Phillip: You were banned from the Ubuntu Forms not by me personally, but rather by the Forums Council after repeated violations of the CoC and difficult interactions with the Forums Staff including both moderators and Forums Council Members.
You appealed your ban to the Community Council, and your ban was upheld. This is not the appropriate place to protest you ban. I am no longer an active staff member, please contact the current Forums Council if you wish to discuss any potential future use of the Forums https://wiki.ubuntu.com/ForumCouncil As far as the technical discussion I am afraid we will have to agree to disagree. I can not always follow what you are saying, but I have the impression, perhaps falsely, you do not understand or that you intermingle issues of Wayland, X (XWayland, Xhost), and Weston, those are fairly diverse features / functions. At any rate, I also think you do not understand that Wayland is in rapid development and not all the mechanisms of security have been agreed on up stream or resolved. I believe Upstream has made their security intentions very clear in their mailing list and security blog, which I have provided for your consideration. The fedora experience makes this very clear in their bug reports as well. The Fedora project has raised most if not all of your issues, and as they are a bit further ahead, the Fedora Bug Reports are referenced here. This thread makes it clear that Ubuntu is working not on revamping wayland security, but by rewriting applications and the way they obtain elevated privileges. I also see your bugs getting closed as "wont fix" here on Ubuntu. My best suggestion would be that you engage into a technical discussion with your LP mentor, the community council, perhaps Norbert, or one of the Gnome Developers whom you respect rather than continue a discussion with myself, here, on this bug report. I suggest you conduct such a technical discussion outside this bug report, perhaps on the gnome or wayland mailing list or IRC or whatever channel you feel benefits you most. I have given you the Wayland mailing list and links to security discussions and can send them again if you would like. I believe this bug report is not the best place to obtain the clarification and answers to your questions and I have in good faith provided you and others what I would hope would be helpful information and sources of further information. bodhi@daemon:~$sudo gedit No protocol specified Unable to init server: Could not connect: Connection refused (gedit:7374): Gtk-WARNING **: cannot open display: :0 bodhi@daemon:~$sudo su - root@daemon:~#gedit Unable to init server: Could not connect: Connection refused (gedit:7346): Gtk-WARNING **: cannot open display: I believe once Upstream (Wayland) feels the wayland code has matured their long term intentions will be to drop XWayland and support for circumventing wayland security via the mechanisms you currently use / exploit such as Xhost , su - , etc. I believe Xwayland and Xhost are intended to give downstream projects such a Fedora and Ubuntu time to transition from X to Wayland and time for Wayland to mature. Obviously this is a large project, both for Wayland and Ubuntu . I do not believe that because mechanisms currently exist to run applications as root on Wayland at this time that you should assume that such mechanisms will either be maintained or expanded in the future. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdebi in Ubuntu. https://bugs.launchpad.net/bugs/1713313 Title: Unable to launch pkexec'ed applications on Wayland session Status in Back In Time: Fix Released Status in Boot-Info: Fix Committed Status in Boot-Repair: Fix Committed Status in GNOME Terminal: New Status in Settings editor for LightDM GTK+ Greeter: New Status in OS-Uninstaller: Fix Committed Status in Y PPA Manager: New Status in apport package in Ubuntu: New Status in apt-offline package in Ubuntu: New Status in backintime package in Ubuntu: Confirmed Status in budgie-welcome package in Ubuntu: Invalid Status in caja-admin package in Ubuntu: New Status in cinnamon package in Ubuntu: Invalid Status in ettercap package in Ubuntu: Confirmed Status in gdebi package in Ubuntu: Confirmed Status in gdm3 package in Ubuntu: Won't Fix Status in gnunet-gtk package in Ubuntu: Confirmed Status in gparted package in Ubuntu: Invalid Status in gui-ufw package in Ubuntu: Confirmed Status in guidedog package in Ubuntu: New Status in hplip package in Ubuntu: Confirmed Status in italc package in Ubuntu: New Status in laptop-mode-tools package in Ubuntu: New Status in lightdm-gtk-greeter-settings package in Ubuntu: Confirmed Status in nautilus-admin package in Ubuntu: New Status in needrestart-session package in Ubuntu: Confirmed Status in nemo package in Ubuntu: Confirmed Status in policykit-1 package in Ubuntu: Invalid Status in scanmem package in Ubuntu: New Status in scap-workbench package in Ubuntu: Confirmed Status in sirikali package in Ubuntu: Fix Released Status in synaptic package in Ubuntu: Confirmed Status in thunar package in Ubuntu: New Status in tuned package in Ubuntu: New Status in ubuntustudio-controls package in Ubuntu: New Status in ubuntustudio-default-settings package in Ubuntu: Invalid Status in update-notifier package in Ubuntu: New Status in xdiagnose package in Ubuntu: Confirmed Status in xubuntu-default-settings package in Ubuntu: Invalid Status in zulucrypt package in Ubuntu: Fix Released Bug description: ***************************** Main upstream discussion & fixes example to deal with wayland: https://bugzilla.gnome.org/show_bug.cgi?id=776437 ***************************** ******************************************************************************************************************************************** Steps to reproduce: 1. Install Ubuntu 17.10 2. Install backintime-qt4 or gparted application from above list (full may be acquired from https://codesearch.debian.net/search?q=pkexec+filetype%3Adesktop+path%3A*%2Fapplications%2F*&perpkg=1&page=4 ) 3a. Try to launch backintime-qt4 from shortcut "Back In Time (root)" (located in /usr/share/applications/backintime-qt4-root.desktop, it uses pkexec ($ cat /usr/share/applications/backintime-qt4-root.desktop | grep Exec Exec=pkexec backintime-qt4) 3b. Try to launch Gparted from shortcut "GParted" (located in /usr/share/applications/gparted.desktop, it uses gparted-pkexec) 4a.1. Back In Time does not start from GUI. 4a.2. Back In Time shows error message in console: 4b. gparted-pkexec does not start, reports error $ gparted-pkexec Created symlink /run/systemd/system/-.mount → /dev/null. Created symlink /run/systemd/system/run-user-1000.mount → /dev/null. Created symlink /run/systemd/system/run-user-121.mount → /dev/null. Created symlink /run/systemd/system/tmp.mount → /dev/null. No protocol specified (gpartedbin:12831): Gtk-WARNING **: cannot open display: :0 Removed /run/systemd/system/-.mount. Removed /run/systemd/system/run-user-1000.mount. Removed /run/systemd/system/run-user-121.mount. Removed /run/systemd/system/tmp.mount. $ pkexec backintime-qt4 Back In Time Version: 1.1.12 Back In Time comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; type `backintime --license' for details. No protocol specified app.py: cannot connect to X server :0 Expected results: * backintime-qt4 may be run as root Actual results: * unable to run backintime-qt4 as root Workaround: * setting "xhost +si:localuser:root" helps. ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: backintime-qt4 1.1.12-2 ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5 Uname: Linux 4.12.0-11-generic i686 ApportVersion: 2.20.6-0ubuntu7 Architecture: i386 CurrentDesktop: GNOME Date: Sun Aug 27 14:23:14 2017 InstallationDate: Installed on 2017-08-26 (0 days ago) InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Alpha i386 (20170826) PackageArchitecture: all SourcePackage: backintime UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/backintime/+bug/1713313/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
