[GH-ISSUE #1197] --x11=xorg couldn't query Security extension #820

New issue

Closed

opened 2026-05-05 06:54:26 -06:00 by gitea-mirror · 28 comments

gitea-mirror commented 2026-05-05 06:54:26 -06:00

Owner

Copy link

Originally created by @l29ah on GitHub (Apr 6, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1197

master here

‰ firejail --x11=xorg xprop
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc

** Note: you can use --noprofile to disable default.profile **

Parent pid 19541, child pid 19542
Using authority file /tmp/.tmpXauth-6G0I7M
/usr/bin/xauth: (argv):1:  couldn't query Security extension on display ":1.0"
Failed to create untrusted X cookie: xauth: exit 1
Error: proc 19541 cannot sync with peer: unexpected EOF
Peer 19542 unexpectedly exited with status 1

Originally created by @l29ah on GitHub (Apr 6, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1197 master here ``` ‰ firejail --x11=xorg xprop Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-passwdmgr.inc ** Note: you can use --noprofile to disable default.profile ** Parent pid 19541, child pid 19542 Using authority file /tmp/.tmpXauth-6G0I7M /usr/bin/xauth: (argv):1: couldn't query Security extension on display ":1.0" Failed to create untrusted X cookie: xauth: exit 1 Error: proc 19541 cannot sync with peer: unexpected EOF Peer 19542 unexpectedly exited with status 1 ```

gitea-mirror 2026-05-05 06:54:26 -06:00

• closed this issue
• added the
  information_old
  label

gitea-mirror commented 2026-05-05 06:54:31 -06:00

Author

Owner

Copy link

@gso commented on GitHub (Apr 7, 2017):

Is the extension installed? Included with libxext6 on Ubuntu.

<!-- gh-comment-id:292446525 --> @gso commented on GitHub (Apr 7, 2017): Is the extension installed? Included with `libxext6` on Ubuntu.

gitea-mirror commented 2026-05-05 06:54:34 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Apr 7, 2017):

On Thu, Apr 06, 2017 at 10:43:05PM -0700, gso wrote:

Is the extension installed? Included with libxext6 on Ubuntu.

I didn't have it installed, but after i installed it and rebuilt firejail nothing changed.

--
() ascii ribbon campaign - against html mail
/\ http://arc.pasp.de/ - against proprietary attachments

<!-- gh-comment-id:292498479 --> @l29ah commented on GitHub (Apr 7, 2017): On Thu, Apr 06, 2017 at 10:43:05PM -0700, gso wrote: > Is the extension installed? Included with `libxext6` on Ubuntu. I didn't have it installed, but after i installed it and rebuilt firejail nothing changed. -- () ascii ribbon campaign - against html mail /\ http://arc.pasp.de/ - against proprietary attachments

gitea-mirror commented 2026-05-05 06:54:36 -06:00

Author

Owner

Copy link

@gso commented on GitHub (Apr 7, 2017):

It's the extensions that the sandbox server itself actually supports by the looks. If you have logged in as another user with su then it may be X Windows authorisation that is the problem?

<!-- gh-comment-id:292581725 --> @gso commented on GitHub (Apr 7, 2017): It's the extensions that the sandbox server itself actually supports by the looks. If you have logged in as another user with `su` then it may be X Windows authorisation that is the problem?

gitea-mirror commented 2026-05-05 06:54:39 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Apr 7, 2017):

On Fri, Apr 07, 2017 at 09:18:22AM -0700, gso wrote:

It's the extensions the sandbox server itself actually supports by the looks. If you have logged into as another user with su and attempted to run an X application then it may be X Windows authorisation that is the problem?

I didn't. Also this way no --x11 and --x11=xpra won't work, and they do work.

