plainbox-trusted-launcher-1 Man page



plainbox-trusted-launcher-1 – execute job command as another user


plainbox-trusted-launcher-1 [-h] (-w | -t CHECKSUM)


Security elevation mechanism for plainbox

This command is a part of the implementation of plainbox. It is not
intended to be invoked directly and the command line arguments and
behavior may freely change between versions.

Technically this program is used to run a command associated with a job
definition as another user (typically as root). The existing technolo‐
gies such as sudo (8) and pkexec (1) don’t have enough granularity to
still restrict arbitrary commands but allow the commands that are
inside system-wide installed locations (thus safe as one needs root
access to install those in the first place). One additional restriction
is that some commands are themselves generated by other jobs.

Warm-up Mode
If the –warmup option is specified then nothing more happens and the
program exists immediately. This is intended to ‘warm-up’ the tool that
executes plainbox-trusted-launcher-1 itself (typically pkexec or sudo)

Normal Execution
In normal execution mode, the launcher looks up the job with the check‐
sum specified by –target and executes the command embedded inside.
Environment passed via –target-environment is appended to the environ‐
ment variables inherited from the parent process.

Standard output, standard error and exit code of plain‐
box-trusted-launcher-1 is exactly as the values from the commands
embedded into the selected job itself.

Indirect Execution
In indirect execution mode, the launcher first looks up the job with
the checksum specified by –generator, executes it, discarding stderr
and re-interpreting stdout as a set of job definitions. Environment
passed via the –generator-environment is appended (but just to the
generator job, the –target job has independent environment). All of
the additional job definitions are added to the global pool of jobs the
launcher knows about.

After that the launcher continues as with normal execution, returning
the same stdout, stderr and exit code.


Optional arguments:

-w, –warmup
return immediately, only useful when used with pkexec

-t, –target
run a job with this checksum

-T, –target-environment
environment passed to the target job

-g, –generator
also run a job with this checksum (assuming it is a local job)

-G, –generator-environment
environment passed to the generator job

The following environment variables DO NOT affect plain‐

For plainbox this would affect the set of directories where
Plainbox looks for provider definitions. The trusted launcher
has a fixed list of directories that cannot be extended.

The fixed list is composed of two system-wide locations:

· /usr/local/share/plainbox-providers-1

· /usr/share/plainbox-providers-1

All the other environment variables mentioned in plainbox work
the same way.


Currently it is impossible to use plainbox-trusted-launcher-1 with a
local job needs to run as root, that generates another local job that
needs to run as root, to generate any additional jobs that also need to
run as root. In other words, only one-level job generation is sup‐

The launcher is somewhat inefficient, in that it has to re-run all of
the dependencies of the local job over and over. Ideally those would be
cached, per-session, but that would significantly increase the complex‐
ity of the code running as root.




Zygmunt Krynicki & Checkbox Contributors


2012-2014 Canonical Ltd

0.25 January 05, 2016 PLAINBOX-TRUSTED-LAUNCHER-1(1)