Date: Sat, 01 Apr 2017 12:24:32 -0400 From: Ernie Luzar <luzar722@gmail.com> To: FreeBSD questions <freebsd-questions@FreeBSD.org> Subject: Re: X11 and ezjails Message-ID: <58DFD440.50000@gmail.com> In-Reply-To: <20170401091533.GA2495@esprimo.local> References: <7f49f81e25d0eb05aad1af66df49c525.squirrel@webmail.harte-lyne.ca> <20170401091533.GA2495@esprimo.local>
next in thread | previous in thread | raw e-mail | index | archive | help
Christoph Brinkhaus wrote: > On Fri, Mar 31, 2017 at 01:39:29PM -0400, James B. Byrne via freebsd-questions wrote: > > Dear James, > >> FreeBSD-11.0 >> >> I would like to run gvim in an X11 window over ssh to a jailed >> instance created with ezjail. I have set sshd_config in the jail to >> allow X11Forwarding and I am connecting with 'ssh -Y jail.domain.tld' >> >> However, when I log into the jail and run gvim then I see this: >> >> # gvim >> X11 connection rejected because of wrong authentication. >> E233: cannot open display >> Press ENTER or type command to continue >> >> E852: The child process failed to start the GUI >> X11 connection rejected because of wrong authentication. >> >> >> I have run into this before and have attempted to apply all of the >> previous remedies but nothing seems to work. Is there anything about >> jails themselves that would prevent X11 forwarding? >> >> Has anyone accomplished what I am trying to do? If so then how was it >> done? > > Please have a look at > https://forums.freebsd.org/threads/53362/ > It works with ezjail as well. > The bare fact is you can not run an x11 gui in a jail. The x11 gui needs access to the kernel which is blocked by jail(8) as a security violation. iocage uses a un-official patch to allow x11 gui desktop to run in a jail, but doing so robs the jail of all its built in security. So why would any one do that? This is not an ezjail problem, but an mis-understanding of how jail(8) and x11 gui works.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58DFD440.50000>