From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=FREEMAIL_FROM, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id e364acef for ; Wed, 1 Jan 2020 20:59:27 +0000 (UTC) Received: (qmail 28806 invoked by alias); 1 Jan 2020 20:59:18 -0000 Mailing-List: contact zsh-users-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Users List List-Post: List-Help: List-Unsubscribe: X-Seq: 24588 Received: (qmail 24675 invoked by uid 1010); 1 Jan 2020 20:59:18 -0000 X-Qmail-Scanner-Diagnostics: from mout.gmx.net by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.102.1/25677. spamassassin: 3.4.2. Clear:RC:0(212.227.15.15):SA:0(-1.9/5.0):. Processed in 3.29737 secs); 01 Jan 2020 20:59:18 -0000 X-Envelope-From: dominik.vogt@gmx.de X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at gmx.net designates 212.227.15.15 as permitted sender) X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Date: Wed, 1 Jan 2020 21:58:33 +0100 From: Dominik Vogt To: Zsh Users Subject: DISPLAY problem with zsh + fvwm + firejail Message-ID: <20200101205833.puf6pb3cylcd47qt@gmx.de> Reply-To: dominik.vogt@gmx.de Mail-Followup-To: Zsh Users MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: NeoMutt/20170113 (1.7.2) X-Provags-ID: V03:K1:fB3yApx1Y6LImiwIel4B8tsUZYY2RoVX3gSj4FYR7zLeTurf65S I+oi2oEK7TJXGgUV35cS1AG63tGoLlezzIhqosMfHHeT7nnuaNMXuFLHARAGBS1JkVpcnXS ZmxbsX6it83Ra1ZSbJrZ2x+R3iBsvE4jKHrqYEvxN6OIP79rl5I70LfoMBPt/TxuNjf2dOD USm+hDufs7/lOHh6n+vRw== X-UI-Out-Filterresults: notjunk:1;V03:K0:6dc5vj95Bgg=:/9WO/rUagWsfaduszHLOAt I5HCxOayMeBoVxTJkJ8lKXNC1WgqKjAzH7R6MwBm5XMFVIZf/URMhoTsle6Lv78Jvu3fCtTkm 6k+lkZoiFHKCUNGij8U4Sl8SV2p/sKEuMp4+IpdukjCjYy3DbGIfZ5np95eaqGch/CGxZxrHE jY1tf7FxZveOHbG2lzCKC5NpXehAa+FPseSqMnXV0q1734qiJk/RaJ2NcTxidhY3dqjDFT7Wh JaFedbARnxva3vWbK3LN71vPajYujQfvlKpLMhqFjijeGm+KPUOWeeVFTXD8kH/xUuCSMjtY/ TuKHg7Gb92tuCMJFANcUsdI2dw20vy6anJjpyKRWUUresic88Ab5CYDoQKDuF3vO1M9revOor RRJLI7Kk7PGdyXMQHp4SmpTmiimlBkNxoz+RtEXOQR0/7QGgiWcabdsJjaljGFzE1rrdnZRPz Ob8zJnf7iKDEupRKonFWabnTsrGW6uerNS76aQ/drm20oODYpnnSctlLNAsJe1DHfjnut7PCT In4Uim4uOPXKEA5iCI2nUbVMVaomJDGmoeEYuUZhYHoMSFeK0eGdVXA/OV7qqSSVj8jpF7a/V J+VoVUFOch41bxBU9J8zcvzY1m1r5j70F9ChGI9mebEl0iTL++IH2PpUR/Y6y6T5/EkzsFP0Y tE6PhoyZnQE/N4MXoh18zaEbHp6PXR6js0MjcNVeolwjZoooDZxMr5VrzBvIiyCalsLi73nOf Gi+BLJb9sz7TvbkMuxrQqDui/zsiFu2ku67hqA49LD+7Y4xvIoQGPoLQm2+x3Z0LkDMntcbt3 s6M0IdcAHIW1c0QnzqrNn78OybQ0Do+wqu8H3QUAtR5IGAJwxLiGZoSLv8smt7LZaxkq7gTdE oaAKcC1zB/8C4jhLdGtikt+P8oySJ3/sz/seYRyaAiIPIbWlE6Y+wReibVNixxlJrlZv3iQ5T X50UlV3aYoe39NwlASpdssP2x85FNs6hUH6jlgHP6C5RdAj2tP9ub4Ql9d/rnfQ+j89DWl5df DbZscL+VVu8xEBBC4IqAr8226VnbPULx+iVnd4JZtw3rlwKRAQmJh+9bJDA3PgLt5ZxBiiGfg 7ZM4aVJKH4GonX/99wytOftjp6/a6Dkf93e1fREUgEEGdHm4Xopls6W7QyOkHMr2r5jG82hLD GMbnCd4KxP5fHHIglBJEFcZZJ6rlqE/wBF+7HsLzmSFXOVRQHRkz1On6gGXKvOPwLV+sBAQXP hG/bpUWJG0hPzYRomEIw8sakO/7Olj2P/3YxB2P5pDaktNZDSwl4eHHLnEDI= Content-Transfer-Encoding: quoted-printable Running commands in firejail (an enhanced sandbox similar to chroot), there is a problem with a certain way of starting programs. Working setup: =2D------------- # Running zsh inside an Rxvt managed by fvwm. $ firejail --debug set Shows (with some added debug output), that zsh was used to run "set", and that the display variable ist set: # args passed to execvp by firejail DISPLAY=3D':0' arg0: '/usr/bin/zsh' arg1: '-c' arg2: ''set' ' # output of set shell builtin DISPLAY=3D':0' Failing setup: =2D------------- Run the command by the window manager. Make a menu entry or open FvwmConsole and type exec firejail --debug set (exec is fvwm's command to run an external command). Now, the DISPLAY is set to an empty string: # args passed to execvp by firejail DISPLAY=3D':0' arg0: '/usr/bin/zsh' arg1: '-c' arg2: ''set' ' # output of set shell builtin DISPLAY=3D'' <-------- empty string =2D- I can't firgure out what's going on. For some reason, DISPLAY is set to an empty string between the final execvp() call in firejail and the place that uses the value, and the shell may or may not be involved in this problem. Note that the same occurs if any shell is set explicitly: exec firejail --debug bash -c xterm -> fails But it works fine if firejail is told to omit the shell: exec firejail --debug xterm -> works =2D- One more detail about the way fvwm calls external programs: rxvt -> zsh -> firejail -> execvp zsh -c 'firejail command' -> zsh -> firejail -> execvp -> zsh -c 'command' -> exec? -> command GOOD fvwm -> execvp -> sh -c 'firejail ...' -> sh -> firejail -> execvp zsh -c 'command' -> zsh -> exec? -> command BAD (Note that you can tell fvwm to use zsh nstead of sh with "execuseshell /bin/zsh". This doesn't change anything.) So, what is the cause of the different bevaviour and/or how can I debug it? Ciao Dominik ^_^ ^_^ =2D- Dominik Vogt