Light Display Manager

Guest Login Doesn't Work Via VNC

Bug #1420558 reported by Daniel Zimmerman
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Light Display Manager
New
Medium
Unassigned

Bug Description

I am attempting to set up remote X11 sessions on a Lubuntu 14.10 server (updated today with the latest packages) via VNC, with no VNC password authentication, intended for use with guest sessions via an HTML5 interface (Guacamole). I have set up LightDM with the following /etc/lightdm/lightdm.conf (I am aware that I could also have put configuration files in other places, but this worked fine):

[VNCServer]
enabled=true
# using vnc4server, because I couldn't get tightvnc to use no VNC security
command=/usr/bin/Xvnc -securitytypes=none
port=5900
width=1024
height=768
depth=24

Everything works perfectly through VNC (and through my web interface) when I log in as an actual user; I am able to open multiple simultaneous sessions in different VNC clients/web browsers, with no visible problems. However, when I try to start a guest session via VNC, I get a blank desktop and entries like the following in /var/log/lightdm/lightdm.log:

[+32.56s] DEBUG: Session pid=5438: Ignoring set language request for guest user
[+32.57s] DEBUG: Session pid=5438: Greeter requests session Lubuntu
[+32.57s] DEBUG: Seat (null): Stopping greeter; display server will be re-used for user session
[+32.57s] DEBUG: Session pid=5438: Sending SIGTERM
[+32.58s] DEBUG: Session pid=5438: Greeter closed communication channel
[+32.58s] DEBUG: Session pid=5438: Exited with return value 0
[+32.58s] DEBUG: Seat (null): Session stopped
[+32.58s] DEBUG: Seat (null): Greeter stopped, starting session authentication
[+32.58s] DEBUG: Session: Not setting XDG_VTNR
[+32.58s] DEBUG: Opening guest account with command '/usr/sbin/guest-account add'
[+32.69s] DEBUG: Guest account guest-gI15x7 setup
[+32.69s] DEBUG: Session pid=5547: Started with service 'lightdm-autologin', username 'guest-gI15x7'
[+32.71s] DEBUG: Session pid=5547: Authentication complete with return value 0: Success
[+32.71s] DEBUG: Seat (null): Session authenticated, running command
[+32.71s] DEBUG: Registering session with bus path /org/freedesktop/DisplayManager/Session0
[+32.72s] DEBUG: Session pid=5547: Not setting XDG_VTNR
[+32.72s] DEBUG: Session pid=5547: Running command /usr/lib/lightdm/lightdm-guest-session /usr/sbin/lightdm-session /usr/bin/lxsession -s Lubuntu -e LXDE
[+32.72s] DEBUG: Creating shared data directory /var/lib/lightdm-data/guest-gI15x7
[+32.72s] DEBUG: Session pid=5547: Logging to .xsession-errors
[+32.72s] DEBUG: Activating login1 session c13
[+32.73s] WARNING: Error activating login1 session: GDBus.Error:org.freedesktop.DBus.Error.Failed: Operation not supported
[+32.97s] DEBUG: Session pid=5547: Exited with return value 0
[+32.97s] DEBUG: Seat (null): Session stopped
[+32.97s] DEBUG: Seat (null): Stopping display server, no sessions require it
[+32.97s] DEBUG: Sending signal 15 to process 5431
[+32.97s] DEBUG: Closing guest account guest-gI15x7 with command '/usr/sbin/guest-account remove guest-gI15x7'
[+33.06s] DEBUG: Process 5431 exited with return value 0
[+33.06s] DEBUG: DisplayServer xvnc-1: Xvnc server stopped
[+33.06s] DEBUG: DisplayServer xvnc-1: Removing X server authority /var/run/lightdm/root/:1
[+33.06s] DEBUG: Seat (null): Display server stopped
[+33.06s] DEBUG: Seat (null): Active display server stopped, starting greeter
[+33.06s] DEBUG: Seat (null): Stopping; failed to start a greeter
[+33.06s] DEBUG: Seat (null): Stopping
[+33.06s] DEBUG: Seat (null): Stopped

As shown in the log, the session immediately exits with return value 0, which leaves me with a blank desktop (background image only). At first I suspected the "WARNING: Error activating login1 session: GDBus.Error:org.freedesktop.DBus.Error.Failed: Operation not supported" as a potential issue, but that occurs when logging in as an actual user as well and causes no problems, and it also occurs when logging in to a guest session on the console, which works fine.

