Date: Thu, 10 Oct 2019 00:15:54 +0200 From: Per Hedeland <per@hedeland.org> To: Arthur Chance <freebsd@qeng-ho.org> Cc: Kostas Oikonomou <k.oikonomou@att.net>, freebsd-questions@freebsd.org Subject: Re: accessing the host's X server from inside chroot Message-ID: <afcee2f5-281b-59ad-3860-56de9e1999a1@hedeland.org> In-Reply-To: <4c51f911-3bc7-7f50-45ba-c6f78af1b5ee@qeng-ho.org> References: <d5dddadca1e11912e3816ed2f5676931a433cdaa.camel@att.net> <0f7f3a8c-9b5d-c9cf-2bed-9f534216a441@hedeland.org> <4c51f911-3bc7-7f50-45ba-c6f78af1b5ee@qeng-ho.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2019-10-09 18:07, Arthur Chance wrote: > On 09/10/2019 14:18, Per Hedeland wrote: >> On 2019-10-09 01:45, Kostas Oikonomou wrote: >>> I am running FreeBSD 12.0p10. Using chroot, I am trying to run a browser >>> (palemoon) located in /opt/devuan, which contains a Devuan Linux >>> distribution >>> installed with 'debootstrap'. My objective is for the browser to use >>> the host's >>> (FreeBSD) >>> X server, not the Devuan one. >>> >>> I've added my FreeBSD user name as a Devuan user, home in >>> /opt/devuan/home. >>> Now I try things like >>> >>> sudo chroot -u <me> /opt/devuan home/palemoon/palemoon >>> >>> but I cannot get past the error >>> >>> Error: cannot open display: :0.0 >> >> The display name :0.0 corresponds to a unix domain socket, typically >> /tmp/.X11-unix/X0, which you of course can't reach after a chroot. By >> setting the environment $DISPLAY to localhost:0.0, a TCP connection >> should be made instead, but these days the X server doesn't listen for >> TCP connections by default. If you start X with startx(1), it should >> be possible to pass it '-- -listen tcp' to make the server listen for >> TCP connections, see the respective man pages. >> >> Doing this has some security implications though, since the X server >> will then listen on the wildcard address, and it will thus be possible >> to connect to it over the network - I didn't see a way to make it >> listen only on the localhost/loopback address. Authorization is still >> required to actually do anything with the server - unless, of course, >> you turn it off with "xhost +". > > If you run the host X server with -listen tcp and and set the DISPLAY > variable in the chroot to localhost:0.0 I think you should be able to > connect if you either 1) copy the FreeBSD level home directory's > .Xauthority to the chroot's home directory or 2) run "xhost +localhost" > at the host level before connecting. Agreed, I didn't go into the details of how to actually make the authorization work in this scenario. I would say that copying .Xauthority is the preferred way since it keeps the authorization, but while "xhost +localhost" disables it for connections from localhost, it is probably "good enough". --Per
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?afcee2f5-281b-59ad-3860-56de9e1999a1>