--
() ascii ribbon campaign - against html mail
/\ http://arc.pasp.de/ - against proprietary attachments

<!-- gh-comment-id:292584846 --> @l29ah commented on GitHub (Apr 7, 2017): On Fri, Apr 07, 2017 at 09:18:22AM -0700, gso wrote: > It's the extensions the sandbox server itself actually supports by the looks. If you have logged into as another user with `su` and attempted to run an X application then it may be X Windows authorisation that is the problem? I didn't. Also this way no --x11 and --x11=xpra won't work, and they do work. -- () ascii ribbon campaign - against html mail /\ http://arc.pasp.de/ - against proprietary attachments

gitea-mirror commented 2026-05-05 06:54:41 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Apr 9, 2017):

I put out on Sourceforge a new release, can you give it a try? There have been quite a number of fixes in x11 area.

https://sourceforge.net/projects/firejail/files/firejail/

<!-- gh-comment-id:292784629 --> @netblue30 commented on GitHub (Apr 9, 2017): I put out on Sourceforge a new release, can you give it a try? There have been quite a number of fixes in x11 area. https://sourceforge.net/projects/firejail/files/firejail/

gitea-mirror commented 2026-05-05 06:54:42 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Apr 9, 2017):

I'm on 519c68b857, so i guess this doesn't apply to me.

<!-- gh-comment-id:292784792 --> @l29ah commented on GitHub (Apr 9, 2017): I'm on 519c68b857fba0822919b11e1ef66ed7216e3404, so i guess this doesn't apply to me.

gitea-mirror commented 2026-05-05 06:54:44 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Apr 9, 2017):

Yes, all the fixes should be in your version.

X11 security extension disables a number of regular X11 extensions. If your application uses one of them, the application will freeze. For example I start Chromium:

$ firejail --x11=xorg chromium
Reading profile /etc/firejail/chromium.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Parent pid 1817, child pid 1819
Using authority file /tmp/.tmpXauth-TaWIdm
authorization id is 749
Writing authority file /tmp/.tmpXauth-TaWIdm
Child process initialized
Warning: an existing sandbox was detected. /usr/bin/chromium will run without any additional sandboxing features
Xlib:  extension "RANDR" missing on display ":0.0".
Xlib:  extension "XInputExtension" missing on display ":0.0".
Xlib:  extension "RANDR" missing on display ":0.0".
Xlib:  extension "XInputExtension" missing on display ":0.0".
Xlib:  extension "XInputExtension" missing on display ":0.0".
Xlib:  extension "SHAPE" missing on display ":0.0".
Xlib:  extension "SHAPE" missing on display ":0.0".

The browser comes up, but the mouse doesn't work. On Debian jessie I get about half the programs working (including Firefox), the rest behave strangely.

<!-- gh-comment-id:292785060 --> @netblue30 commented on GitHub (Apr 9, 2017): Yes, all the fixes should be in your version. X11 security extension disables a number of regular X11 extensions. If your application uses one of them, the application will freeze. For example I start Chromium: ````` $ firejail --x11=xorg chromium Reading profile /etc/firejail/chromium.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Parent pid 1817, child pid 1819 Using authority file /tmp/.tmpXauth-TaWIdm authorization id is 749 Writing authority file /tmp/.tmpXauth-TaWIdm Child process initialized Warning: an existing sandbox was detected. /usr/bin/chromium will run without any additional sandboxing features Xlib: extension "RANDR" missing on display ":0.0". Xlib: extension "XInputExtension" missing on display ":0.0". Xlib: extension "RANDR" missing on display ":0.0". Xlib: extension "XInputExtension" missing on display ":0.0". Xlib: extension "XInputExtension" missing on display ":0.0". Xlib: extension "SHAPE" missing on display ":0.0". Xlib: extension "SHAPE" missing on display ":0.0". ````` The browser comes up, but the mouse doesn't work. On Debian jessie I get about half the programs working (including Firefox), the rest behave strangely.

gitea-mirror commented 2026-05-05 06:54:47 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Apr 9, 2017):

On Sun, Apr 09, 2017 at 06:12:40AM -0700, netblue30 wrote:

