Search code examples
pythonbashopenoffice.orgchroot

Discrepacy in OpenOffice behaviour between starting from terminal and with popen - both in chroot

I have a quite simple bash script:

#!/bin/bash

OPENOFFICE_CMD="/opt/openoffice4/program/soffice"
CHROOT_DIR="/opt/openoffice_chroot"
BIND_DIRS=(bin dev etc home lib lib64 media opt proc root run sbin selinux srv sys tmp usr var)

for BIND_DIR in ${BIND_DIRS[*]}
do
    CHROOT_BIND_DIR=$CHROOT_DIR/$BIND_DIR
    mkdir -p $CHROOT_BIND_DIR
    mount -o bind /$BIND_DIR $CHROOT_BIND_DIR
done
mkdir $CHROOT_DIR/mnt

xhost +
chroot --userspec=user2:user2 $CHROOT_DIR $OPENOFFICE_CMD -DISPLAY=:0.0

rm -rf $CHROOT_DIR/mnt
for BIND_DIR in ${BIND_DIRS[*]}
do
    CHROOT_BIND_DIR=$CHROOT_DIR/$BIND_DIR
    umount $CHROOT_BIND_DIR
    rm -rf $CHROOT_BIND_DIR
done

When it's invoked directly from terminal:

sudo /opt/scripts/openoffice_chroot.sh

everything works as expected.
But when it's launched with Python's popen like this:

subprocess.Popen(['sudo', '/opt/scripts/openoffice_chroot.sh'])

I get the error message on stderr:

javaldx failed!

along with a dialog box saying that there is a problem with access to configuration and the application will be terminated. As you can imagine clicking OK in this dialog terminates OpenOffice.
In both cases user2 is impersonated - I'm logged in as user2 in terminal and Python process also runs as user2.
I'm stuck here.

Background information:
Python process running in the background is supposed to launch this script in response to user clicking a button in the GUI. It works and the script is launched, so it's not relevant. I'm making this dummy chroot environment because OpenOffice is not supposed to access contents of /mnt (it should consider it as an empty directory) while other processes running as the same user should have full access to the contents of /mnt. I have a remote backend mounted with fuse inside and other apps should work with remote files but the requirement is that OpenOffice should be used only for local files.

I can accept the answer resolving the exact problem I'm facing as well as the answer describing a better way to achieve goals from Background information section.

Solution

  • The javaldx failed! message shows up when, as the popup says, user2 doesn't have access to the /home/user2/.config directory.

    I would ask you to change the chroot statement in the script to bash -i instead of OO and check the accessibility, ownership and permissions of that directory both from command line and inside the python script. That should give you a clue.

    Failing that, it's anybody's guess what the problem might be. Since you are logged in as user2 when the whole thing works, I would try and also run the process from a login shell from Python:

    subprocess.Popen(['/bin/bash', '--login', '-c', 'sudo /opt/scripts/openoffice_chroot.sh'])

    This should set up the same environment as when you log in from a terminal.