Re: [gentoo-user] gdm fails to start
On Tue, 2017-05-23 at 17:17 +0200, Hogren wrote: > > On 23/05/2017 14:44, Raffaele Belardi wrote: > > On Tue, 2017-05-23 at 14:05 +0200, Hogren wrote: > > > I suppose there is a group in /etc/groups for gdm ? > > > > > > Does your user is associate with this group ? > > > > > > > > > > Yes, there is a gdm group but my user is not part of it. I will > > test it > > later since I cannot logout right now, but where did you find a > > reference for this? > > Hum, sorry it's possible that it's a mistake. Anyway, I just tried to add my user to group gdm, no change. > > Other thing, who is the user UID=32 ? > > Why it's him who try to execute systemd ? It's gdm, by comparison with another system where gdm starts fine it is normal. > > > > "The only special privilege the "gdm" user requires is the > > ability to read and write Xauth files to the /run/gdm > > directory. The /run/gdm directory should have root:gdm > > ownership > > and 1777 permissions." > > > > My /var/run/gdm has different permissions: > > > > drwx--x--x 3 root gdm 60 May 23 10:19 gdm > > I tried to set the /var/lib/gdm permission to 1777, no change. Finally I cleared the /var/lib/gdm contents, no change. Going back to the error log: systemd[356]: user@32.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted I believe that systemd is telling me that PAM did not allow spawning a '/usr/lib/systemd/systemd' for user gdm. Maybe I should try to understand why PAM is denying it. Anyone expert with PAM? raffaele
Re: [gentoo-user] gdm fails to start
On 23/05/2017 14:44, Raffaele Belardi wrote: > On Tue, 2017-05-23 at 14:05 +0200, Hogren wrote: >> I suppose there is a group in /etc/groups for gdm ? >> >> Does your user is associate with this group ? >> >> > Yes, there is a gdm group but my user is not part of it. I will test it > later since I cannot logout right now, but where did you find a > reference for this? Hum, sorry it's possible that it's a mistake. Other thing, who is the user UID=32 ? Why it's him who try to execute systemd ? > > Searching for a reference myself, I found this not really related but > interesting (https://help.gnome.org/admin/gdm/stable/security.html.en): > > "The only special privilege the "gdm" user requires is the > ability to read and write Xauth files to the /run/gdm > directory. The /run/gdm directory should have root:gdm ownership > and 1777 permissions." > > My /var/run/gdm has different permissions: > > drwx--x--x 3 root gdm 60 May 23 10:19 gdm > > I did not change or create this directory so it must be the default > created by the ebuild. Can anyone confirm that with these permissions > gdm works correctly? > > raffaele > Hogren
Re: [gentoo-user] gdm fails to start
On Tue, 2017-05-23 at 14:05 +0200, Hogren wrote: > I suppose there is a group in /etc/groups for gdm ? > > Does your user is associate with this group ? > > Yes, there is a gdm group but my user is not part of it. I will test it later since I cannot logout right now, but where did you find a reference for this? Searching for a reference myself, I found this not really related but interesting (https://help.gnome.org/admin/gdm/stable/security.html.en): "The only special privilege the "gdm" user requires is the ability to read and write Xauth files to the /run/gdm directory. The /run/gdm directory should have root:gdm ownership and 1777 permissions." My /var/run/gdm has different permissions: drwx--x--x 3 root gdm 60 May 23 10:19 gdm I did not change or create this directory so it must be the default created by the ebuild. Can anyone confirm that with these permissions gdm works correctly? raffaele
Re: [gentoo-user] gdm fails to start
I suppose there is a group in /etc/groups for gdm ? Does your user is associate with this group ? Hogren On 23/05/2017 13:53, Raffaele Belardi wrote: > On Tue, 2017-05-23 at 12:53 +0200, Hogren wrote: >> On 23/05/2017 10:34, Raffaele Belardi wrote: >>> On Mon, 2017-05-22 at 16:09 +0200, Hogren wrote: Hello, Very simple question but did you have "pam" in your global USE flag or Systemd USE flag ? >>> Yes, I am using the gnome/systemd profile: >>> >>> # euse -I pam >>> global use flags (searching: pam) >>> >>> no matching entries found >>> >>> local use flags (searching: pam) >>> >>> [+ D ] pam (net-dialup/ppp): >>> Enables PAM (Pluggable Authentication Modules) support >>> >>> [+ D ] pam (sys-apps/util-linux): >>> build runuser helper >> There is a "pam" USE flag for systemd. >> Did you try to add it ? >> https://packages.gentoo.org/packages/sys-apps/systemd >> >> Hogren >> > Yes, it is set, I don't know why euse does not show it: > > # eix -I sys-apps/systemd > [I] sys-apps/systemd > Available versions: 226-r2(0/2) (~)231(0/2) [M](~)232(0/2) 233- > r1(0/2) **(0/2) {acl apparmor audit build cryptsetup curl doc > elfutils (+)gcrypt gnuefi http idn importd +kdbus +kmod +libidn2 +lz4 > lzma nat pam policykit qrcode +seccomp selinux ssl sysv-utils test > vanilla xkb ABI_MIPS="n32 n64 o32" ABI_PPC="32 64" ABI_S390="32 64" > ABI_X86="32 64 x32"} > Installed versions: 233-r1(05:53:09 AM 05/20/2017)(acl gcrypt > kmod lz4 pam policykit seccomp ssl -apparmor -audit -build -cryptsetup > -curl -doc -elfutils -gnuefi -http -idn -importd -lzma -nat -qrcode > -selinux -sysv-utils -test -vanilla -xkb ABI_MIPS="-n32 -n64 -o32" > ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="32 -64 -x32") > >