X11 security extension disables a number of regular X11 extensions. If your application uses one of them, the application will freeze. For example I start Chromium:

‰ firejail --x11=xorg true 
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc

** Note: you can use --noprofile to disable default.profile **

Parent pid 28838, child pid 28839
Using authority file /tmp/.tmpXauth-JYM2Lr
/usr/bin/xauth: (argv):1:  couldn't query Security extension on display ":1.0"
Failed to create untrusted X cookie: xauth: exit 1
Error: proc 28838 cannot sync with peer: unexpected EOF
Peer 28839 unexpectedly exited with status 1

--
() ascii ribbon campaign - against html mail
/\ http://arc.pasp.de/ - against proprietary attachments

<!-- gh-comment-id:292785133 --> @l29ah commented on GitHub (Apr 9, 2017): On Sun, Apr 09, 2017 at 06:12:40AM -0700, netblue30 wrote: > X11 security extension disables a number of regular X11 extensions. If your application uses one of them, the application will freeze. For example I start Chromium: ``` ‰ firejail --x11=xorg true Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-passwdmgr.inc ** Note: you can use --noprofile to disable default.profile ** Parent pid 28838, child pid 28839 Using authority file /tmp/.tmpXauth-JYM2Lr /usr/bin/xauth: (argv):1: couldn't query Security extension on display ":1.0" Failed to create untrusted X cookie: xauth: exit 1 Error: proc 28838 cannot sync with peer: unexpected EOF Peer 28839 unexpectedly exited with status 1 ``` -- () ascii ribbon campaign - against html mail /\ http://arc.pasp.de/ - against proprietary attachments

gitea-mirror commented 2026-05-05 06:54:49 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Apr 9, 2017):

This is the command firejail is trying to run:

$ /usr/bin/xauth -v -f /tmp/testxauth generate :0.0 MIT-MAGIC-COOKIE-1 untrusted
/usr/bin/xauth:  file /tmp/testxauth does not exist
Using authority file /tmp/testxauth
authorization id is 751
Writing authority file /tmp/testxauth

:0.0 is the display on my system:

$ env | grep DISPLAY
DISPLAY=:0.0

Try to run xauth command in a terminal, replace :0.0 with your display number.

<!-- gh-comment-id:292785664 --> @netblue30 commented on GitHub (Apr 9, 2017): This is the command firejail is trying to run: ````` $ /usr/bin/xauth -v -f /tmp/testxauth generate :0.0 MIT-MAGIC-COOKIE-1 untrusted /usr/bin/xauth: file /tmp/testxauth does not exist Using authority file /tmp/testxauth authorization id is 751 Writing authority file /tmp/testxauth ````` :0.0 is the display on my system: ````` $ env | grep DISPLAY DISPLAY=:0.0 ````` Try to run xauth command in a terminal, replace :0.0 with your display number.

gitea-mirror commented 2026-05-05 06:54:51 -06:00

Author

Owner

Copy link

@gso commented on GitHub (Apr 9, 2017):

Have just built Lumina Desktop, same issue, I'm not a sys. admn. however it was evident that access control was not configured (see man xhost),

xhost - without args, whether or not access control is currently enabled
xhost + - disables access control (no restriction on connections)
xhost + local: - all local connections
xhost + si:localuser:[username] - specify a local user
xhost - ... - removes access

<!-- gh-comment-id:292793334 --> @gso commented on GitHub (Apr 9, 2017): Have just built [Lumina Desktop](https://lumina-desktop.org), same issue, I'm not a sys. admn. however it was evident that access control was not configured (see `man xhost`), `xhost` - without args, whether or not access control is currently enabled `xhost +` - disables access control (no restriction on connections) `xhost + local:` - all local connections `xhost + si:localuser:[username]` - specify a local user `xhost - ... ` - removes access

gitea-mirror commented 2026-05-05 06:54:53 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Apr 9, 2017):

If you use xhost to configure it, is it working?

