[Solved] [Sway] XWayland NSpawn Unprivileged Container Xauthority

mgeins · 2026-02-08 06:17:04

Launch Sway 1:1.11-1 from tty1. In config "xwayland enable". Also have xorg-xwayland 24.1.9-1 installed.

printenv

SHELL=/bin/bash
COLORTERM=truecolor
I3SOCK=/run/user/1000/sway-ipc.1000.11393.sock
XCURSOR_SIZE=24
EDITOR=rnano
XDG_SEAT=seat0
PWD=/home/user
LOGNAME=user
XDG_SESSION_TYPE=wayland
MOTD_SHOWN=pam
HOME=/home/user
LANG=en_US.UTF-8
SWAYSOCK=/run/user/1000/sway-ipc.1000.11393.sock
WAYLAND_DISPLAY=wayland-1
XDG_SESSION_CLASS=user
TERM=foot
USER=user
CUDA_PATH=/opt/cuda
DISPLAY=:0
SHLVL=1
XDG_VTNR=1
XDG_SESSION_ID=4
XDG_RUNTIME_DIR=/run/user/1000
DEBUGINFOD_URLS=https://debuginfod.archlinux.org 
NVCC_CCBIN=/usr/bin/g++
PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/opt/cuda/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
HG=/usr/bin/hg
MAIL=/var/spool/mail/user
_=/usr/bin/printenv

Run xeyes from foot console works and display the application. Even if ~/.Xauthority is missing.

Full strace: http://0x0.st/PTZ6.txt
The important part:

socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path=@"/tmp/.X11-unix/X0"}, 20) = 0
getpeername(3, {sa_family=AF_UNIX, sun_path=@"/tmp/.X11-unix/X0"}, [124 => 20]) = 0
uname({sysname="Linux", nodename="linux", ...}) = 0
access("/home/user/.Xauthority", R_OK)  = -1 ENOENT (No such file or directory)

But when i try to run in NSpawn Container it don't work:

sudo systemd-nspawn -U -D /var/lib/machines/steam \
        --bind=/home/user/steam:/home/user:idmap \
        --bind=/dev/dri \
        --bind=/dev/nvidia0 \
        --bind=/dev/nvidiactl \
        --bind=/dev/nvidia-modeset \
        --bind=/dev/nvidia-uvm \
        --bind=/dev/nvidia-uvm-tools \
        --bind=/dev/nvidia-caps \
        --bind=/var/run/user/1000/pipewire-0 \
        --bind=/var/run/user/1000/pulse \
        --bind=/tmp/.X11-unix/X0 \
        --bind=/tmp/.XIM-unix \
        --bind=/tmp/.X0-lock \
        --bind=/var/run/user/1000/wayland-1 \
        -E DISPLAY=:0 \
        -E WAYLAND_DISPLAY=wayland-1 \
        -E LANG=en_US.UTF-8 \
        -E XDG_RUNTIME_DIR=/var/run/user/1000 \
        -E XCURSOR_SIZE=24 \
        -u user \
        -x \
        -a strace xeyes

Full strace: http://0x0.st/PTZE.txt
The important part:

socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path=@"/tmp/.X11-unix/X0"}, 20) = 0
getpeername(3, {sa_family=AF_UNIX, sun_path=@"/tmp/.X11-unix/X0"}, [124 => 20]) = 0
uname({sysname="Linux", nodename="steam-585bef5b4093c011", ...}) = 0
access("/home/user/.Xauthority", R_OK)  = -1 ENOENT (No such file or directory)
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{iov_base="l\0\v\0\0\0\0\0\0\0\0\0", iov_len=12}, {iov_base="", iov_len=0}], 2) = 12
recvfrom(3, 0x5faf7987ae40, 8, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}], 1, -1)    = 1 ([{fd=3, revents=POLLIN|POLLHUP}])
recvfrom(3, "\0@\v\0\0\0\20\0", 8, 0, NULL, NULL) = 8
recvfrom(3, "Authorization required, but no a"..., 64, 0, NULL, NULL) = 64
write(2, "Authorization required, but no a"..., 64Authorization required, but no authorization protocol specified
) = 64

Both setups missing ~/.Xauthority but Xeyes on desktop just run without it.
What I'm missing in NSpawn Container?

I installed nvidia-open,(lib32-)nvidia-settings and xwayland in container.

Last edited by mgeins (2026-02-08 11:32:46)

seth · 2026-02-08 09:31:45

https://wiki.archlinux.org/title/System … nvironment
https://unix.stackexchange.com/question … er-wayland

mgeins · 2026-02-08 10:04:13

Thanks but the Problem here is the missing ~/.Xauthority in first place.

The script:

XAUTH=/home/user/container_xauth
xauth nextract - "$DISPLAY" | sed -e 's/^..../ffff/' | xauth -f "$XAUTH" nmerge -

to create the xauth file for the container failed:

xauth:  file /home/user/.Xauthority does not exist
xauth:  file /home/user/container_xauth does not exist
No matches found, authority file "-" not written
xauth: (argv):1:  unable to read any entries from file "(stdin)"

There is no ~/.Xauthority file created by sway/xwayland.
If i just run xauth:

xauth:  file /home/user/.Xauthority does not exist

And if i use xhost

xhost +SI:localuser:$(id -un)

localuser:user being added to access control list

same auth error mention in first post. Maybe because container is unprivileged and real UID not the same?

Last edited by mgeins (2026-02-08 10:13:36)

mgeins · 2026-02-08 11:32:12

Okay when running

xhost +SI:localuser:$(id -un)

and run the container without unprivileged -U xeyes launched inside container.

seth · 2026-02-08 13:42:48

Thanks but the Problem here is the missing ~/.Xauthority in first place.

Yesno, the problem is the hostname based access broken by the containers (incompatible) hostname.

There is no ~/.Xauthority file created by sway/xwayland.

https://github.com/swaywm/sway/issues/7 … 1884824248

You could try to generate a cookie manually, https://man.archlinux.org/man/extra/xor … en#EXAMPLE

Arch Linux

#1 2026-02-08 06:17:04

[Solved] [Sway] XWayland NSpawn Unprivileged Container Xauthority

#2 2026-02-08 09:31:45

Re: [Solved] [Sway] XWayland NSpawn Unprivileged Container Xauthority

#3 2026-02-08 10:04:13

Re: [Solved] [Sway] XWayland NSpawn Unprivileged Container Xauthority

#4 2026-02-08 11:32:12

Re: [Solved] [Sway] XWayland NSpawn Unprivileged Container Xauthority

#5 2026-02-08 13:42:48

Re: [Solved] [Sway] XWayland NSpawn Unprivileged Container Xauthority

Board footer