Re: [gentoo-user] gdm fails to start
On Tue, 2017-05-23 at 12:53 +0200, Hogren wrote: > > On 23/05/2017 10:34, Raffaele Belardi wrote: > > On Mon, 2017-05-22 at 16:09 +0200, Hogren wrote: > > > Hello, > > > > > > Very simple question but did you have "pam" in your global USE > > > flag > > > or > > > Systemd USE flag ? > > > > Yes, I am using the gnome/systemd profile: > > > > # euse -I pam > > global use flags (searching: pam) > > > > no matching entries found > > > > local use flags (searching: pam) > > > > [+ D ] pam (net-dialup/ppp): > > Enables PAM (Pluggable Authentication Modules) support > > > > [+ D ] pam (sys-apps/util-linux): > > build runuser helper > > There is a "pam" USE flag for systemd. > Did you try to add it ? > https://packages.gentoo.org/packages/sys-apps/systemd > > Hogren > Yes, it is set, I don't know why euse does not show it: # eix -I sys-apps/systemd [I] sys-apps/systemd Available versions: 226-r2(0/2) (~)231(0/2) [M](~)232(0/2) 233- r1(0/2) **(0/2) {acl apparmor audit build cryptsetup curl doc elfutils (+)gcrypt gnuefi http idn importd +kdbus +kmod +libidn2 +lz4 lzma nat pam policykit qrcode +seccomp selinux ssl sysv-utils test vanilla xkb ABI_MIPS="n32 n64 o32" ABI_PPC="32 64" ABI_S390="32 64" ABI_X86="32 64 x32"} Installed versions: 233-r1(05:53:09 AM 05/20/2017)(acl gcrypt kmod lz4 pam policykit seccomp ssl -apparmor -audit -build -cryptsetup -curl -doc -elfutils -gnuefi -http -idn -importd -lzma -nat -qrcode -selinux -sysv-utils -test -vanilla -xkb ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="32 -64 -x32")
Re: [gentoo-user] gdm fails to start
On 23/05/2017 10:34, Raffaele Belardi wrote: > On Mon, 2017-05-22 at 16:09 +0200, Hogren wrote: >> Hello, >> >> Very simple question but did you have "pam" in your global USE flag >> or >> Systemd USE flag ? > Yes, I am using the gnome/systemd profile: > > # euse -I pam > global use flags (searching: pam) > > no matching entries found > > local use flags (searching: pam) > > [+ D ] pam (net-dialup/ppp): > Enables PAM (Pluggable Authentication Modules) support > > [+ D ] pam (sys-apps/util-linux): > build runuser helper There is a "pam" USE flag for systemd. Did you try to add it ? https://packages.gentoo.org/packages/sys-apps/systemd Hogren
Re: [gentoo-user] gdm fails to start
On Mon, 2017-05-22 at 16:09 +0200, Hogren wrote: > Hello, > > Very simple question but did you have "pam" in your global USE flag > or > Systemd USE flag ? Yes, I am using the gnome/systemd profile: # euse -I pam global use flags (searching: pam) no matching entries found local use flags (searching: pam) [+ D ] pam (net-dialup/ppp): Enables PAM (Pluggable Authentication Modules) support [+ D ] pam (sys-apps/util-linux): build runuser helper # euse -I systemd global use flags (searching: systemd) No matching entries found local use flags (searching: systemd) [+ D ] systemd (gnome-extra/gnome-system-monitor): Display sys-apps/systemd metadata, e.g. unit names, for running processes [+ D ] systemd (media-sound/pulseaudio): Build with sys-apps/systemd support to replace standalone ConsoleKit. [+ D ] systemd (sys-apps/accountsservice): Use sys-apps/systemd instead of sys-auth/consolekit for session tracking [+ D ] systemd (sys-apps/busybox): Support systemd [+ D ] systemd (sys-apps/dbus): Build with sys-apps/systemd at_console support [+ D ] systemd (sys-auth/pambase): Use pam_systemd module to register user sessions in the systemd control group hierarchy. [+ D ] systemd (sys-auth/polkit): Use sys-apps/systemd instead of sys-auth/consolekit for session tracking [+ D ] systemd (sys-fs/udisks): Support sys-apps/systemd's logind # grep USE= /etc/portage/make.conf USE="-bluetooth -cups -cdr -dvd -dvdr -fortran -games -ipv6 -kde -libav -modemmanager -ppp -qt -qt3 -qt4 -shotwell -wifi" > > If this is on the first, did you compile systemd and may be > dependencies > after add it ? I'm not sure I understood the question: the box was initially LXDE/OpenRC; I installed and booted into systemd and got the system up again; then I installed Gnome and removed LXDE. Out of ideas I also recently did an 'emerge -e world'. > > Did you try that: > > > systemctl reset-failed| > > For a guy on github, that solve (without explanation) the problem: > > > > https://github.com/coreos/bugs/issues/1498| > > > > I just tried it and also the other tip mentioned in the bug (modification in the /etc/pam.d/systemd-user), no change. raffaele