<!-- gh-comment-id:292793419 --> @netblue30 commented on GitHub (Apr 9, 2017): If you use xhost to configure it, is it working?

gitea-mirror commented 2026-05-05 06:54:55 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Apr 9, 2017):

On Sun, Apr 09, 2017 at 08:39:20AM -0700, gso wrote:

Have just built Lumina Desktop, same issue, I'm not a sys. admn. however it was evident that access control was not configured (see man xhost),

‰ xhost
access control enabled, only authorized clients can connect
SI:localuser:root
SI:localuser:googleearth

--
() ascii ribbon campaign - against html mail
/\ http://arc.pasp.de/ - against proprietary attachments

<!-- gh-comment-id:292793485 --> @l29ah commented on GitHub (Apr 9, 2017): On Sun, Apr 09, 2017 at 08:39:20AM -0700, gso wrote: > Have just built [Lumina Desktop](https://lumina-desktop.org), same issue, I'm not a sys. admn. however it was evident that access control was not configured (see `man xhost`), ‰ xhost access control enabled, only authorized clients can connect SI:localuser:root SI:localuser:googleearth -- () ascii ribbon campaign - against html mail /\ http://arc.pasp.de/ - against proprietary attachments

gitea-mirror commented 2026-05-05 06:54:57 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Apr 9, 2017):

On Sun, Apr 09, 2017 at 08:40:37AM -0700, netblue30 wrote:

If you use xhost to configure it, is it working?

Yes.

--
() ascii ribbon campaign - against html mail
/\ http://arc.pasp.de/ - against proprietary attachments

<!-- gh-comment-id:292793517 --> @l29ah commented on GitHub (Apr 9, 2017): On Sun, Apr 09, 2017 at 08:40:37AM -0700, netblue30 wrote: > If you use xhost to configure it, is it working? Yes. -- () ascii ribbon campaign - against html mail /\ http://arc.pasp.de/ - against proprietary attachments

gitea-mirror commented 2026-05-05 06:54:58 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Apr 12, 2017):

Huh?

<!-- gh-comment-id:293618920 --> @l29ah commented on GitHub (Apr 12, 2017): Huh?

gitea-mirror commented 2026-05-05 06:55:01 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Apr 12, 2017):

xhost config is a desktop problem.

<!-- gh-comment-id:293619278 --> @netblue30 commented on GitHub (Apr 12, 2017): xhost config is a desktop problem.

gitea-mirror commented 2026-05-05 06:55:02 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Apr 12, 2017):

On Wed, Apr 12, 2017 at 08:40:20AM -0700, netblue30 wrote:

xhost config is a desktop problem.

What do you mean? Have i misconfigured anything?

--
() ascii ribbon campaign - against html mail
/\ http://arc.pasp.de/ - against proprietary attachments

<!-- gh-comment-id:293626589 --> @l29ah commented on GitHub (Apr 12, 2017): On Wed, Apr 12, 2017 at 08:40:20AM -0700, netblue30 wrote: > xhost config is a desktop problem. What do you mean? Have i misconfigured anything? -- () ascii ribbon campaign - against html mail /\ http://arc.pasp.de/ - against proprietary attachments

gitea-mirror commented 2026-05-05 06:55:04 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Apr 12, 2017):

xhost configuration is set by the guys building the distro. It all depends how X11 was set by them. If it is too restrictive, xorg will kill all kind of requests.

<!-- gh-comment-id:293629328 --> @netblue30 commented on GitHub (Apr 12, 2017): xhost configuration is set by the guys building the distro. It all depends how X11 was set by them. If it is too restrictive, xorg will kill all kind of requests.

gitea-mirror commented 2026-05-05 06:55:06 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Apr 12, 2017):

On Wed, Apr 12, 2017 at 09:13:13AM -0700, netblue30 wrote:

xhost configuration is set by the guys building the distro. It all depends how X11 was set by them. If it is too restrictive, xorg will kill all kind of requests.

