':22,45,71,236 'xcb':328 'xdg':397,429 'xmessag':310 'xwayland':97,172"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6694986"
+editedAt: DateTimeImmutable @1723633148 {#4108
date: 2024-08-14 12:59:08.0 +02:00
}
+createdAt: DateTimeImmutable @1705271475 {#4110
date: 2024-01-14 23:31:15.0 +01:00
}
}
+root: App\Entity\EntryComment {#4106}
+body: "Sir, you’re awesome! Thank you a lot for taking your time and explaining what you have found I will try these steps when I have some free time to tinker, and the info and script you have provided has cleared a lot of questions that I had"
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1705448855 {#4221
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@shadowintheday2@lemmy.world"
"@vole@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4224 …}
+nested: Doctrine\ORM\PersistentCollection {#4226 …}
+votes: Doctrine\ORM\PersistentCollection {#4228 …}
+reports: Doctrine\ORM\PersistentCollection {#4230 …}
+favourites: Doctrine\ORM\PersistentCollection {#4232 …}
+notifications: Doctrine\ORM\PersistentCollection {#4234 …}
-id: 315375
-bodyTs: "'awesom':4 'clear':41 'explain':14 'found':18 'free':28 'info':34 'lot':8,43 'provid':39 'question':45 're':3 'script':36 'sir':1 'step':23 'take':10 'thank':5 'time':12,29 'tinker':31 'tri':21"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6755915"
+editedAt: null
+createdAt: DateTimeImmutable @1705448855 {#4222
date: 2024-01-17 00:47:35.0 +01:00
}
} |
|
Show voter details
|
| 16 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4223
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: App\Entity\EntryComment {#4106
+user: App\Entity\User {#4087 …}
+entry: App\Entity\Entry {#2413}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: null
+root: null
+body: """
I got interested, so I spent some time looking into what’s going on here. I’m not intimately familiar with X11 or Wayland, but I figured out some stuff.\n
\n
Why `sudo ip netns exec protected sudo -u user -i` doesn’t work for X11 apps\n
----------------------------------------------------------------------------\n
\n
Short answer: file permissions and abstract unix sockets (which I didn’t know were a thing before now).\n
\n
File permissions: when I start an X11 login session, the `DISPLAY` is `:0` and `/tmp/.X11-unix/` has only 1 file `X0`. This file has 777 access. When I start my wayland session with Xwayland, the `DISPLAY` is `:1` and `/tmp/.X11-unix/` has 2 files `X0` (777) and `X1` (755). I can’t figure out how to connect to display `:0`, so I guess I’m stuck with `:1`. When you change to a different (non-root) user, the user no longer has access to `/tmp/.X11-unix/X1`.\n
\n
Abstract unix sockets: When I start my wayland/xwayland session, it creates abstract unix sockets with ids `@/tmp/.X11-unix/X0` and `@/tmp/.X11-unix/X1`. See `ss -lnp | grep Xwayland`. The network namespace also sandboxes these abstract unix sockets. Compare `socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN` and `sudo ip netns exec private socat ABSTRACT-CONNECT:/tmp/.X11-unix/X1 STDIN`.\n
\n
When you do `sudo ip netns exec protected su - user`, you loose access to both the filesystem unix socket `/tmp/.X11-unix/X1` and the abstract unix socket `@/tmp/.X11-unix/X1`. You need access to one or the other for X11 applications to work.\n
\n
