Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dont run browser as root #5058

Closed

Commits on Oct 23, 2023

  1. webui: Handle XAUTHORITY and XDG_RUNTIME_DIR

    The titlebar with "Mozilla Firefox" has been fixed but there
    are some more bits that can be cleaned up.
    
    This commit achieves that by:
    
    1. Make sure more of the environment is bubbled through anaconda to
       the webui launcher. In particular, we need XDG_CURRENT_DESKTOP, but
       this commit brings it all through, so firefox runs in an environment
       as close to getting run directly by the live user as possible.
    2. Two exceptions are XAUTHORITY and XDG_RUNTIME_DIR which need to
       remain unset until we can run firefox as a normal user instead of root.
    halfline authored and M4rtinK committed Oct 23, 2023
    Configuration menu
    Copy the full SHA
    00c5364 View commit details
    Browse the repository at this point in the history
  2. webui: Store browser in array

    At the moment most of the firefox command line is getting placed
    in a variable named $BROWSER and then getting run as
    
    $BROWSER http://url
    
    This only works if $BROWSER is at the very front of the line or if
    it's run through eval.
    
    Instead, make BROWSER into an array so it's positional arguments
    get expanded positionally.
    halfline authored and M4rtinK committed Oct 23, 2023
    Configuration menu
    Copy the full SHA
    8420c14 View commit details
    Browse the repository at this point in the history
  3. webui: Run browser as liveuser instead of root

    It's not a good idea to run UI code as root if we can help it, and
    since the webui separates front end from backend, we don't need to
    run the front end code as root.
    
    This commit changes webui-desktop to start firefox as the liveuser.
    
    The entire script could probably be run unprivileged with a few
    changes to the cockpit parts (different port, new polkit policy,
    cockpit.spawn changes to run as superuser), but that's a change
    for another time.
    halfline authored and M4rtinK committed Oct 23, 2023
    Configuration menu
    Copy the full SHA
    28ea45b View commit details
    Browse the repository at this point in the history