I've posted mine. Is it somehow incompatible with firejail?

--
() ascii ribbon campaign - against html mail
/\ http://arc.pasp.de/ - against proprietary attachments

<!-- gh-comment-id:293629722 --> @l29ah commented on GitHub (Apr 12, 2017): On Wed, Apr 12, 2017 at 09:13:13AM -0700, netblue30 wrote: > xhost configuration is set by the guys building the distro. It all depends how X11 was set by them. If it is too restrictive, xorg will kill all kind of requests. I've posted mine. Is it somehow incompatible with firejail? -- () ascii ribbon campaign - against html mail /\ http://arc.pasp.de/ - against proprietary attachments

gitea-mirror commented 2026-05-05 06:55:09 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Apr 14, 2017):

Could also be the way they compiled xorg to begin with. It is working fine on Debian and Ubuntu.

<!-- gh-comment-id:294189812 --> @netblue30 commented on GitHub (Apr 14, 2017): Could also be the way they compiled xorg to begin with. It is working fine on Debian and Ubuntu.

gitea-mirror commented 2026-05-05 06:55:10 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Apr 14, 2017):

On Fri, Apr 14, 2017 at 09:52:25AM -0700, netblue30 wrote:

Could also be the way they compiled xorg to begin with. It is working fine on Debian and Ubuntu.

I did, it's Gentoo after all. Don't see nothing wrong:

xorg-server-1.19.3/configure --prefix=/usr --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --disable-silent-rules --libdir=/usr/lib64 --docdir=/usr/share/doc/xorg-server-1.19.3 --enable-shared --disable-static --disable-selective-werror --enable-ipv6 --disable-debug --disable-dmx --disable-glamor --disable-kdrive --disable-kdrive-kbd --disable-kdrive-mouse --disable-kdrive-evdev --enable-install-setuid --disable-tslib --disable-libunwind --disable-xwayland --enable-record --enable-xfree86-utils --enable-dri --enable-dri2 --enable-glx --disable-xephyr --disable-xnest --enable-xorg --enable-xvfb --enable-config-udev --without-doxygen --without-xmlto --without-systemd-daemon --disable-systemd-logind --enable-libdrm --sysconfdir=/etc/X11 --localstatedir=/var --with-fontrootdir=/usr/share/fonts --with-xkb-output=/var/lib/xkb --disable-config-hal --disable-linux-acpi --without-dtrace --without-fop --with-os-vendor=Gentoo --with-sha1=libcrypto --build=x86_64-pc-linux-gnu

--
() ascii ribbon campaign - against html mail
/\ http://arc.pasp.de/ - against proprietary attachments

<!-- gh-comment-id:294190586 --> @l29ah commented on GitHub (Apr 14, 2017): On Fri, Apr 14, 2017 at 09:52:25AM -0700, netblue30 wrote: > Could also be the way they compiled xorg to begin with. It is working fine on Debian and Ubuntu. I did, it's Gentoo after all. Don't see nothing wrong: ``` xorg-server-1.19.3/configure --prefix=/usr --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --disable-silent-rules --libdir=/usr/lib64 --docdir=/usr/share/doc/xorg-server-1.19.3 --enable-shared --disable-static --disable-selective-werror --enable-ipv6 --disable-debug --disable-dmx --disable-glamor --disable-kdrive --disable-kdrive-kbd --disable-kdrive-mouse --disable-kdrive-evdev --enable-install-setuid --disable-tslib --disable-libunwind --disable-xwayland --enable-record --enable-xfree86-utils --enable-dri --enable-dri2 --enable-glx --disable-xephyr --disable-xnest --enable-xorg --enable-xvfb --enable-config-udev --without-doxygen --without-xmlto --without-systemd-daemon --disable-systemd-logind --enable-libdrm --sysconfdir=/etc/X11 --localstatedir=/var --with-fontrootdir=/usr/share/fonts --with-xkb-output=/var/lib/xkb --disable-config-hal --disable-linux-acpi --without-dtrace --without-fop --with-os-vendor=Gentoo --with-sha1=libcrypto --build=x86_64-pc-linux-gnu ``` -- () ascii ribbon campaign - against html mail /\ http://arc.pasp.de/ - against proprietary attachments

gitea-mirror commented 2026-05-05 06:55:11 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Apr 17, 2017):

I'll keep an eye on it, so far I couldn't reproduce it on any of my systems.