I tried using socat to forward X1 such that it works in the network namespace… and it kinda works. `sudo ip netns exec protected socat ABSTRACT-LISTEN:/tmp/.X11-unix/X1,fork UNIX-CONNECT:/tmp/.X11-unix/X1`. It appears having ABSTRACT-LISTEN before UNIX-CONNECT is important, I guess it would be worth it to properly learn socat. With this `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 xmessage hi’` works, but `sudo ip netns exec protected su - testuser -c ‘env DISPLAY=:1 QT_QPA_PLATFORM=xcb kcalc’` does not work. 😞\n
\n
Changing the file permissions on `/tmp/.X11-unix/X1` to give the user access seems to work better.\n
\n
Wayland waypipe\n
---------------\n
\n
Waypipe works as advertised. But it’s still a little bit tricky because you need to have two separate processes for the waypipe client and server, wait for the waypipe socket to be created, adjust file permissions for the waypipe socket file, and set (and probably mkdir) `XDG_RUNTIME_DIR`.\n
\n
```\n
\n
<span style="color:#323232;">waypipe -s /tmp/mywaypipe client &\n
</span><span style="color:#323232;">sleep 0.1\n
</span><span style="color:#323232;">chgrp shared-display /tmp/mywaypipe\n
</span><span style="color:#323232;">chmod g+w /tmp/mywaypipe\n
</span><span style="color:#323232;">sudo ip netns exec protected su - testuser -c 'mkdir -p -m 0700 /tmp/runtime-testuser && env XDG_RUNTIME_DIR=/tmp/runtime-testuser waypipe -s /tmp/mywaypipe server -- env QT_QPA_PLATFORM=wayland kcalc'\n
</span><span style="color:#323232;">kill -SIGINT %1\n
</span>\n
```\n
\n
Combined\n
--------\n
\n
into this script [github.com/…/run-netns-user-wayland.bash](https://github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)
"""
+lang: "en"
+isAdult: false
+favouriteCount: 6
+score: 0
+lastActive: DateTime @1725312343 {#4112
date: 2024-09-02 23:25:43.0 +02:00
}
+ip: null
+tags: [
"323232"
]
+mentions: [
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4103 …}
+nested: Doctrine\ORM\PersistentCollection {#4101 …}
+votes: Doctrine\ORM\PersistentCollection {#4100 …}
+reports: Doctrine\ORM\PersistentCollection {#4091 …}
+favourites: Doctrine\ORM\PersistentCollection {#4094 …}
+notifications: Doctrine\ORM\PersistentCollection {#4089 …}
-id: 309187
-bodyTs: "'/run-netns-user-wayland.bash':451 '/tmp/.x11-unix':79,103 '/tmp/.x11-unix/x0':165 '/tmp/.x11-unix/x1':148,167,187,199,220,226,268,273,338 '/tmp/mywaypipe':402,410,414,435 '/tmp/runtime-testuser':427,432 '/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':454 '0':77,122 '0.1':405 '0700':426 '1':82,101,130,309,324,445 '2':105 '755':111 '777':88,108 'abstract':52,149,160,179,185,197,223,266,278 'abstract-connect':184,196 'abstract-listen':265,277 'access':89,146,213,229,343 'adjust':384 'advertis':353 'also':176 'answer':48 'app':46 'appear':275 'applic':237 'better':347 'bit':360 'c':306,321,422 'chang':133,333 'chgrp':406 'chmod':411 'client':373,403 'combin':446 'compar':182 'connect':119,186,198,272,283 'creat':159,383 'didn':57 'differ':136 'dir':399,431 'display':75,99,121,308,323,409 'doesn':41 'env':307,322,428,437 'exec':35,193,207,262,302,317,418 'familiar':20 'figur':27,115 'file':49,65,83,86,106,335,385,391 'filesystem':217 'fork':269 'forward':245 'g':412 'github.com':450,453 'github.com/vole-dev/grabbag/blob/main/run-netns-user-wayland.bash)':452 'give':340 'go':13 'got':2 'grep':171 'guess':125,287 'hi':311 'id':164 'import':285 'interest':3 'intim':19 'ip':33,191,205,260,300,315,416 'kcalc':329,442 'kill':443 'kinda':257 'know':59 'learn':295 'listen':267,279 'littl':359 'lnp':170 'login':72 'longer':144 'look':9 'loos':212 'm':17,127,425 'mkdir':396,423 'namespac':175,254 