accessing the host's X server from inside chroot

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

accessing the host's X server from inside chroot

Kostas Oikonomou
I am running FreeBSD 12.0p10.  Using chroot, I am trying to run a browser
(palemoon) located in /opt/devuan, which contains a Devuan Linux distribution
installed with 'debootstrap'.  My objective is for the browser to use the host's
(FreeBSD)
X server, not the Devuan one.

I've added my FreeBSD user name as a Devuan user, home in /opt/devuan/home.  
Now I try things like

sudo chroot -u <me> /opt/devuan home/palemoon/palemoon

but I cannot get past the error

Error: cannot open display: :0.0

Running

sudo chroot -u <me> /opt/devuan home/palemoon/palemoon --help

works, and produces the expected text output.

I've tried things like "xhost +"  and I've searched lots of mailing lists, but I
don't see any answer.

Thanks for your help.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: accessing the host's X server from inside chroot

Per Hedeland
On 2019-10-09 01:45, Kostas Oikonomou wrote:

> I am running FreeBSD 12.0p10.  Using chroot, I am trying to run a browser
> (palemoon) located in /opt/devuan, which contains a Devuan Linux distribution
> installed with 'debootstrap'.  My objective is for the browser to use the host's
> (FreeBSD)
> X server, not the Devuan one.
>
> I've added my FreeBSD user name as a Devuan user, home in /opt/devuan/home.
> Now I try things like
>
> sudo chroot -u <me> /opt/devuan home/palemoon/palemoon
>
> but I cannot get past the error
>
> Error: cannot open display: :0.0

The display name :0.0 corresponds to a unix domain socket, typically
/tmp/.X11-unix/X0, which you of course can't reach after a chroot. By
setting the environment $DISPLAY to localhost:0.0, a TCP connection
should be made instead, but these days the X server doesn't listen for
TCP connections by default. If you start X with startx(1), it should
be possible to pass it '-- -listen tcp' to make the server listen for
TCP connections, see the respective man pages.

Doing this has some security implications though, since the X server
will then listen on the wildcard address, and it will thus be possible
to connect to it over the network - I didn't see a way to make it
listen only on the localhost/loopback address. Authorization is still
required to actually do anything with the server - unless, of course,
you turn it off with "xhost +".

--Per Hedeland
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: accessing the host's X server from inside chroot

Per Hedeland
On 2019-10-09 18:07, Arthur Chance wrote:

> On 09/10/2019 14:18, Per Hedeland wrote:
>> On 2019-10-09 01:45, Kostas Oikonomou wrote:
>>> I am running FreeBSD 12.0p10.  Using chroot, I am trying to run a browser
>>> (palemoon) located in /opt/devuan, which contains a Devuan Linux
>>> distribution
>>> installed with 'debootstrap'.  My objective is for the browser to use
>>> the host's
>>> (FreeBSD)
>>> X server, not the Devuan one.
>>>
>>> I've added my FreeBSD user name as a Devuan user, home in
>>> /opt/devuan/home.
>>> Now I try things like
>>>
>>> sudo chroot -u <me> /opt/devuan home/palemoon/palemoon
>>>
>>> but I cannot get past the error
>>>
>>> Error: cannot open display: :0.0
>>
>> The display name :0.0 corresponds to a unix domain socket, typically
>> /tmp/.X11-unix/X0, which you of course can't reach after a chroot. By
>> setting the environment $DISPLAY to localhost:0.0, a TCP connection
>> should be made instead, but these days the X server doesn't listen for
>> TCP connections by default. If you start X with startx(1), it should
>> be possible to pass it '-- -listen tcp' to make the server listen for
>> TCP connections, see the respective man pages.
>>
>> Doing this has some security implications though, since the X server
>> will then listen on the wildcard address, and it will thus be possible
>> to connect to it over the network - I didn't see a way to make it
>> listen only on the localhost/loopback address. Authorization is still
>> required to actually do anything with the server - unless, of course,
>> you turn it off with "xhost +".
>
> If you run the host X server with -listen tcp and and set the DISPLAY
> variable in the chroot to localhost:0.0 I think you should be able to
> connect if you either 1) copy the FreeBSD level home directory's
> .Xauthority to the chroot's home directory or 2) run "xhost +localhost"
> at the host level before connecting.

Agreed, I didn't go into the details of how to actually make the
authorization work in this scenario. I would say that copying
.Xauthority is the preferred way since it keeps the authorization, but
while "xhost +localhost" disables it for connections from localhost,
it is probably "good enough".

--Per
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: accessing the host's X server from inside chroot

Kostas Oikonomou

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: accessing the host's X server from inside chroot

Shane Ambler-5
In reply to this post by Kostas Oikonomou
On 9/10/19 10:15 am, Kostas Oikonomou wrote:

> I am running FreeBSD 12.0p10.  Using chroot, I am trying to run a browser
> (palemoon) located in /opt/devuan, which contains a Devuan Linux distribution
> installed with 'debootstrap'.  My objective is for the browser to use the host's
> (FreeBSD)
> X server, not the Devuan one.
>
> I've added my FreeBSD user name as a Devuan user, home in /opt/devuan/home.  
> Now I try things like
>
> sudo chroot -u <me> /opt/devuan home/palemoon/palemoon
>
> but I cannot get past the error
>
> Error: cannot open display: :0.0
>
> Running
>
> sudo chroot -u <me> /opt/devuan home/palemoon/palemoon --help
>
> works, and produces the expected text output.
>
> I've tried things like "xhost +"  and I've searched lots of mailing lists, but I
> don't see any answer.

Have you tried treating it like a remote machine? That is ssh into it
and use xforwarding. I expect that would require using jail not chroot.


--
FreeBSD - the place to B...Software Developing

Shane Ambler

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"