<!-- gh-comment-id:294559837 --> @netblue30 commented on GitHub (Apr 17, 2017): I'll keep an eye on it, so far I couldn't reproduce it on any of my systems.

gitea-mirror commented 2026-05-05 06:55:15 -06:00

Author

Owner

Copy link

@amtlib-dot-dll commented on GitHub (Jun 10, 2017):

On Fedora 25, when the default Wayland session is being used, the corresponding Xwayland server seems to have no such security extension.

$ xauth -v generate $DISPLAY . trusted
Using authority file /run/user/1000/gdm/Xauthority
xauth: (argv):1:  couldn't query Security extension on display ":1"

$ xauth -v generate $DISPLAY . untrusted
Using authority file /run/user/1000/gdm/Xauthority
xauth: (argv):1:  couldn't query Security extension on display ":1"

It is all the same when selecting the GNOME Classic session, where pure X is used and Wayland is bypassed.

<!-- gh-comment-id:307551499 --> @amtlib-dot-dll commented on GitHub (Jun 10, 2017): On Fedora 25, when the default Wayland session is being used, the corresponding Xwayland server seems to have no such security extension. ``` $ xauth -v generate $DISPLAY . trusted Using authority file /run/user/1000/gdm/Xauthority xauth: (argv):1: couldn't query Security extension on display ":1" ``` ``` $ xauth -v generate $DISPLAY . untrusted Using authority file /run/user/1000/gdm/Xauthority xauth: (argv):1: couldn't query Security extension on display ":1" ``` It is all the same when selecting the GNOME Classic session, where pure X is used and Wayland is bypassed.

gitea-mirror commented 2026-05-05 06:55:16 -06:00

Author

Owner

Copy link

@amtlib-dot-dll commented on GitHub (Jun 10, 2017):

There is even no "security" string in the output of xdpyinfo -queryExtensions -ext all

<!-- gh-comment-id:307552137 --> @amtlib-dot-dll commented on GitHub (Jun 10, 2017): There is even no "security" string in the output of `xdpyinfo -queryExtensions -ext all`

gitea-mirror commented 2026-05-05 06:55:18 -06:00

Author

Owner

Copy link

@amtlib-dot-dll commented on GitHub (Jun 10, 2017):

Note that the Security extension is by default disabled in https://github.com/mirror/xserver/blob/master/configure.ac#L564

<!-- gh-comment-id:307552248 --> @amtlib-dot-dll commented on GitHub (Jun 10, 2017): Note that the Security extension is by default disabled in https://github.com/mirror/xserver/blob/master/configure.ac#L564

gitea-mirror commented 2026-05-05 06:55:19 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Jun 13, 2017):

And it's really disabled in Gentoo. I've rebuilt it properly and now it works. Thank you!

<!-- gh-comment-id:308158334 --> @l29ah commented on GitHub (Jun 13, 2017): And it's really disabled in Gentoo. I've rebuilt it properly and now it works. Thank you!

gitea-mirror commented 2026-05-05 06:55:21 -06:00

Author

Owner

Copy link

@yogesh-desai commented on GitHub (Sep 15, 2017):

I have an identical problem. I am trying to set up go-selenium repository on my machine. Installed dependencies mentioned on the GitHub repo page but getting the error as below while I run the test.
$ go test
xauth: (argv):1: couldn't query Security extension on display ":11"
--- FAIL: Example (0.09s)
panic: error starting frame buffer: exit status 1 [recovered]
panic: error starting frame buffer: exit status 1