Re: [gentoo-user] gdm fails to start
Hello, Very simple question but did you have "pam" in your global USE flag or Systemd USE flag ? If this is on the first, did you compile systemd and may be dependencies after add it ? Did you try that: |systemctl reset-failed| |For a guy on github, that solve (without explanation) the problem: | |https://github.com/coreos/bugs/issues/1498| || Hogren On 22/05/2017 14:13, Raffaele Belardi wrote: > On Mon, 2017-05-22 at 13:02 +0300, Alexander Kapshuk wrote: >> On Mon, May 22, 2017 at 1:00 PM, Raffaele Belardi >>wrote: >>> On Mon, 2017-05-22 at 12:47 +0300, Alexander Kapshuk wrote: A Google search found this systemd issue: https://github.com/systemd/systemd/issues/4342 Quote: @poettering I see I left no account modules in the bare-bones PAM config. Maybe it is pam_acct_mgmt failing then? @yuwata what happens if you add account required pam_unix.so ? @fsateler Thanks. By adding the line, user sessions successfully start without the error messages. Do you think the line should be added to the minimal PAM file? See if that helps. >>> Yes, I saw that but the solution is not at all clear to me: which >>> PAM >>> config file are they referring to? >>> >>> raffaele >>> >>> >> Could it be this one, /etc/pam.d/systemd-user? >> > Done then issued 'systemctl daemon-reload' and 'systemctl start gdm', > no change: > > $ cat /etc/pam.d/systemd-user > # This file is part of systemd. > # > # Used by systemd --user instances. > > account include system-auth > # [RB] > account required pam_unix.so > session include system-auth > session optional pam_keyinit.so force revoke > session optional pam_systemd.so > > #journalctl -b > ... > systemd[1]: Created slice User Slice of gdm. > systemd[1]: Starting User Manager for UID 32... > systemd[1]: Started Session c519 of user gdm. > systemd-logind[173]: New session c519 of user gdm. > systemd[15240]: user@32.service: Failed at step PAM spawning > /usr/lib/systemd/systemd: Operation not permitted > systemd[1]: Failed to start User Manager for UID 32. > systemd[1]: user@32.service: Unit entered failed state. > systemd[1]: user@32.service: Failed with result 'protocol'. > gdm-launch-environment][15237]: pam_systemd(gdm-launch- > environment:session): Failed to create session: Start job for unit user > @32.service failed with 'failed' > systemd-logind[173]: Removed session c519. >
Re: [gentoo-user] gdm fails to start
On Mon, 2017-05-22 at 13:02 +0300, Alexander Kapshuk wrote: > On Mon, May 22, 2017 at 1:00 PM, Raffaele Belardi >wrote: > > On Mon, 2017-05-22 at 12:47 +0300, Alexander Kapshuk wrote: > > > > > > A Google search found this systemd issue: > > > https://github.com/systemd/systemd/issues/4342 > > > Quote: > > > @poettering I see I left no account modules in the bare-bones PAM > > > config. Maybe it is pam_acct_mgmt failing then? > > > > > > @yuwata what happens if you add account required pam_unix.so ? > > > > > > @fsateler Thanks. By adding the line, user sessions successfully > > > start > > > without the error messages. Do you think the line should be added > > > to > > > the minimal PAM file? > > > > > > See if that helps. > > > > > > > Yes, I saw that but the solution is not at all clear to me: which > > PAM > > config file are they referring to? > > > > raffaele > > > > > > Could it be this one, /etc/pam.d/systemd-user? > Done then issued 'systemctl daemon-reload' and 'systemctl start gdm', no change: $ cat /etc/pam.d/systemd-user # This file is part of systemd. # # Used by systemd --user instances. account include system-auth # [RB] account required pam_unix.so session include system-auth session optional pam_keyinit.so force revoke session optional pam_systemd.so #journalctl -b ... systemd[1]: Created slice User Slice of gdm. systemd[1]: Starting User Manager for UID 32... systemd[1]: Started Session c519 of user gdm. systemd-logind[173]: New session c519 of user gdm. systemd[15240]: user@32.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted systemd[1]: Failed to start User Manager for UID 32. systemd[1]: user@32.service: Unit entered failed state. systemd[1]: user@32.service: Failed with result 'protocol'. gdm-launch-environment][15237]: pam_systemd(gdm-launch- environment:session): Failed to create session: Start job for unit user @32.service failed with 'failed' systemd-logind[173]: Removed session c519.
