The Python/GTK3 GUI GameConqueror uses libscanmem for memory scanning with /proc/$pid/mem or ptrace(). Root privileges are required because of the Yama security module and its ptrace_scope set to 1.
To bypass that, scanmem/GC would have to run the target application. That architecture change cannot be done as the usage would be too complex. We cannot go back to parsing scanmem output due to performance reasons. The hot scanning path is called several million times. The results list is autoupdated and the hex memory editor receives a bigger amount of data from libscanmem. Running a memory scanning daemon is a security risk as any program might access it. We expect that this is fixed in Wayland. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1713313 Title: Unable to launch pkexec'ed applications on Wayland session Status in apt-offline package in Ubuntu: New Status in backintime package in Ubuntu: Confirmed Status in budgie-welcome package in Ubuntu: New Status in ettercap package in Ubuntu: Confirmed Status in gdebi package in Ubuntu: Confirmed Status in gnunet-gtk package in Ubuntu: Confirmed Status in gparted package in Ubuntu: Invalid Status in gufw package in Ubuntu: New Status in hplip package in Ubuntu: Confirmed Status in italc package in Ubuntu: New Status in laptop-mode-tools package in Ubuntu: New Status in lightdm-gtk-greeter-settings package in Ubuntu: Confirmed Status in nautilus-admin package in Ubuntu: New Status in needrestart-session package in Ubuntu: Confirmed Status in nemo package in Ubuntu: Confirmed Status in policykit-1 package in Ubuntu: Invalid Status in scanmem package in Ubuntu: New Status in scap-workbench package in Ubuntu: Confirmed Status in sirikali package in Ubuntu: New Status in synaptic package in Ubuntu: Confirmed Status in thunar package in Ubuntu: New Status in tuned package in Ubuntu: New Status in ubuntustudio-controls package in Ubuntu: New Status in ubuntustudio-default-settings package in Ubuntu: New Status in xdiagnose package in Ubuntu: Confirmed Status in xubuntu-default-settings package in Ubuntu: New Status in zulucrypt package in Ubuntu: New Bug description: Posting here what gnome says about porting to wayland, and their tests: GNOME Applications under Wayland GTK+ has a Wayland backend. If it was enabled at compile-time, you can run a GTK+ application under Wayland simply by: GDK_BACKEND=wayland gnome-calculator Applications that use Clutter or clutter-gtk also need the Clutter Wayland backend enabled: GDK_BACKEND=wayland CLUTTER_BACKEND=wayland cheese https://wiki.gnome.org/Initiatives/Wayland/Applications ======> so hope the settings are well set at compile time; maybe a rebuilt to get sure all apps are ok. ******************************************************************************************************************************************** Steps to reproduce: 1. Install Ubuntu 17.10 2. Install backintime-qt4 or gparted application from above list (full may be acquired from https://codesearch.debian.net/search?q=pkexec+filetype%3Adesktop+path%3A*%2Fapplications%2F*&perpkg=1&page=4 ) 3a. Try to launch backintime-qt4 from shortcut "Back In Time (root)" (located in /usr/share/applications/backintime-qt4-root.desktop, it uses pkexec ($ cat /usr/share/applications/backintime-qt4-root.desktop | grep Exec Exec=pkexec backintime-qt4) 3b. Try to launch Gparted from shortcut "GParted" (located in /usr/share/applications/gparted.desktop, it uses gparted-pkexec) 4a.1. Back In Time does not start from GUI. 4a.2. Back In Time shows error message in console: 4b. gparted-pkexec does not start, reports error $ gparted-pkexec Created symlink /run/systemd/system/-.mount → /dev/null. Created symlink /run/systemd/system/run-user-1000.mount → /dev/null. Created symlink /run/systemd/system/run-user-121.mount → /dev/null. Created symlink /run/systemd/system/tmp.mount → /dev/null. No protocol specified (gpartedbin:12831): Gtk-WARNING **: cannot open display: :0 Removed /run/systemd/system/-.mount. Removed /run/systemd/system/run-user-1000.mount. Removed /run/systemd/system/run-user-121.mount. Removed /run/systemd/system/tmp.mount. $ pkexec backintime-qt4 Back In Time Version: 1.1.12 Back In Time comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; type `backintime --license' for details. No protocol specified app.py: cannot connect to X server :0 Expected results: * backintime-qt4 may be run as root Actual results: * unable to run backintime-qt4 as root Workaround: * setting "xhost +si:localuser:root" helps. ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: backintime-qt4 1.1.12-2 ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5 Uname: Linux 4.12.0-11-generic i686 ApportVersion: 2.20.6-0ubuntu7 Architecture: i386 CurrentDesktop: GNOME Date: Sun Aug 27 14:23:14 2017 InstallationDate: Installed on 2017-08-26 (0 days ago) InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Alpha i386 (20170826) PackageArchitecture: all SourcePackage: backintime UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt-offline/+bug/1713313/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
