cosmic-greeter icon indicating copy to clipboard operation
cosmic-greeter copied to clipboard

Published 20 hours ago verified publisher icon pop-os

cosmic-greeter fails to log in to cosmic session when SELinux is set to `ENFORCING`

Open ryanabx opened this issue 1 year ago • 21 comments

start-cosmic works fine, cosmic-session works fine, so I'm pretty confused and I've been trying to figure out why cosmic-greeter won't log in to the session properly. All I get is a brief black screen with a panic in greetd:

thread 'main' panicked at greetd/src/session/worker.rs:200:14:
unable to exec: EACCES

I tried looking at it with RUST_BACKTRACE=full but the stack trace was completely unhelpful, going through a lot of unknown areas and some libc areas

I have these dependencies installed (not including dependencies derived from build depends) (Fedora)

  • greetd
  • greetd-selinux
  • dbus
  • pam
  • cosmic-comp
  • fprintd-pam

ryanabx avatar Apr 29 '24 08:04 ryanabx

Seems more like a greetd issue than a cosmic-greeter one? Just a shot in the dark, does disabling selinux fix it?

Drakulix avatar Apr 29 '24 10:04 Drakulix

I'll give it a go tonight (i.e. you'll hear from me in about 6 hours)

ryanabx avatar Apr 29 '24 20:04 ryanabx

It was SELinux after all, I'll rename this issue and keep it open for tracking purposes, unless it would be preferred to close it

ryanabx avatar Apr 30 '24 04:04 ryanabx

Feel free to keep this open, but I don't think there is something actionable for us, as this is likely a greetd-selinux problem.

Drakulix avatar Apr 30 '24 11:04 Drakulix

Feel free to keep this open, but I don't think there is something actionable for us, as this is likely a greetd-selinux problem.

Makes sense, I'll file an upstream issue, and link it here when I do. Probably will keep this open just so people who stumble upon the issue know what's going on

ryanabx avatar Apr 30 '24 11:04 ryanabx

@ryanabx, could you please reference the upstream issue, as I can't find it.

rrahl0 avatar May 18 '24 16:05 rrahl0

@ryanabx, could you please reference the upstream issue, as I can't find it.

My bad, I actually forgot to file that issue 😅

ryanabx avatar May 18 '24 23:05 ryanabx

Any updates regarding this issue? Is it confirmed to be a greetd-selinux problem?

rivenirvana avatar May 24 '24 04:05 rivenirvana

I'm excited about cosmic but sad about it being unavailable on my "production" workstations due to the selinuxing, so did some digging. the upstream issue discussion

Based on more recent discussion, a couple triggers include the rpm-ostree and OCI build processes and their handling of labeling.

Red Hat Bug 2224162 - selinux denial prevents logging in

see also https://github.com/ublue-os/main/issues/223

and much more recent discussion here https://github.com/ostreedev/ostree-rs-ext/issues/388

Mostly related threads, mentioning silverblue, ublue oci images, and even bluebuild custom oci images based on ublue and silverblue itself. I'm using a mix of those across all of my daily linux workstations oops.

lauretano avatar May 29 '24 21:05 lauretano

are we sure it's actually greetd? I used the fedora server qcow2 image and installed cosmic (so no gnome is available) and it works out of the box.

rrahl0 avatar May 31 '24 15:05 rrahl0

FWIW, I installed ryanabx's COPR on a F40 GNOME Workstation and I can log into COSMIC just fine as well.

rivenirvana avatar May 31 '24 20:05 rivenirvana

@rivenirvana are you using gdm or cosmic-greeter (greetd)

rrahl0 avatar May 31 '24 21:05 rrahl0

are we sure it's actually greetd? I used the fedora server qcow2 image and installed cosmic (so no gnome is available) and it works out of the box.

It seems to be a combination of using greetd with SElinux and a read-only image based desktop.

Drakulix avatar Jun 03 '24 12:06 Drakulix

Also confirming this, just installed cosmic-desktop on Asahi Linux (fedora on apple silicon), no need to disable selinux there at all. Does looks like the bug isn't outside cosmic-greeter

lauretano avatar Jun 06 '24 20:06 lauretano

I installed Fedora 40 but I can't get to the desktop. After logging in, the only thing that happens is that the screen goes into standby mode. This happens with or without selinux.

