-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, Jun 19, 2019 at 12:16:05PM -0700, Will Dizon wrote: > Thanks Marek, > > It looks like my barebones pam.d configuration was stifling the > qubes-gui-agent process. I went ahead and made the > /etc/pam.d/qubes-gui-agent more permissive and it seems I'm making huge > strides toward it working. The newest issue is now coming up in Dom0(!). > > Here's my ~/.xsession-errors: https://pastebin.com/Cf0mfGz3 > > Xorg.0.log looks pretty clean, start to finish, but here's the paste anyway: > https://pastebin.com/BEj9tHm0 > > ---- > > There's an early error, which I believe to be dbus. Not sure if this is a > huge obstacle, but I notice that `dbus-launch --autolaunch` is already > running before the system's dbus-daemon: > > 642 user 20 0 6.2m 2.2m 0.0 0.1 0:00.00 S `- dbus-launch > --autolaunch f8bd609a74b7407db64dfe82f04a8fc6 --binary-syntax --close-stderr > > > 644 user 20 0 4.9m 2.4m 0.0 0.1 0:00.00 S `- > /usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 > --session > > ---- > > Otherwise my biggest concerns are with qubes-session: > > Starting qubes-session... > Failed to issue method call: Caller does not belong to any known session
Those things are probably related. Do you have pam_systemd in /etc/pam.d/qubes-gui-agent? Also, it may be some kind of issue with environment variables propagation - namely DBUS_SESSION_BUS_ADDRESS and that could explain two dbus instances. > ---- > > And lastly, this is what happens when I attempt to open Xterm from a shortcut > from dom0: > > executed QUBESRPC qubes.WaitForSession dom0 pid 712 > send exit code 0 > pid 712 exited with 0 > executed (nowait) QUBESRPC qubes.StartApp+xterm dom0 pid 753 > send exit code 0 Looks fine... > and this from a dom0 terminal via "qvm-run lfsgo xterm": > > executed QUBESRPC qubes.WaitForSession dom0 pid 787 > send exit code 0 > pid 787 exited with 0 > executed QUBESRPC qubes.VMShell dom0 pid 809 > pid 809 exited with -1 > > One thing to note is that the first time I attempt qvm-run, I get a modal in > dom0 saying: > > "The domain lfsgo attempted to perform an invalid or suspicious GUI request. > This might be a sign that the domain has been compromised and is attempting > to compromise the GUI daemon (Dom0 domain). In rare cases, however, it might > be possible that a ligitimate application trigger such condition (check the > guid logs for more information). > > Do you allow this VM to continue running? [Ignore/Terminate] > > Here's the guid.lfsgo.log: > > Icon size: 128x128 > Verify failed: untrusted_hdr.type > MSG_MIN && untrusted_hdr.type < MSG_MAX > Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged. > got unknown msg type 147 Oh, I think you compiled gui-agent from master branch (R4.1), but run it with with R4.0 dom0. Use release4.0 branch of gui-agent (and gui-common), if you run it on R4.0 dom0. You may hit similar issue with core-agent-linux (in R4.1 it is split into core-agent-linux and core-qrexec, and there are qrexec protocol changes too). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl0KqKkACgkQ24/THMrX 1ywzpAf/bk9h399/clUbNbtt3vxc+nHVIHBYYCNqBNwb4tiGMcuLUcF6jeA82QOE 4UH1GOQikOUD6HdalrY7QhLDQrtfmZ/ZWExUSPe17R8l7EZyhr+19BZGrIAwNt11 xv0/il6XBs6YIhzhv3rz9/XYlIJIsxR2Ky+eBaxJZUJ5r0OZMU4dIyuB9Wl1NuyE oWhE4i/PCCOouj9l8GKXeAH7U6w9KEriys8n+2Rq/PqNu8NZkcoUMquCrv5JUhxa q3YUCaeG0uUQFFu4reIYdQ/vTHhU7fwTpStl4ZUJSacuJmCSLLCICy/IjE+2MUjM yfvUXuTerYojacF7robxEuPXKXpL+w== =oaRi -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20190619212704.GX1793%40mail-itl. For more options, visit https://groups.google.com/d/optout.
