diff --git a/distrobox-export b/distrobox-export index 40329cf69e..72ea4104a4 100755 --- a/distrobox-export +++ b/distrobox-export @@ -44,6 +44,16 @@ sudo_prefix="" verbose=0 version="1.6.0.1" +sudo_askpass_path="${dest_path}/distrobox_sudo_askpass" +sudo_askpass_script="#!/bin/sh +if command -v zenity 2>&1 > /dev/null; then + zenity --password +elif command -v kdialog 2>&1 > /dev/null; then + kdialog --password +else + exit 127 +fi" + # We depend on some commands, let's be sure we have them base_dependencies="basename find grep sed" for dep in ${base_dependencies}; do @@ -191,6 +201,13 @@ fi # Check if we're in a rootful or rootless container. if grep -q "rootless=0" /run/.containerenv 2> /dev/null; then rootful="--root" + + # We need an askpass script for SUDO_ASKPASS, to launch graphical apps + # from the drawer + if [ ! -e "${sudo_askpass_path}" ]; then + echo "${sudo_askpass_script}" > "${sudo_askpass_path}" + chmod +x "${sudo_askpass_path}" + fi fi # We're working with HOME, so we must run as USER, not as root. @@ -277,6 +294,10 @@ fi # Prefix to add to an existing command to work through the container container_command_prefix="${DISTROBOX_ENTER_PATH:-"distrobox-enter"} ${rootful} -n ${container_name} ${enter_flags} -- ${sudo_prefix} " +if [ -n "${rootful}" ]; then + container_command_prefix="env SUDO_ASKPASS=\"${sudo_askpass_path}\" DBX_SUDO_PROGRAM=\"sudo --askpass\" ${container_command_prefix}" +fi + if [ -z "${exported_app_label}" ]; then exported_app_label=" (on ${container_name})" elif [ "${exported_app_label}" = "none" ]; then diff --git a/docs/usage/distrobox-export.md b/docs/usage/distrobox-export.md index f68b8b74d8..421e44a8f0 100644 --- a/docs/usage/distrobox-export.md +++ b/docs/usage/distrobox-export.md @@ -86,53 +86,6 @@ The option "--delete" will un-export an app or binary The option "--sudo" will launch the exported item as root inside the distrobox. -**Exporting apps from rootful containers** - -It is worth noting that, when exporting any item - which includes graphical apps - from rootful -containers (created with `distrobox create --root`), root privileges will be needed every time -the item is launched (in order to enter the rootful container), which, by default, is done -using `sudo` (see docs for `distrobox-enter` on how to customize that). However, for -graphical apps in specific, since they launch without a terminal, the usage of `sudo` -might, at first, make it impossible to launch them. - -To fix this without needing to customize the sudo program, one can define a global -`SUDO_ASKPASS` environment variable on their machine, which is a PATH to an executable -that is run by `sudo` when no terminal is available (or when it is given the `--askpass` -or `-A` option), and the output of that executable to stdout is used as the password input. -The executable is called as many times is needed for authentication as root to succeed -(unless a limit of amount of attempts is reached). - -To do this, pick a program to ask the user for graphical password input. In this example, -we will use `zenity --password`, which should be present for GNOME users (and can -also be installed in other DEs) - there are other options, such as -`kdialog --password "Message"` for KDE users. - -Write the call to the desired program to a script file, for example to -`/usr/bin/my-password-prompt` (sample contents below): - - #!/bin/sh - zenity --password "Authentication as root is required" - -(You may save the script under, for example, `~/.local/bin` if you want to keep it -fully local to your user.) - -Afterwards, make it executable (e.g. run `sudo chmod +x /usr/bin/my-password-prompt`). Then, -make sure to set `SUDO_ASKPASS` to `"/usr/bin/my-password-prompt"` (replace with your script's path) -in a global profile file, so that it is picked up by sudo when running graphical apps (and, therefore, -sudo will run the script you created to ask for a password). -This is done with the shell line `export SUDO_ASKPASS="/path/to/script/goes/here"`. -You can do this for your user only by running the command below (replace the script path as needed): - - echo 'export SUDO_ASKPASS="/usr/bin/my-password-prompt"' >> ~/.profile - -Which appends the appropriate line to the end of your `~/.profile` file, thus making the change -local to your user. Alternatively, to set it system-wide (for all users), you may create a file -in `/etc/profile.d/` (or equivalent for your system) with that line. - -Now just log out and log back in, and graphical apps exported from rootful containers should -now be properly asking for root's password before launching (instead of not opening, if that -was the case before). - **Notes** Note you can use --app OR --bin but not together.