This happens with Nvidia GPU using nouveau and doesn't happens with UHD 630 (Intel iGPU).

bkdwt avatar Jul 10 '24 09:07 bkdwt

I installed Fedora 40 but I can't get to the desktop. After logging in, the only thing that happens is that the screen goes into standby mode. This happens with or without selinux.

This happens with Nvidia GPU using nouveau and doesn't happens with UHD 630 (Intel iGPU).

Could you post some logs? Specially journalctl --user _COMM=cosmic-session?

Drakulix avatar Jul 10 '24 10:07 Drakulix

I installed Fedora 40 but I can't get to the desktop. After logging in, the only thing that happens is that the screen goes into standby mode. This happens with or without selinux. This happens with Nvidia GPU using nouveau and doesn't happens with UHD 630 (Intel iGPU).

Could you post some logs? Specially journalctl --user _COMM=cosmic-session?

Here the log

cosmic.txt

GPU is a RTX A2000.

bkdwt avatar Jul 11 '24 00:07 bkdwt

I installed Fedora 40 but I can't get to the desktop. After logging in, the only thing that happens is that the screen goes into standby mode. This happens with or without selinux. This happens with Nvidia GPU using nouveau and doesn't happens with UHD 630 (Intel iGPU).

Could you post some logs? Specially journalctl --user _COMM=cosmic-session?

Here the log

cosmic.txt

GPU is a RTX A2000.

Yeah, that is clearly a nouveau crash:

Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: kernel rejected pushbuf: No such device
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000000d 00000033 00000004 00000004 00000000 0x7f03314b7000 0x33f000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000000e 00000021 00000002 00000000 00000002 (nil) 0x339000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000000f 00000034 00000004 00000004 00000000 0x7f03314b6000 0x851000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000010 00000023 00000002 00000000 00000002 (nil) 0x33c000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000011 00000035 00000004 00000004 00000000 0x7f03314b5000 0x853000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000012 00000025 00000002 00000000 00000002 (nil) 0x33e000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000013 00000036 00000004 00000004 00000000 0x7f03314b4000 0x859000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000014 00000037 00000004 00000004 00000000 0x7f03314b3000 0x930000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000015 00000038 00000004 00000004 00000000 0x7f03314b2000 0x932000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000016 00000039 00000002 00000000 00000002 (nil) 0x8bc000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000017 0000003a 00000004 00000004 00000000 0x7f03314b1000 0x8bd000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000018 00000027 00000002 00000000 00000002 (nil) 0x850000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000019 0000003b 00000004 00000004 00000000 0x7f03314b0000 0x8be000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001a 00000029 00000002 00000000 00000002 (nil) 0x852000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001b 0000003c 00000004 00000004 00000000 0x7f03314af000 0x8bf000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001c 0000002b 00000002 00000000 00000002 (nil) 0x854000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001d 0000003d 00000004 00000004 00000000 0x7f03314ae000 0xa30000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001e 00000008 00000002 00000002 00000000 (nil) 0x4d0000 0xd0000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001f 0000000a 00000002 00000002 00000000 (nil) 0x5a0000 0x20000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000020 0000001d 00000002 00000002 00000000 (nil) 0x900000 0x30000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000021 00000010 00000002 00000002 00000000 (nil) 0x335000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000022 0000001a 00000002 00000000 00000002 (nil) 0xa90000 0xa0000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000023 0000001e 00000002 00000000 00000002 (nil) 0x9e0000 0x50000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000024 00000019 00000004 00000004 00000004 (nil) 0x33d000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: psh 00000000 0000008ca8 00000093d8
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau:         0x200181c2
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau:         0x03303210
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau:         0x200681c3
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau:         0x00001020
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau:         0x0000005c
...

No idea what bug exactly you are hitting, but this seems like an upstream problem to me.

Drakulix avatar Jul 15 '24 14:07 Drakulix

I installed Fedora 40 but I can't get to the desktop. After logging in, the only thing that happens is that the screen goes into standby mode. This happens with or without selinux. This happens with Nvidia GPU using nouveau and doesn't happens with UHD 630 (Intel iGPU).

Could you post some logs? Specially journalctl --user _COMM=cosmic-session?

Here the log cosmic.txt GPU is a RTX A2000.

