Bug#1050417: lightdm-guest-session support (via Arctica Greeter) takes a long time to startup X11 guest sessions
HI Yves-Alexis, On Mo 20 Nov 2023 21:39:54 CET, Yves-Alexis Perez wrote: On Sun, 2023-11-19 at 10:07 +, Mike Gabriel wrote: I just tested this once more: It needs to be /run/user/*/ICEauthority-l l, Without that line, guest login to a MATE desktop is slloo (with error dialog about /run/user/*/ICEauthority, without "-l"). With that line, login is smooth, no error dialog anymore. Ok, that's confusing (unless there's a specific syntax weirdness?). I assume you tested with: /run/user/*/ICEauthority l, and it didn't work? Correct. To be fully sure, I tested again (Debian 12): /run/user/*/ICEauthority l, -> long delay when logging into MATE (+ dialog error) /run/user/*/ICEauthority-l l, -> smoothly logging into MATE no such line -> -> long delay when logging into MATE (+ dialog error) Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net pgpWVzKc67i_T.pgp Description: Digitale PGP-Signatur
Bug#1050417: lightdm-guest-session support (via Arctica Greeter) takes a long time to startup X11 guest sessions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, 2023-11-19 at 10:07 +, Mike Gabriel wrote: > I just tested this once more: It needs to be > > /run/user/*/ICEauthority-l l, > > Without that line, guest login to a MATE desktop is slloo > (with error dialog about /run/user/*/ICEauthority, without "-l"). > > With that line, login is smooth, no error dialog anymore. Ok, that's confusing (unless there's a specific syntax weirdness?). I assume you tested with: /run/user/*/ICEauthority l, and it didn't work? Regards, - -- Yves-Alexis -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmVbxBsACgkQ3rYcyPpX RFtyIQgA235A9IBEsi1H1NRl9VROuJSPFM8k4KTXrkbNMQ28pz+e24tnnfnbFXRa 55WnPtSzP96+420dKiUuYQgoL+BmZf4zQXT9o2YQDzdXVbFhtDpy+NW8B4rOQk0j EuaSwNcAXrE/QJsGMt0JfX9vIm+X8cHorYupHEy61kIAyzpRgU5K8fAUclV6vs2L RHbxja0HAXHCsoURKbVkEPJWo6LGX+fB7N1uJSGhFNfKJcYx1CDPJGgsGnuge7MV JrjyFFrCeHyCK/zqxQZUvBKH5roI+EEoo+eHuADhCJAwqc4L/+aHa90e+on1Z8il QEajGSWgyo3HGrymx2hCEHRVxolD9w== =omCC -END PGP SIGNATURE-
Bug#1050417: lightdm-guest-session support (via Arctica Greeter) takes a long time to startup X11 guest sessions
Hi Yves-Alexis, sorry for the delay... On Mi 15 Nov 2023 20:48:26 CET, Yves-Alexis Perez wrote: On Thu, 2023-08-24 at 10:25 +, Mike Gabriel wrote: + /run/user/*/ICEauthority-l l, Hi Mike, are you sure about the `ICEauthority-l' filename (especially the -l part)? On my system it's just ICEauthority apparently. Regards, - -- Yves-Alexis I just tested this once more: It needs to be /run/user/*/ICEauthority-l l, Without that line, guest login to a MATE desktop is slloo (with error dialog about /run/user/*/ICEauthority, without "-l"). With that line, login is smooth, no error dialog anymore. Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net pgpt27RDHwe6X.pgp Description: Digitale PGP-Signatur
Bug#1050417: lightdm-guest-session support (via Arctica Greeter) takes a long time to startup X11 guest sessions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2023-08-24 at 10:25 +, Mike Gabriel wrote: > + /run/user/*/ICEauthority-l l, Hi Mike, are you sure about the `ICEauthority-l' filename (especially the -l part)? On my system it's just ICEauthority apparently. Regards, - -- Yves-Alexis -BEGIN PGP SIGNATURE- iQEyBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmVVIIoACgkQ3rYcyPpX RFvRNQf4nVUolt6huD76ZT4EcpvIDVyX4VJjZ3v5tMIxdnzWZMmSQpxsAQcgfljm zUzweJw0HczdKAbiP/0f9qDKWTEDUZ7IG7ORYz4S7V7ZCFz5IWt5x6V1styNWnlp wXFXTm7BG7tzM8efXIaW3OANyWg3ewBnLzeqW4hSjOccB14VHqioP++sHOXG9w0b ChWxCmR5jfd+wIPpluxvOVTcmMWZlirfTnc/nbUtUTa3LeBlBG+0butRQS+DrDjz ZYFVPpo0rT37WoX+Ll49kyXGDMg2J22yQS4obdS1D/7ltcVZYtcec/w9gf+5B89s 1pC8mvbWE4zYhA94YmqzYarjb9Pa =S4WQ -END PGP SIGNATURE-
Bug#1050417: lightdm-guest-session support (via Arctica Greeter) takes a long time to startup X11 guest sessions
