https://bugs.kde.org/show_bug.cgi?id=522009
Bug ID: 522009
Summary: Bug Report: krdp 6.7.0 — clipboard server→client
(copy-out) broken + two additional regressions
Classification: Plasma
Product: KRdp
Version First 6.7.0
Reported In:
Platform: Fedora RPMs
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Target Milestone: ---
Package: krdp-6.7.0-1.fc44
Regression from: krdp-6.6.5
Fedora: 44, KDE Plasma on Wayland
Client: Microsoft Remote Desktop 10 on macOS
Summary
krdp 6.7.0 introduced three regressions relative to 6.6.5:
1. NoNewPrivileges=true breaks PAM authentication — every login attempt
fails; workaround exists
2. Incomplete app ID rename breaks portal registration — org.kde.krdpserver
was renamed to org.kde.krdp-server in code, but the rename was not
completed: no matching .desktop file was shipped and existing portal
permission entries were not migrated; this causes the portal to reject
krdp's host registration on every start
3. Clipboard copy-out (kde→client) is silently broken — the server correctly
detects Wayland clipboard changes but never forwards them to the
RDP client; likely a consequence of #2 and/or a new threading bug
Paste-in (client→kde) still works. All three issues are absent on krdp 6.6.5
on an otherwise identical machine.
---
Regression 1: NoNewPrivileges=true breaks PAM
krdp 6.7.0's systemd service file added NoNewPrivileges=true. This prevents
unix_chkpwd from using its setuid bit to read /etc/shadow, causing
every login attempt to fail silently from the client's perspective:
pam_unix(login:auth): authentication failure; logname= uid=1000 euid=1000
tty= ruser= rhost= user=ui
Note: even after the auth phase is fixed (see workaround below), the account
phase still hits a related failure:
pam_unix(login:account): setuid failed: Operation not permitted
Workaround — user-level drop-in override (survives package updates):
# ~/.config/systemd/user/app-org.kde.krdpserver.service.d/override.conf
[Service]
NoNewPrivileges=false
---
Regression 2: Incomplete app ID rename breaks portal registration
krdp 6.7.0 changed its portal app ID from org.kde.krdpserver to
org.kde.krdp-server (hyphen added) in code, but the rename was not completed
across the full stack. Three things needed to happen together and only one
did:
┌───────────────────────────────────────────────────────────────┬────────────────────────────────────────────────────────────────┐
│ Required step │
Done in 6.7.0? │
├───────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────┤
│ Change app ID in krdp source │ ✅ Yes
│
├───────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────┤
│ Ship org.kde.krdp-server.desktop (or rename existing) │ ❌ No — only
org.kde.krdpserver.desktop exists │
├───────────────────────────────────────────────────────────────┼────────────────────────────────────────────────────────────────┤
│ Migrate existing portal permission entries from old ID to new │ ❌ No —
grants under org.kde.krdpserver are silently abandoned │
└───────────────────────────────────────────────────────────────┴────────────────────────────────────────────────────────────────┘
Effect: xdg-desktop-portal-kde cannot resolve org.kde.krdp-server to any
known app because no .desktop file exists for it. This produces App
info not found for 'org.kde.krdp-server' in portal logs. The host-side
registration then fails on every krdpserver start:
Failed to register with host portal
QDBusError("org.freedesktop.portal.Error.Failed", "Could not register app ID:
Connection already associated
with an application ID")
Users who had clipboard working under 6.6.5 also silently lose their portal
permissions on upgrade — the existing grants are stored under
org.kde.krdpserver, which krdp no longer uses.
Workaround (manual, not shipped):
# Create the missing desktop file
cp /usr/share/applications/org.kde.krdpserver.desktop \
~/.local/share/applications/org.kde.krdp-server.desktop
# and edit Name= and Exec= lines to match the new ID, then:
flatpak permission-set kde-authorized remote-desktop org.kde.krdp-server yes
---
Regression 3: Clipboard copy-out (kde→client) silently broken
With or without the workaround for regression 2 applied, clipboard copy-out
does not work.
krdp correctly detects Wayland clipboard changes (visible in debug log with
QT_LOGGING_RULES=org.kde.krdp*=true):
krdpserver[2145]: Clipboard formats: QList("text/plain", "text/html",
"text/plain;charset=utf-8") hasText: true
krdpserver[2145]: Clipboard formats: QList("text/plain", "text/html",
"text/plain;charset=utf-8") hasText: true
But there is no corresponding log entry showing those formats being announced
to the RDP client. The RDP clipboard format list notification to
the client never fires, so the client never knows the clipboard changed and
never requests the data.
A threading violation occurs once per session, roughly when the first
clipboard notification to the client should be sent:
QObject: Cannot create children for a parent that is in a different thread.
(Parent is QApplication(...), parent's thread is QThread(...), current thread
is QThread(...)
This is consistent with clipboard forwarding being attempted across threads
and being silently dropped.
On krdp 6.6.5 (tested on identical hardware, same Plasma version):
- No host portal registration error
- No QObject threading error
- Clipboard copy-out works
---
Environment
- krdp-6.7.0-1.fc44 — all three bugs present
- krdp-6.6.5 — none present (reference machine)
- KDE Plasma, Wayland session
- xdg-desktop-portal + xdg-desktop-portal-kde running
- Client: Microsoft Remote Desktop 10, macOS
--
You are receiving this mail because:
You are watching all bug changes.