I am using Fedora 26:
The commands given above by other users and it's output in my case:
@netblue30 :
$ /usr/bin/xauth -v -f /tmp/testxauth generate :0.0 MIT-MAGIC-COOKIE-1 untrusted
/usr/bin/xauth: file /tmp/testxauth does not exist
Using authority file /tmp/testxauth
/usr/bin/xauth: (argv):1: couldn't query Security extension on display ":0.0"

$ env | grep DISPLAY
DISPLAY=:0
WAYLAND_DISPLAY=wayland-0

@amtlib-dot-dll :
$ xauth -v generate $DISPLAY . trusted
xauth: file /home/yogesh/.Xauthority does not exist
Using authority file /home/yogesh/.Xauthority
xauth: (argv):1: couldn't query Security extension on display ":0"

$ xauth -v generate $DISPLAY . untrusted
xauth: file /home/yogesh/.Xauthority does not exist
Using authority file /home/yogesh/.Xauthority
xauth: (argv):1: couldn't query Security extension on display ":0"

<!-- gh-comment-id:329901282 --> @yogesh-desai commented on GitHub (Sep 15, 2017): I have an identical problem. I am trying to set up [go-selenium](https://github.com/tebeka/selenium) repository on my machine. Installed dependencies mentioned on the GitHub repo page but getting the error as below while I run the test. `$ go test` `xauth: (argv):1: couldn't query Security extension on display ":11"` `--- FAIL: Example (0.09s)` `panic: error starting frame buffer: exit status 1 [recovered]` ` panic: error starting frame buffer: exit status 1` I am using Fedora 26: The commands given above by other users and it's output in my case: @netblue30 : `$ /usr/bin/xauth -v -f /tmp/testxauth generate :0.0 MIT-MAGIC-COOKIE-1 untrusted` `/usr/bin/xauth: file /tmp/testxauth does not exist` `Using authority file /tmp/testxauth` `/usr/bin/xauth: (argv):1: couldn't query Security extension on display ":0.0"` `$ env | grep DISPLAY` `DISPLAY=:0` `WAYLAND_DISPLAY=wayland-0` @amtlib-dot-dll : `$ xauth -v generate $DISPLAY . trusted` `xauth: file /home/yogesh/.Xauthority does not exist` `Using authority file /home/yogesh/.Xauthority` `xauth: (argv):1: couldn't query Security extension on display ":0"` `$ xauth -v generate $DISPLAY . untrusted` `xauth: file /home/yogesh/.Xauthority does not exist` `Using authority file /home/yogesh/.Xauthority` `xauth: (argv):1: couldn't query Security extension on display ":0"`

gitea-mirror commented 2026-05-05 06:55:23 -06:00

Author

Owner

Copy link

@Kalle72 commented on GitHub (Aug 31, 2020):

@ l29ah: I am on Gentoo too and oberserved the same problem you did today. Your post on 13 Jun 2017 looks like you know how to circumvent the problem on gentoo. Would be extremely nice if you could tell me ;-)

Thanks in advance

<!-- gh-comment-id:683683712 --> @Kalle72 commented on GitHub (Aug 31, 2020): @ l29ah: I am on Gentoo too and oberserved the same problem you did today. Your post on 13 Jun 2017 looks like you know how to circumvent the problem on gentoo. Would be extremely nice if you could tell me ;-) Thanks in advance

gitea-mirror commented 2026-05-05 06:55:25 -06:00

Author

Owner

Copy link

@l29ah commented on GitHub (Sep 3, 2020):

@Kalle72 USE=xcsecurity emerge x11-base/xorg-server
Probably should be the default.

<!-- gh-comment-id:686711288 --> @l29ah commented on GitHub (Sep 3, 2020): @Kalle72 USE=xcsecurity emerge x11-base/xorg-server Probably should be the default.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#820

No description provided.