Package: src:lightdm Severity: normal Version: 1.32.0-3 Tags: patch Forwarded: https://github.com/canonical/lightdm/pull/319 For Debian Edu 12, I tested the various features of Arctica Greeter (arctica-greeter src:pkg in Debian). The Arctica Greeter provides a feature called guest session login. With this, users can log into a host using one-time sessions. The guest user accounts gets created on the fly on login and gets removed after the session. A password is not required for guest session login. In Debian 12, the login into an X11 desktop (such as MATE or Xfce4) takes a long time to bring up the session. This delay is caused by a missing apparmor rule in light. diff --git a/data/apparmor/lightdm-guest-session.in b/data/apparmor/lightdm-guest-session.in index 3239c54b..f4938c7c 100644 --- a/data/apparmor/lightdm-guest-session.in +++ b/data/apparmor/lightdm-guest-session.in @@ -18,6 +18,7 @@ /usr/bin/sogou-qimpanel-watchdog ix, /usr/bin/sogou-sys-notify ix, /tmp/sogou-qimpanel:* rwl, + /run/user/*/ICEauthority-l l, # Allow ibus unix (bind, listen) type=stream addr="@tmp/ibus/*", Here comes the description of the proposed patch: data/apparmor/lightdm-guest-session.in: Allow l operation on /run/user/*/ICEauthority-l. This resolves long login delays into X11 guest sessions when using Arctica Greeter (forked from Unity Greeter). While waiting for the desktop to appear, the screen stays black and a non-WM'ed dialog box appears on screen, saying: "Could not update ICEauthority file /run/user//ICEauthority". When testing with MATE desktop, apparmor denies esp. creating this link operation: operation="link" class="file" profile="/lightdm-guest-session" name="/run/user/997/ICEauthority-l" pid= comm="mate-session" requested_mask="l" denied_mask="l" fsuid= ouid= target="/run/user//ICEauthority-c" Similar in Xfce4: operation="link" class="file" profile="/lightdm-guest-session" name="/run/user/997/ICEauthority-l" pid= comm="iceauth" requested_mask="l" denied_mask="l" fsuid= ouid= target="/run/user//ICEauthority-c" It would be awesome if this could get resolved in the near future in Debian unstable and Debian bookworm. I can provide some help with these uploads if wanted by the maintainers. Thanks+Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net >From 206320128f9636b814af76230ad64ed3b5e36fb8 Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Thu, 24 Aug 2023 11:19:02 +0200 Subject: [PATCH] data/apparmor/lightdm-guest-session.in: Allow l operation on /run/user/*/ICEauthority-l. This resolves long login delays into X11 guest sessions when using Arctica Greeter (forked from Unity Greeter). While waiting for the desktop to appear, the screen stays black and a non-WM'ed dialog box appears on screen, saying: "Could not update ICEauthority file /run/user//ICEauthority". When testing with MATE desktop, apparmor denies esp. creating this link operation: operation="link" class="file" profile="/lightdm-guest-session" name="/run/user/997/ICEauthority-l" pid= comm="mate-session" requested_mask="l" denied_mask="l" fsuid= ouid= target="/run/user//ICEauthority-c" Similar in Xfce4: operation="link" class="file" profile="/lightdm-guest-session" name="/run/user/997/ICEauthority-l" pid= comm="iceauth" requested_mask="l" denied_mask="l" fsuid= ouid= target="/run/user//ICEauthority-c" Signed-off-by: Mike Gabriel --- data/apparmor/lightdm-guest-session.in | 1 + 1 file changed, 1 insertion(+) diff --git a/data/apparmor/lightdm-guest-session.in b/data/apparmor/lightdm-guest-session.in index 3239c54b..f4938c7c 100644 --- a/data/apparmor/lightdm-guest-session.in +++ b/data/apparmor/lightdm-guest-session.in @@ -18,6 +18,7 @@ /usr/bin/sogou-qimpanel-watchdog ix, /usr/bin/sogou-sys-notify ix, /tmp/sogou-qimpanel:* rwl, + /run/user/*/ICEauthority-l l, # Allow ibus unix (bind, listen) type=stream addr="@tmp/ibus/*", -- 2.39.2 pgpAEOPV7tXt8.pgp Description: Digitale PGP-Signatur