#4970 xvfb-run fix for not needing previously run X11

[Hanspeter Niederstrasser]

If you reboot, xvfb-run fails unless X11 has been run once (you can even quit X11 and xvfb-run will still work afterwards; it just needs that initial run). This run sets up /tmp/.X11-unix, where X stores its sockets.

Without the first run, xvfb-run fails with this error:

_XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created.
_XSERVTransSocketUNIXCreateListener: mkdir(/tmp/.X11-unix) failed, errno = 2
_XSERVTransMakeAllCOTSServerListeners: failed to create listener for local

If I manually create /tmp/.X11-unix, the error changes to:

_XSERVTransmkdir: ERROR: Mode of /tmp/.X11-unix must be set to 1777
_XSERVTransSocketUNIXCreateListener: mkdir(/tmp/.X11-unix) failed, errno = 1
_XSERVTransMakeAllCOTSServerListeners: failed to create listener for local

If I chmod /tmp/.X11-unix, then xvfb-run runs successfully.

This is the change to xvfb-run:

--- xvfb-run.info   10 Sep 2015 21:02:21 -0000  1.1
+++ xvfb-run.info   18 Aug 2017 03:07:26 -0000
@@ -1,11 +1,11 @@
 Package: xvfb-run
 Version: 1.4.2
-Revision: 3
+Revision: 4
 Source: http://patch-tracker.debian.org/patch/debianonly/dl/xorg-server/2:%v-10.lenny4/debian-dir%%20only%%20changes
 SourceRename: xorg-server_%v-10.lenny4.debian-only-changes.diff
 Source-MD5: 6e67c13a732a29318330f9e605c6e2a8
 NoSourceDirectory: true
 Depends: <<
    getoptbin,
    x11
 <<
@@ -17,16 +17,24 @@
 <<
 CompileScript: #
 InstallScript: <<
    mkdir -p %i/bin
    install -m0755 debian/local/xvfb-run %i/bin
    mkdir -p %i/share/man/man1
    install -m0644 debian/local/xvfb-run.1 %i/share/man/man1
 <<
+PostInstScript: <<
+# /tmp/.X11-unix stores the sockets for the X11 server.
+# It needs to exist even if we're faking X11
+if [ ! -d /tmp/.X11-unix/ ]; then

+   /bin/mkdir -p /tmp/.X11-unix
+   /bin/chmod 1777 /tmp/.X11-unix
+fi
+<<
 DocFiles: debian/copyright
 DescPort: <<
    darwin-specific patch from:
    http://www.hexten.net/wiki/?title=Patch_xvfb-run_for_Mac_OS_X
 <<
 DescPackaging: <<
    Script is apparently a debian add-on (various websites say
    it's standard part of x.org?)

[Hanspeter Niederstrasser]

Bah. This is only a very partial fix. /tmp/.X11-unix is deleted on reboot, so anything that the PostInstScript creates is axed then and we're back to square one. The presence of /tmp/.X11-unix would need to be checked at xvfb-run runtime, and must somehow be done as root. I don't think we want to setuid xbvf-run to root to be able to create /tmp/.X11-unix if absent.

[Hanspeter Niederstrasser]

/opt/X11/lib/X11/xinit/privileged_startx.d/10-tmpdirs creates /tmp/.X11-unix. So then maybe it's a matter of having Xvfb-run run this script if /tmp/.X11-unix is not present?

[Hanspeter Niederstrasser]

So a setuid launcher (triggered as needed at the top of xvfb-run) would be needed to run 10-tmpdirs with the right permissions. But setuid shell scripts ignore +s. It would need to be a binary launcher (or maybe perl could work).

http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html
https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts

[Hanspeter Niederstrasser]

Also, from an old thread in -devel
https://github.com/XQuartz/xquartz-old-tickets/blob/master/ticket/2067.md

[Daniel Macks]

Fixed in 792e352d8c508b5819db3aa183cc63dba68dde20 using a suid wrapper written in C that runs xquartz's privileged_startx program (which runs its .d scriptlets). This all needs to happen at runtime, since the directories get nuked on reboot, not at PostInst.