'need':228,364 'netn':34,192,206,261,301,316,417 'network':174,253 'non':138 'non-root':137 'one':231 'p':424 'permiss':50,66,336,386 'platform':327,440 'privat':194 'probabl':395 'process':369 'proper':294 'protect':36,208,263,303,318,419 'qpa':326,439 'qt':325,438 'root':139 'runtim':398,430 'sandbox':177 'script':449 'see':168 'seem':344 'separ':368 'server':375,436 'session':73,95,157 'set':393 'share':408 'shared-display':407 'short':47 'sigint':444 'sleep':404 'socat':183,195,243,264,296 'socket':54,151,162,181,219,225,380,390 'spent':6 'ss':169 'start':69,92,154 'stdin':188,200 'still':357 'stuck':128 'stuff':30 'su':209,304,319,420 'sudo':32,37,190,204,259,299,314,415 'testus':305,320,421 'thing':62 'time':8 'tri':241 'tricki':361 'two':367 'u':38 'unix':53,150,161,180,218,224,271,282 'unix-connect':270,281 'use':242 'user':39,140,142,210,342 'w':413 'wait':376 'wayland':24,94,348,441 'wayland/xwayland':156 'waypip':349,350,372,379,389,400,433 'work':43,239,250,258,312,332,346,351 'worth':291 'would':289 'x0':84,107 'x1':110,246 'x11':22,45,71,236 'xcb':328 'xdg':397,429 'xmessag':310 'xwayland':97,172"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6694986"
+editedAt: DateTimeImmutable @1723633148 {#4108
date: 2024-08-14 12:59:08.0 +02:00
}
+createdAt: DateTimeImmutable @1705271475 {#4110
date: 2024-01-14 23:31:15.0 +01:00
}
}
+root: App\Entity\EntryComment {#4106}
+body: "Sir, you’re awesome! Thank you a lot for taking your time and explaining what you have found I will try these steps when I have some free time to tinker, and the info and script you have provided has cleared a lot of questions that I had"
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1705448855 {#4221
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+tags: null
+mentions: [
"@shadowintheday2@lemmy.world"
"@vole@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4224 …}
+nested: Doctrine\ORM\PersistentCollection {#4226 …}
+votes: Doctrine\ORM\PersistentCollection {#4228 …}
+reports: Doctrine\ORM\PersistentCollection {#4230 …}
+favourites: Doctrine\ORM\PersistentCollection {#4232 …}
+notifications: Doctrine\ORM\PersistentCollection {#4234 …}
-id: 315375
-bodyTs: "'awesom':4 'clear':41 'explain':14 'found':18 'free':28 'info':34 'lot':8,43 'provid':39 'question':45 're':3 'script':36 'sir':1 'step':23 'take':10 'thank':5 'time':12,29 'tinker':31 'tri':21"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6755915"
+editedAt: null
+createdAt: DateTimeImmutable @1705448855 {#4222
date: 2024-01-17 00:47:35.0 +01:00
}
} |
|
Show voter details
|
| 17 |
DENIED
|
ROLE_USER
|
null |
|
Show voter details
|
| 18 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4183
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: null
+root: null
+body: """
Another thing to solve: XWayland apps as a different user\n
\n
Giving access to the wayland socket makes other users able to use wayland; however programs that rely on XWayland to work don’t seem to get it:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">Start Failed\n
</span><span style="color:#323232;">Failed to initialize graphics environment\n
</span><span style="color:#323232;">\n
</span><span style="color:#323232;">java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.\n
</span><span style="color:#323232;"> at java.desktop/sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)\n
</span>\n
```\n
\n
Wine\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">0120:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFA, 0ECAFF08\n
