Pkexec support for native Wayland apps

Wayland is getting more and more adoption. I saw that Manjaro has pkexec in its repository with additional env variables whitelisted. How about we whitelist a few more environment variables in pkexec when the polkit policy explicitly allows GUI so that apps could run natively under Wayland? I did a quick test and was able to run all pkexec’ed apps I have: Qt (linssid) and GTK3 (Timeshift, gufw, Gparted) with the following command template:
It will require testing support from community to define the exact list of environment variables but seems doable to me.
What do you think?

Hi and welcome to the forum :+1:

AFAIK, pkexec does not inherit the environment nor working directory of the calling user, unlike sudo
So your problem is actually not related to pkexec nor Wayland, but more with the used environment.
I’m sure your apps don’t work when started as a system-service either right? (same env issue)

If you want to use pkexec while preserving your user-environment, i would suggest you to use a "wrapper-script` to export/pass the environment variables you need before executing your app with pkexec in the same script like you do now, but this time use $1 as app to launch… :wink:



I have no idea how to configure PolicyKit for passing environment variables by default for the invoking user…

Yes, but they were added to address theming issues, nothing to do with Wayland.

That’s right, I get it.
The thing is that both GTK and QT apps decide on whether to use Wayland or X based on availability of certain environment variables. I run Wayland and set QT_QPA_PLATFORM=wayland so, almost all my apps ran natively on Wayland when I start them. But, if I run them via pkexec, environment variables are stripped and the same apps run on X. Kind of an inconsistency that could be easily solved by propagating necessary env variables.
The question is whether we want to fix it globally by propagating more env vars in pkexec?

Example that should work for you:

  • ~/bin/runGtkQtAppInWayland
    #!/usr/bin/env bash
    export QT_QPA_PLATFORM=wayland
    test -e "$1" && exec "$@"
    (Don’t forget to give it execute permission bits)
    chmod a+x ~/bin/runGtkQtAppInWayland
  • Then call as:
    pkexec ~/bin/runGtkQtAppInWayland <myapp> [args]
    Where <myapp> is the path to your GTK/QT app, and [args] any optional arguments :wink:


Thank you for a detailed solution. Looks good :smiley:
I was also thinking about overriding pkexec in path through ~/.local/bin/pkexec that would in turn call the real pkexec:
But that fails for gparted because it runs it with options:
pkexec --disable-internal-agent '/usr/bin/gparted' "$@"