I am unable to look at .xsession-errors in the guest account, because it's always deleted (along with the rest of the guest account's home directory) immediately. I have tried this both using the default guest account template (i.e., putting nothing in /etc/guest-session/skel) and using a real user's directory, known to work for login via VNC, symlinked to /etc/guest-session/skel, and gotten the same result both times.

I'm not sure what more I can do to help narrow it down, but if there's any more information I can provide, please let me know.

See original description
Tags: guest session vnc
Daniel Zimmerman (dmz-galois)
description: updated
Robert Ancell (robert-ancell)
Changed in lightdm:
importance: Undecided → Medium
Revision history for this message
Dave Odell (dmo2118) wrote :
Download full text (5.2 KiB)

Looks like an AppArmor issue. Here's an excerpt from dmesg when I tried this myself (Ubuntu 14.04.2 LTS):

[ 303.492810] audit_printk_skb: 9 callbacks suppressed
[ 303.492816] type=1400 audit(1425023716.919:96): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" name="/tmp/.X11-unix/X1" pid=3318 comm="xrdb" requested_mask="rw" denied_mask="rw" fsuid=121 ouid=0
[ 303.729035] type=1400 audit(1425023717.154:97): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" name="/tmp/.X11-unix/X1" pid=3331 comm="xhost" requested_mask="rw" denied_mask="rw" fsuid=121 ouid=0
[ 304.168695] type=1400 audit(1425023717.594:98): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" name="/tmp/.X11-unix/X1" pid=3346 comm="xhost" requested_mask="rw" denied_mask="rw" fsuid=121 ouid=0
[ 305.495341] type=1400 audit(1425023718.918:99): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" name="/tmp/.X11-unix/X1" pid=3401 comm="VBoxClient" requested_mask="rw" denied_mask="rw" fsuid=121 ouid=0
[ 305.612833] type=1400 audit(1425023719.038:100): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" name="/tmp/.X11-unix/X1" pid=3409 comm="VBoxClient" requested_mask="rw" denied_mask="rw" fsuid=121 ouid=0
[ 305.674717] type=1400 audit(1425023719.097:101): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" name="/tmp/.X11-unix/X1" pid=3413 comm="VBoxClient" requested_mask="rw" denied_mask="rw" fsuid=121 ouid=0
[ 305.755117] type=1400 audit(1425023719.177:102): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" name="/tmp/.X11-unix/X1" pid=3417 comm="VBoxClient" requested_mask="rw" denied_mask="rw" fsuid=121 ouid=0
[ 305.806479] type=1400 audit(1425023719.229:103): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/" pid=3312 comm="init" fstype="proc" srcname="proc" flags="rw"
[ 305.806646] type=1400 audit(1425023719.229:104): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/usr/lib/lightdm/lightdm-guest-session" name="/sys/" pid=3312 comm="init" fstype="sysfs" srcname="sysfs" flags="rw"
[ 306.856473] type=1400 audit(1425023720.281:105): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/3442/cmdline" pid=3427 comm="dbus-daemon" requested_mask="r" denied_mask="r" fsuid=121 ouid=0
[ 310.443658] audit_printk_skb: 9 callbacks suppressed
[ 310.443678] type=1400 audit(1425023723.863:109): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/usr/lib/lightdm/lightdm-guest-session" name="/run/user/121/gvfs/" pid=3521 comm="gvfsd-fuse" fstype="fuse.gvfsd-fuse" srcname="gvfsd-fuse" flags="rw, nosuid, nodev"
[ 310.875218] type=1400 audit(1425023724.295:110): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" name="/tmp/.X11-unix/X1" pid=3519 comm="ibus-ui-gtk3" requested_mask="rw" denied_mask="rw" fsuid=121 ouid=...

Read more...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.