</span><span style="color:#323232;">0128:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded.\n
</span><span style="color:#323232;">0128:err:winediag:nodrv_CreateWindow L"The explorer process failed to start."\n
</span><span style="color:#323232;">0128:err:systray:initialize_systray Could not create tray window\n
</span><span style="color:#323232;">0114:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded.\n
</span><span style="color:#323232;">0114:err:winediag:nodrv_CreateWindow L"Make sure that your X server is running and that $DISPLAY is set correctly."\n
</span><span style="color:#323232;">0114:fixme:kernelbase:AppPolicyGetProcessTerminationMethod FFFFFFFA, 0DE4FB40\n
</span>\n
```\n
\n
```\n
\n
<span style="color:#323232;">env | grep -i display\n
</span><span style="color:#323232;">WAYLAND_DISPLAY=wayland-0\n
</span><span style="color:#323232;">DISPLAY=:0\n
</span><span style="color:#323232;">\n
</span>\n
```
"""
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1705158150 {#4177
date: 2024-01-13 16:02:30.0 +01:00
}
+ip: null
+tags: [
"323232"
]
+mentions: [
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4184 …}
+nested: Doctrine\ORM\PersistentCollection {#4186 …}
+votes: Doctrine\ORM\PersistentCollection {#4188 …}
+reports: Doctrine\ORM\PersistentCollection {#4190 …}
+favourites: Doctrine\ORM\PersistentCollection {#4192 …}
+notifications: Doctrine\ORM\PersistentCollection {#4194 …}
-id: 305385
-bodyTs: "'-0':163 '/sun.awt.x11graphicsenvironment.initdisplay(native':65 '0':54,165 '0114':113,130,150 '0120':68 '0128':74,91,103 '0de4fb40':155 '0ecaff08':73 'abl':20 'access':12 'anoth':1 'app':6 'applic':79,118 'apppolicygetprocessterminationmethod':153 'apppolicygetthreadinitializationtyp':71 'connect':48 'correct':149 'could':88,108,127 'creat':82,110,121 'createwindow':78,95,117,134 'differ':9 'display':60,146,159,161,164 'driver':87,126 'env':156 'environ':44 'err':75,92,104,114,131 'explor':98 'fail':39,40,100 'fffffffa':72,154 'fixm':69,151 'get':36 'give':11 'graphic':43 'grep':157 'howev':24 'initi':42,106 'java.awt.awterror':45 'java.desktop':64 'java.desktop/sun.awt.x11graphicsenvironment.initdisplay(native':63 'kernelbas':70,152 'l':96,135 'load':90,129 'make':17,136 'method':66 'nodrv':77,94,116,133 'process':99 'program':25 'reli':27 'run':143 'seem':34 'server':52,141 'set':148 'socket':16 'solv':4 'start':38,102 'sure':137 'systray':105,107 'thing':2 'tray':111 'tri':80,119 'use':22,53 'user':10,19 'valu':57 'variabl':61 'wayland':15,23,160,162 'window':51,84,112,123 'wine':67 'winediag':76,93,115,132 'work':31 'x':140 'x11':50 'xwayland':5,29"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6645926"
+editedAt: DateTimeImmutable @1722646860 {#4178
date: 2024-08-03 03:01:00.0 +02:00
}
+createdAt: DateTimeImmutable @1705158150 {#4179
date: 2024-01-13 16:02:30.0 +01:00
}
} |
|
Show voter details
|
| 19 |
DENIED
|
edit
|
App\Entity\EntryComment {#4183
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: null
+root: null
+body: """
Another thing to solve: XWayland apps as a different user\n
\n
Giving access to the wayland socket makes other users able to use wayland; however programs that rely on XWayland to work don’t seem to get it:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">Start Failed\n
</span><span style="color:#323232;">Failed to initialize graphics environment\n
</span><span style="color:#323232;">\n