Re: [gentoo-user] gdm fails to start
On Mon, May 22, 2017 at 1:00 PM, Raffaele Belardiwrote: > On Mon, 2017-05-22 at 12:47 +0300, Alexander Kapshuk wrote: >> >> A Google search found this systemd issue: >> https://github.com/systemd/systemd/issues/4342 >> Quote: >> @poettering I see I left no account modules in the bare-bones PAM >> config. Maybe it is pam_acct_mgmt failing then? >> >> @yuwata what happens if you add account required pam_unix.so ? >> >> @fsateler Thanks. By adding the line, user sessions successfully >> start >> without the error messages. Do you think the line should be added to >> the minimal PAM file? >> >> See if that helps. >> > > Yes, I saw that but the solution is not at all clear to me: which PAM > config file are they referring to? > > raffaele > > > Could it be this one, /etc/pam.d/systemd-user?
Re: [gentoo-user] gdm fails to start
On Mon, 2017-05-22 at 12:47 +0300, Alexander Kapshuk wrote: > > A Google search found this systemd issue: > https://github.com/systemd/systemd/issues/4342 > Quote: > @poettering I see I left no account modules in the bare-bones PAM > config. Maybe it is pam_acct_mgmt failing then? > > @yuwata what happens if you add account required pam_unix.so ? > > @fsateler Thanks. By adding the line, user sessions successfully > start > without the error messages. Do you think the line should be added to > the minimal PAM file? > > See if that helps. > Yes, I saw that but the solution is not at all clear to me: which PAM config file are they referring to? raffaele
Re: [gentoo-user] gdm fails to start
On Mon, May 22, 2017 at 11:16 AM, Raffaele Belardiwrote: > I'm unable to start the gdm service on a recently installed gnome > desktop (~x86): the service continuously fails and restarts with the > errors below. If I disable the service and login into a text console, > startx works fine but the Gnome session misses some features (e.g. > screen lock). I enabled debug logging on gdm but nothing significant > appears. > > Any suggestions? > > thanks, > > raffaele > > > systemd[356]: user@32.service: Failed at step PAM spawning > /usr/lib/systemd/systemd: Operation not permitted > systemd[1]: Failed to start User Manager for UID 32. > gdm-launch-environment][310]: pam_systemd(gdm-launch- > environment:session): Failed to create session: Start job for unit user > @32.service failed with 'failed' > systemd[1]: user@32.service: Unit entered failed state. > systemd[1]: user@32.service: Failed with result 'protocol'. > > ... > > /usr/libexec/gdm-x-session[359]: Activated service > 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 > exited with stat > /usr/libexec/gdm-x-session[359]: Unable to register display with > display manager > > # grep 32 /etc/passwd > gdm:x:32:32:GDM:/var/lib/gdm:/bin/false > > # eselect profile list > Available profile symlink targets: > [1] default/linux/x86/13.0 > [2] default/linux/x86/13.0/selinux > [3] default/linux/x86/13.0/desktop > [4] default/linux/x86/13.0/desktop/gnome > [5] default/linux/x86/13.0/desktop/gnome/systemd * > [6] default/linux/x86/13.0/desktop/plasma > [7] default/linux/x86/13.0/desktop/plasma/systemd > [8] default/linux/x86/13.0/developer > [9] default/linux/x86/13.0/systemd > [10] hardened/linux/x86 > [11] hardened/linux/x86/selinux > [12] hardened/linux/musl/x86 > [13] default/linux/uclibc/x86 > [14] hardened/linux/uclibc/x86 > A Google search found this systemd issue: https://github.com/systemd/systemd/issues/4342 Quote: @poettering I see I left no account modules in the bare-bones PAM config. Maybe it is pam_acct_mgmt failing then? @yuwata what happens if you add account required pam_unix.so ? @fsateler Thanks. By adding the line, user sessions successfully start without the error messages. Do you think the line should be added to the minimal PAM file? See if that helps.