Code:#DISPLAY=ip.ad.dr.ess:0.0 #export DISPLAY
Hi,
I am wondering if anyone knows what is the best way to run X apps in a chrooted environment, The X server(run before the chroot) refuse connection of X apps from within the chroot. I know this is an authentication issue but don't know how to solve it.
thanks and regards.
Code:#DISPLAY=ip.ad.dr.ess:0.0 #export DISPLAY
thanks, I tried localhost:0.0 but it still didn't work. Could be that I need the xhost command as well before I chroot.
I normally type startx --:1 in the chrooted environment without any modifications whatsoever. The window should display in the eighth virtual terminal (vt. As for the authentication issue, turn off x authentication in /etc/X11/xdm/xdm-conf, and you won't have to mess with xhost or xauth.If you use kdm or gdm, they each have a config file in /etc/X11/kdm/kdm-config or /etc/X11/gdm/gdm/gdm-config, respectively. Xauth uses authentication from your current enviroment, i think, so it might have flowed thru to the chroot enviroment, but I'm not totally sure of this. I normally turn it off at both ends to prevent this sort of thing for troubleshooting purposes. When done, you might want to turn it back on, if you desire the security of your X sessions.
Thanks for the info. My situation is a bit odd. I started a VNC server from the hosting rootfs and vnc into it. Then I chroot into another rootfs and tried to run X apps there. The hosting rootfs in this case don't even have a session manager(xdm etc.). What is even more complicated, I need to "su" into a normal user in this chrooted environment first before running the X apps.Originally Posted by Durand Hicks
This whole authentication system of X is still very confusing to me. I googled around and it seems that I can mount --bind /tmp into the chroot so as to directly use the X socket created there.
At the moment, I just bypass all this and start the vnc server within the chrooted environment, but still learning how to do it as that seems to be a pretty standard requirment of chrooting into other rootfs(under X) and run X apps, so a proper solution will help in the future.
thanks for all the help, finally get some idea of how this X security works.
By default, X clients access ~/.Xauthority to find cookies in order to talk to X server.
In order to make scenarios like "su" then run some root only programs "xhost +local:" is needed as this would allow anyone on the same machine(or access to the /tmp/.X11-unix sockets) to connect to the running display.
For a chrooted environment, /tmp in chroot is different from /tmp in hosting so the above won't work. "xhost +localhost" is needed as that means any X apps running on the local machine(not depending on the rootfs anymore) can access the X server.
The above should be good enough for a workstation used by only one person. If one wants more security, it has to resort to using the 'xauth' command to extract the cookies then import into the destination ~/.Xauthority. Though this is still not encrypted in anyway.
If one need to access X apps on another machine, just add "xhost +hostname" but that would mean any X apps from hostname can access the running X server.
hope this will help others.
I've tried the methods suggested in this post and must be missing a step. I still get authority errors related to /home/knoppix/.Xauthority from the chrooted environment.
The xdm-config has 0 for an authentication value. Do I need to say "false" instead?
Thanks.
I've never actually started up X locally when remastering, I've always just started up VNC and then connected from a different computer
But I don't think that's what your trying to do here.
IBM Power S822 12-Bay Server System Power8 Core 3.42Ghz DVD-Rom Drive 64GB No HD
$399.99
IBM System X3650 Server M2 2 x Xeon X5570 2.93 Ghz w/128 GB/DVDRW
$169.99
IBM Power 720 POWER7 00E6516 3.6GHz CPU 64GB RAM Server
$209.98
IBM 7944AC1 System x3550 M3 Server 1*Intel Xeon X5650 2.67GHz 4GB SEE NOTES
$26.97
IBM System x3250 M4 Server Intel Xeon E3-1220 3.10GHz 8GB RAM No HDDs
$74.77
IBM SYSTEM x3650 M4 Xeon E5-2609 2.40GHZ 16GB DDR3-1066MHZ 2x 550W PSU TESTED
$109.95
$16000.00
IBM Power 740 8205-E6C Express 8-SFF Power7 3.55GHz CPU 64GB RAM *No HDD* Server
$191.99
IBM Power S822 8284-22A 2.5" 12-Bay 64GB 2X 00ND478 2X 00E2865 *READ*
$599.99
IBM Lenovo X3650 M5 2U 8x 2.5” CTO Rack Server – 2x HS, 2x 750W
$199.00