</span><span style="color:#323232;">java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.\n
</span><span style="color:#323232;"> at java.desktop/sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)\n
</span>\n
```\n
\n
Wine\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">0120:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFA, 0ECAFF08\n
</span><span style="color:#323232;">0128:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded.\n
</span><span style="color:#323232;">0128:err:winediag:nodrv_CreateWindow L"The explorer process failed to start."\n
</span><span style="color:#323232;">0128:err:systray:initialize_systray Could not create tray window\n
</span><span style="color:#323232;">0114:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded.\n
</span><span style="color:#323232;">0114:err:winediag:nodrv_CreateWindow L"Make sure that your X server is running and that $DISPLAY is set correctly."\n
</span><span style="color:#323232;">0114:fixme:kernelbase:AppPolicyGetProcessTerminationMethod FFFFFFFA, 0DE4FB40\n
</span>\n
```\n
\n
```\n
\n
<span style="color:#323232;">env | grep -i display\n
</span><span style="color:#323232;">WAYLAND_DISPLAY=wayland-0\n
</span><span style="color:#323232;">DISPLAY=:0\n
</span><span style="color:#323232;">\n
</span>\n
```
"""
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1705158150 {#4177
date: 2024-01-13 16:02:30.0 +01:00
}
+ip: null
+tags: [
"323232"
]
+mentions: [
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4184 …}
+nested: Doctrine\ORM\PersistentCollection {#4186 …}
+votes: Doctrine\ORM\PersistentCollection {#4188 …}
+reports: Doctrine\ORM\PersistentCollection {#4190 …}
+favourites: Doctrine\ORM\PersistentCollection {#4192 …}
+notifications: Doctrine\ORM\PersistentCollection {#4194 …}
-id: 305385
-bodyTs: "'-0':163 '/sun.awt.x11graphicsenvironment.initdisplay(native':65 '0':54,165 '0114':113,130,150 '0120':68 '0128':74,91,103 '0de4fb40':155 '0ecaff08':73 'abl':20 'access':12 'anoth':1 'app':6 'applic':79,118 'apppolicygetprocessterminationmethod':153 'apppolicygetthreadinitializationtyp':71 'connect':48 'correct':149 'could':88,108,127 'creat':82,110,121 'createwindow':78,95,117,134 'differ':9 'display':60,146,159,161,164 'driver':87,126 'env':156 'environ':44 'err':75,92,104,114,131 'explor':98 'fail':39,40,100 'fffffffa':72,154 'fixm':69,151 'get':36 'give':11 'graphic':43 'grep':157 'howev':24 'initi':42,106 'java.awt.awterror':45 'java.desktop':64 'java.desktop/sun.awt.x11graphicsenvironment.initdisplay(native':63 'kernelbas':70,152 'l':96,135 'load':90,129 'make':17,136 'method':66 'nodrv':77,94,116,133 'process':99 'program':25 'reli':27 'run':143 'seem':34 'server':52,141 'set':148 'socket':16 'solv':4 'start':38,102 'sure':137 'systray':105,107 'thing':2 'tray':111 'tri':80,119 'use':22,53 'user':10,19 'valu':57 'variabl':61 'wayland':15,23,160,162 'window':51,84,112,123 'wine':67 'winediag':76,93,115,132 'work':31 'x':140 'x11':50 'xwayland':5,29"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6645926"
+editedAt: DateTimeImmutable @1722646860 {#4178
date: 2024-08-03 03:01:00.0 +02:00
}
+createdAt: DateTimeImmutable @1705158150 {#4179
date: 2024-01-13 16:02:30.0 +01:00
}
} |
|
Show voter details
|
| 20 |
DENIED
|
moderate
|
App\Entity\EntryComment {#4183
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+entry: App\Entity\Entry {#2413
+user: Proxies\__CG__\App\Entity\User {#1973 …}
+magazine: App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
}
+image: null
