lightdm-guest-session ICEauthority error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lightdm (Ubuntu) |
Fix Released
|
Medium
|
Gunnar Hjalmarsson | ||
Focal |
Fix Released
|
Medium
|
Gunnar Hjalmarsson | ||
Groovy |
Fix Released
|
Medium
|
Gunnar Hjalmarsson | ||
Hirsute |
Fix Released
|
Medium
|
Gunnar Hjalmarsson |
Bug Description
[Impact]
If you enable the guest session feature on e.g. Ubuntu MATE, you are met by an error message when trying to enter a guest session:
"Could not update file ICEauthority file /run/user/
Even if it's not always a fatal error (the login may succeed after a few minutes), the user experience is really bad, and you are inclined to conclude that you are completely blocked from using the feature.
The proposed fix adds a rule to the lightdm-
[Test Plan]
On an updated Ubuntu MATE installation:
* Enable guest session
sudo sh -c 'printf "[Seat:
* Install lightdm from {focal,
* Reboot
You should now be able to enter a guest session without being stopped by the ICEauthority error.
[Where problems could occur]
This one-liner is a harmless change.
The guest session is run in an unconfined mode since Ubuntu 16.10. That's why the feature is disabled by default.
So if the additional rule would be wrong somehow (which I have no reason to believe), it wouldn't break the AppArmor security layer for the simple reason that it's already broken to begin with.
[Original description]
Hello I ran into trouble to start the lightdm-
## How to reproduce:
- boot linux mint (20.02) or ubuntu mate (20.04) I haven't tested other distros but I think others are also affected.
- enable guest user session
- try to login as guest user
## Error logs:
### Error Message:
` Could not update file ICEauthority file /run/user/
### aa-notify:
```
Profile: /usr/lib/
Operation: open
Name: /proc/8125/uid_map
Denied: w
Logfile: /var/log/kern.log
Profile: /usr/lib/
Operation: open
Name: /proc/8125/
Denied: w
Logfile: /var/log/kern.log
Profile: /usr/lib/
Operation: open
Name: /proc/8125/gid_map
Denied: w
Logfile: /var/log/kern.log
Profile: /usr/lib/
Operation: open
Name: /proc/8624/fd/
Denied: r
Logfile: /var/log/kern.log
```
### dmesg:
```
[ 218.831289] audit: type=1400 audit(161686445
[ 1157.263045] audit: type=1400 audit(161686538
[ 1157.899223] audit: type=1400 audit(161686538
[ 1157.899445] audit: type=1400 audit(161686538
[ 1157.903410] audit: type=1400 audit(161686538
```
## Solutions:
### bad but common work around
Solutions I found in different forums were to move lightdm-
`aa-complain /usr/lib/
### maybe better sollution:
My fix would be to add this to `/etc/apparmor.
```
...
/usr/lib/
...
owner /run/user/
...
}
```
I honestly have no clue about apparmor and I'm unsure where to post this but I hope this maybe helps some other people in the future.
tags: | added: focal |
Changed in lightdm (Ubuntu Groovy): | |
status: | Triaged → Incomplete |
description: | updated |
Changed in lightdm (Ubuntu Groovy): | |
status: | Incomplete → In Progress |
Changed in lightdm (Ubuntu Focal): | |
status: | Triaged → In Progress |
tags: | removed: focal groovy hirsute verification-done-focal verification-done-groovy |
no longer affects: | ubuntu-mate |
Thanks for your investigation and report!
I'd like to help fixing this, but unfortunately lightdm fails to build in hirsute at the moment, which blocks me from proceeding.
https:/ /launchpad. net/ubuntu/ +archive/ test-rebuild- 20210325- hirsute/ +build/ 21263293
Have asked for help with spotting what causes the build failure.