https://bugzilla.suse.com/show_bug.cgi?id=1206163 https://bugzilla.suse.com/show_bug.cgi?id=1206163#c8 --- Comment #8 from Luca Di Maio <luca.dimaio1@gmail.com> --- Yea it's a bit peculiar because the need is that `transactional-update`, running as root, has to trigger a graphical notification. The problem is that a graphical notification (over dbus) can only be triggered on a user's dbus session, and only said user can access to its own session. So the "client" (who sends the message) runs as root, as it's either `transactional-update-notifier` or `tukit` itself (in the future) to send the "update complete message" The "server" is the daemon that waits for this message, and sends the notification. This MUST be ran as a normal user, as this one will be able to then connect to user's dbus session, and send the notification. This is a way to de-privilege and send the notification over user's dbus session, without resorting to using `su` or other potentially dangerous solutions. Then we also restrict this communication channel, this way only root can *send* the messages, and we exclude situations where unprivileged users can spam/trigger notifications. If there are other doubts, let me know :-) Thanks -- You are receiving this mail because: You are on the CC list for the bug.