+domain: Proxies\__CG__\App\Entity\Domain {#1899 …}
+slug: "Wayland-running-GUI-program-as-another-user"
+title: "Wayland running GUI program as another user"
+url: null
+body: """
I use [github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn) to have a isolated namespace and VPN connection to work\n
\n
On X, these two steps would allow me to run a GUI program in the protected namespace. So I could have .e.g an IDE configuration for my main user/personal projects, and another entirely different instance of the same IDE for work because they use different users\n
\n
```\n
\n
<span style="color:#323232;">sudo xhost '+si:localuser:user'\n
</span><span style="color:#323232;">sudo ip netns exec protected sudo -u user -i\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
On Wayland, although the protected shell is created fine, GUI programs don’t start. E.g fgor Dolphin\n
\n
```\n
\n
<span style="color:#323232;">error: XDG_RUNTIME_DIR is invalid or not set in the environment.\n
</span><span style="color:#323232;">Failed to create wl_display (No such file or directory)\n
</span><span style="color:#323232;">\n
</span>\n
```\n
\n
I’ve tried to preserve the env without success:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">sudo -E ip netns exec protected sudo -u user -i\n
</span>\n
```\n
\n
It seems that I access to the wayland socket is a must for this to work\n
\n
This discussion has a nuke option - giving 777 access to the dir where the wayland socket is, and another less permissive approach adding the users to a group and giving access to a new location where the wayland socket is created\n
\n
[stackoverflow.com/…/linux-wayland-display-multipl…](https://stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)\n
\n
Is this second approach secure? If not, which other steps could I take to achieve what I did in X?
"""
+type: "article"
+lang: "en"
+isOc: false
+hasEmbed: false
+commentCount: 4
+favouriteCount: 21
+score: 0
+isAdult: false
+sticky: false
+lastActive: DateTime @1705448855 {#2418
date: 2024-01-17 00:47:35.0 +01:00
}
+ip: null
+adaAmount: 0
+tags: null
+mentions: null
+comments: Doctrine\ORM\PersistentCollection {#1408 …}
+votes: Doctrine\ORM\PersistentCollection {#1961 …}
+reports: Doctrine\ORM\PersistentCollection {#1972 …}
+favourites: Doctrine\ORM\PersistentCollection {#1399 …}
+notifications: Doctrine\ORM\PersistentCollection {#2440 …}
+badges: Doctrine\ORM\PersistentCollection {#2436 …}
+children: []
-id: 29681
-titleTs: "'anoth':6 'gui':3 'program':4 'run':2 'user':7 'wayland':1"
-bodyTs: "'/linux-wayland-display-multipl':192 '/questions/41736528/linux-wayland-display-multiple-user)':195 '/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':5 '777':157 'access':138,158,180 'achiev':210 'ad':172 'allow':22 'although':78 'anoth':47,168 'approach':171,199 'configur':40 'connect':13 'could':35,206 'creat':83,107,190 'differ':49,60 'dir':96,161 'directori':114 'discuss':151 'display':109 'dolphin':92 'e':125 'e.g':37,90 'entir':48 'env':121 'environ':104 'error':93 'exec':70,128 'fail':105 'fgor':91 'file':112 'fine':84 'github.com':4 'github.com/slingamn/namespaced-openvpn](https://github.com/slingamn/namespaced-openvpn)':3 'give':156,179 'group':177 'gui':27,85 'ide':39,54 'instanc':50 'invalid':98 'ip':68,126 'isol':9 'less':169 'localus':65 'locat':184 'main':43 'must':145 'namespac':10,32 'netn':69,127 'new':183 'nuke':154 'option':155 'permiss':170 'preserv':119 'program':28,86 'project':45 'protect':31,71,80,129 'run':25 'runtim':95 'second':198 'secur':200 'seem':135 'set':101 'shell':81 'si':64 'socket':142,165,188 'stackoverflow.com':191,194 'stackoverflow.com/questions/41736528/linux-wayland-display-multiple-user)':193 'start':89 'step':20,205 'success':123 'sudo':62,67,72,124,130 'take':208 'tri':117 'two':19 'u':73,131 'use':2,59 'user':61,66,74,132,174 'user/personal':44 've':116 'vpn':12 'wayland':77,141,164,187 'without':122 'wl':108 'work':15,56,149 'would':21 'x':17,215 'xdg':94 'xhost':63"