Yeah, that is clearly a nouveau crash:

Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: kernel rejected pushbuf: No such device
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000000d 00000033 00000004 00000004 00000000 0x7f03314b7000 0x33f000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000000e 00000021 00000002 00000000 00000002 (nil) 0x339000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000000f 00000034 00000004 00000004 00000000 0x7f03314b6000 0x851000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000010 00000023 00000002 00000000 00000002 (nil) 0x33c000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000011 00000035 00000004 00000004 00000000 0x7f03314b5000 0x853000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000012 00000025 00000002 00000000 00000002 (nil) 0x33e000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000013 00000036 00000004 00000004 00000000 0x7f03314b4000 0x859000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000014 00000037 00000004 00000004 00000000 0x7f03314b3000 0x930000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000015 00000038 00000004 00000004 00000000 0x7f03314b2000 0x932000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000016 00000039 00000002 00000000 00000002 (nil) 0x8bc000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000017 0000003a 00000004 00000004 00000000 0x7f03314b1000 0x8bd000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000018 00000027 00000002 00000000 00000002 (nil) 0x850000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000019 0000003b 00000004 00000004 00000000 0x7f03314b0000 0x8be000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001a 00000029 00000002 00000000 00000002 (nil) 0x852000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001b 0000003c 00000004 00000004 00000000 0x7f03314af000 0x8bf000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001c 0000002b 00000002 00000000 00000002 (nil) 0x854000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001d 0000003d 00000004 00000004 00000000 0x7f03314ae000 0xa30000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001e 00000008 00000002 00000002 00000000 (nil) 0x4d0000 0xd0000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 0000001f 0000000a 00000002 00000002 00000000 (nil) 0x5a0000 0x20000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000020 0000001d 00000002 00000002 00000000 (nil) 0x900000 0x30000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000021 00000010 00000002 00000002 00000000 (nil) 0x335000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000022 0000001a 00000002 00000000 00000002 (nil) 0xa90000 0xa0000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000023 0000001e 00000002 00000000 00000002 (nil) 0x9e0000 0x50000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: buf 00000024 00000019 00000004 00000004 00000004 (nil) 0x33d000 0x1000
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau: ch72: psh 00000000 0000008ca8 00000093d8
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau:         0x200181c2
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau:         0x03303210
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau:         0x200681c3
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau:         0x00001020
Jul 10 06:34:06 m920s cosmic-session[1965]: nouveau:         0x0000005c
...

No idea what bug exactly you are hitting, but this seems like an upstream problem to me.

And with Nvidia 555.58.02 drivers, everything is slow with stutter even using 180Hz refresh rate. cosmicnvidia.txt

Using NVreg_EnableGpuFirmware=0 nvidia_drm.fbdev=1 nvidia_drm.modeset=1 solve 99% of the problems, but there is still a bit of stutter when resizing windows.

bkdwt avatar Jul 16 '24 03:07 bkdwt

And with Nvidia 555.58.02 drivers, everything is slow with stutter even using 180Hz refresh rate. cosmicnvidia.txt

Note those are beta-drivers, so bugs are expected. This sounds like quite the horrible experience though, but the logs look normal. Given I don't have the hardware to reproduce and the driver is closed-source, I don't know what to tell you. So far we have had good results with consumer cards and this driver version.

Using NVreg_EnableGpuFirmware=0 nvidia_drm.fbdev=1 nvidia_drm.modeset=1 solve 99% of the problems, but there is still a bit of stutter when resizing windows.

nvidia_drm.modeset=1 is required for cosmic to work correctly with the nvidia-driver. Note we haven't implemented support for the new explicit-sync features of this driver version yet, so synchronization issues might still occur, which might explain the issues you are observing.

Can you confirm if the rest of the arguments you are using are required for decent operation? I am especially curious about NVreg_EnableGpuFirmware=0. nvidia_drm.fbdev=1 shouldn't matter for the DE.

Drakulix avatar Jul 16 '24 12:07 Drakulix

The greeter works fine during first login without disabling SELinux but after suspend it resulted in the 'Authentication Failure'; but copying greetd as cosmic-greeter as advised in https://github.com/pop-os/cosmic-greeter/issues/126#issuecomment-2340439114 solved the issue.

abishekmuthian avatar Sep 12 '24 15:09 abishekmuthian