+cross: false
+upVotes: 0
+downVotes: 0
+ranking: 1705221056
+visibility: "visible "
+apId: "https://lemmy.world/post/10660985"
+editedAt: DateTimeImmutable @1722591918 {#1858
date: 2024-08-02 11:45:18.0 +02:00
}
+createdAt: DateTimeImmutable @1705155056 {#2388
date: 2024-01-13 15:10:56.0 +01:00
}
}
+magazine: App\Entity\Magazine {#264}
+image: null
+parent: null
+root: null
+body: """
Another thing to solve: XWayland apps as a different user\n
\n
Giving access to the wayland socket makes other users able to use wayland; however programs that rely on XWayland to work don’t seem to get it:\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">Start Failed\n
</span><span style="color:#323232;">Failed to initialize graphics environment\n
</span><span style="color:#323232;">\n
</span><span style="color:#323232;">java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.\n
</span><span style="color:#323232;"> at java.desktop/sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)\n
</span>\n
```\n
\n
Wine\n
\n
```\n
\n
<span style="color:#323232;">\n
</span><span style="color:#323232;">0120:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFA, 0ECAFF08\n
</span><span style="color:#323232;">0128:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded.\n
</span><span style="color:#323232;">0128:err:winediag:nodrv_CreateWindow L"The explorer process failed to start."\n
</span><span style="color:#323232;">0128:err:systray:initialize_systray Could not create tray window\n
</span><span style="color:#323232;">0114:err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded.\n
</span><span style="color:#323232;">0114:err:winediag:nodrv_CreateWindow L"Make sure that your X server is running and that $DISPLAY is set correctly."\n
</span><span style="color:#323232;">0114:fixme:kernelbase:AppPolicyGetProcessTerminationMethod FFFFFFFA, 0DE4FB40\n
</span>\n
```\n
\n
```\n
\n
<span style="color:#323232;">env | grep -i display\n
</span><span style="color:#323232;">WAYLAND_DISPLAY=wayland-0\n
</span><span style="color:#323232;">DISPLAY=:0\n
</span><span style="color:#323232;">\n
</span>\n
```
"""
+lang: "en"
+isAdult: false
+favouriteCount: 1
+score: 0
+lastActive: DateTime @1705158150 {#4177
date: 2024-01-13 16:02:30.0 +01:00
}
+ip: null
+tags: [
"323232"
]
+mentions: [
"@shadowintheday2@lemmy.world"
"@shadowintheday2@lemmy.world"
]
+children: Doctrine\ORM\PersistentCollection {#4184 …}
+nested: Doctrine\ORM\PersistentCollection {#4186 …}
+votes: Doctrine\ORM\PersistentCollection {#4188 …}
+reports: Doctrine\ORM\PersistentCollection {#4190 …}
+favourites: Doctrine\ORM\PersistentCollection {#4192 …}
+notifications: Doctrine\ORM\PersistentCollection {#4194 …}
-id: 305385
-bodyTs: "'-0':163 '/sun.awt.x11graphicsenvironment.initdisplay(native':65 '0':54,165 '0114':113,130,150 '0120':68 '0128':74,91,103 '0de4fb40':155 '0ecaff08':73 'abl':20 'access':12 'anoth':1 'app':6 'applic':79,118 'apppolicygetprocessterminationmethod':153 'apppolicygetthreadinitializationtyp':71 'connect':48 'correct':149 'could':88,108,127 'creat':82,110,121 'createwindow':78,95,117,134 'differ':9 'display':60,146,159,161,164 'driver':87,126 'env':156 'environ':44 'err':75,92,104,114,131 'explor':98 'fail':39,40,100 'fffffffa':72,154 'fixm':69,151 'get':36 'give':11 'graphic':43 'grep':157 'howev':24 'initi':42,106 'java.awt.awterror':45 'java.desktop':64 'java.desktop/sun.awt.x11graphicsenvironment.initdisplay(native':63 'kernelbas':70,152 'l':96,135 'load':90,129 'make':17,136 'method':66 'nodrv':77,94,116,133 'process':99 'program':25 'reli':27 'run':143 'seem':34 'server':52,141 'set':148 'socket':16 'solv':4 'start':38,102 'sure':137 'systray':105,107 'thing':2 'tray':111 'tri':80,119 'use':22,53 'user':10,19 'valu':57 'variabl':61 'wayland':15,23,160,162 'window':51,84,112,123 'wine':67 'winediag':76,93,115,132 'work':31 'x':140 'x11':50 'xwayland':5,29"
+ranking: 0
+commentCount: 0
+upVotes: 0
+downVotes: 0
+visibility: "visible "
+apId: "https://lemmy.world/comment/6645926"
+editedAt: DateTimeImmutable @1722646860 {#4178
date: 2024-08-03 03:01:00.0 +02:00
}
+createdAt: DateTimeImmutable @1705158150 {#4179
date: 2024-01-13 16:02:30.0 +01:00
}
} |
|
Show voter details
|
| 21 |
DENIED
|
edit
|
App\Entity\Magazine {#264
+icon: Proxies\__CG__\App\Entity\Image {#245 …}
+name: "linux@lemmy.ml"
+title: "linux"
+description: """
From Wikipedia, the free encyclopedia\n
\n
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
\n
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
\n
### Rules\n
\n
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
- No misinformation\n
- No NSFW content\n
- No hate speech, bigotry, etc\n
\n
### Related Communities\n
\n
- [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
- [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
- [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
- [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
\n
Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
"""
+rules: null
+subscriptionsCount: 1
+entryCount: 1406
+entryCommentCount: 28632
+postCount: 6
+postCommentCount: 214
+isAdult: false
+customCss: null
+lastActive: DateTime @1729583542 {#274
date: 2024-10-22 09:52:22.0 +02:00
}
+markedForDeletionAt: null
+tags: null
+moderators: Doctrine\ORM\PersistentCollection {#236 …}
+ownershipRequests: Doctrine\ORM\PersistentCollection {#232 …}
+moderatorRequests: Doctrine\ORM\PersistentCollection {#221 …}
+entries: Doctrine\ORM\PersistentCollection {#179 …}
+posts: Doctrine\ORM\PersistentCollection {#137 …}
+subscriptions: Doctrine\ORM\PersistentCollection {#199 …}
+bans: Doctrine\ORM\PersistentCollection {#116 …}
+reports: Doctrine\ORM\PersistentCollection {#102 …}
+badges: Doctrine\ORM\PersistentCollection {#80 …}
+logs: Doctrine\ORM\PersistentCollection {#70 …}
+awards: Doctrine\ORM\PersistentCollection {#1360 …}
+categories: Doctrine\ORM\PersistentCollection {#1792 …}
-id: 73
+apId: "linux@lemmy.ml"
+apProfileId: "https://lemmy.ml/c/linux"
+apPublicUrl: "https://lemmy.ml/c/linux"
+apFollowersUrl: "https://lemmy.ml/c/linux/followers"
+apInboxUrl: "https://lemmy.ml/inbox"
+apDomain: "lemmy.ml"
+apPreferredUsername: "linux"
+apDiscoverable: true
+apManuallyApprovesFollowers: null
+privateKey: null
+publicKey: null
+apFetchedAt: DateTime @1729583596 {#268
date: 2024-10-22 09:53:16.0 +02:00
}
+apDeletedAt: null
+apTimeoutAt: null
+visibility: "visible "
+createdAt: DateTimeImmutable @1698929468 {#270
date: 2023-11-02 13:51:08.0 +01:00
}
} |
|
Show voter details
|