Mate Daily Graphic Layer does not come up - apparmor denied snap desktop integration

Had to collect report remotely to my workstation:

That was the first boot. Machine was KVM VM: i9-138900K, 4GB RAM 25 GB vDisk, UEFI, SecureBoot off.

If I reinstalled apparmor thorugh apt, then reinstalled snapd-desktop integration... Then gave it
>>>
startx
>>>

Then the desktop come up.

But it will not boot to the Mate Desktop. Wait one.

Reinstalled lightdm. Still boots to black screen.

If you give it a nomodeset boot parameter, it boots to an init 3 console prompt(?)

Reinstalling lightdm and trying to start it manually, brings it right to the same failure point, where it hangs on a black screen. I think there is a problem with LightDM not displaying on this install.

Permissions problem wit LightDM?
>>>
mafoelffen@noble-mate-01:~$ sudo systemctl status lightdm --no-pager -l
● lightdm.service - Light Display Manager
     Loaded: loaded (/lib/systemd/system/lightdm.service; indirect; preset: enabled)
     Active: active (running) since Mon 2024-02-05 21:24:19 PST; 3min 39s ago
       Docs: man:lightdm(1)
    Process: 6243 ExecStartPre=/bin/sh -c [ "$(basename $(cat /etc/X11/default-display-manager 2>/dev/null))" = "lightdm" ] (code=exited, status=0/SUCCESS)
   Main PID: 6246 (lightdm)
      Tasks: 6 (limit: 4559)
     Memory: 14.2M
        CPU: 99ms
     CGroup: /system.slice/lightdm.service
             ├─6246 /usr/sbin/lightdm
             └─6253 /usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch

Feb 05 21:24:19 noble-mate-01 systemd[1]: Starting lightdm.service - Light Display Manager...
Feb 05 21:24:19 noble-mate-01 lightdm[6246]: Seat type 'xlocal' is deprecated, use 'type=local' instead
Feb 05 21:24:19 noble-mate-01 systemd[1]: Started lightdm.service - Light Display Manager.
Feb 05 21:24:19 noble-mate-01 lightdm[6262]: pam_unix(lightdm-greeter:session): session opened for user lightdm(uid=112) by (uid=0)
Feb 05 21:24:19 noble-mate-01 lightdm[6262]: gkr-pam: couldn't unlock the login keyring.
Feb 05 21:24:19 noble-mate-01 lightdm[6262]: pam_env(lightdm-greeter:session): deprecated reading of user environment enabled
>>>

Note: snap now vendors apparmor so reinstalling/removing the system apparmor package with not affect snapd's use of apparmor.

You can temporarily (for the boot) disable apparmor in the grub command line by adding apparmor=0 to the kernel parameters.

From the logs the following adjustments need to be done to snap policy, after fixing these new denials may be encountered.

The firefox denial is weird, and I have to ask why is root trying to run firefox. The likely culprits are
/snap/snapd/20671/usr/lib/snapd/snap-confine and snap.snapd-desktop-integration.snapd-desktop-integration.

Can you try copying these profiles out of /var/lib/snapd/apparmor/profiles/ modifying them by putting flags=(complain) in the profile header, and then reloading them with sudo apparmor_parser -r profile.file. This will temporarily place these profiles in dev mode and if they are the source of the problem allow the graphics layer to come up.

profile snap-update-ns.firefox
   /usr/local/share/ r, # owner root, fsuid root

profile /snap/snapd/20671/usr/lib/snapd/snap-confine
   capability net_admin,
   capability perfmon,

profile snap.snapd-desktop-integration.snapd-desktop-integration
   /etc/gnutls/config r, # owner root, fsuid 1000
   /etc/gnutls/config r, # owner root, fsuid 1000

Status changed to 'Confirmed' because the bug affects multiple users.

I had the same black screen after logging in to a virtual install in KVM from the iso file of Feb 5.
Moving to tty3 I ran startx and was surprised to see the GUI appear, though then running command
echo $XDG_DESKTOP_STYLE
I see output of tty, not x11 as I anticipated.
I normally remove all snap infrastructure from my installs without a problem, my machines all being fairly old and slow by modern comparison, but have not done so yet on this VM.

LOL. Yes. I did see snap confine in the logs also...

With 'apparmor=0' as a boot parameter, it boots in less than 1/3 the time, but still fails on bringing up LightDM in vtty7.

When I toggle to vtty-1 it, instead of the normal cursor, waititng on the DM (LightDM), was at the console login prompt.

'startx' brings up the DE.

So not bringing up the the DM at all. Let me check something...
>>>
mafoelffen@noble-mate-01:~$ journalctl -b -u lightdm --no-pager
Feb 06 06:58:17 noble-mate-01 systemd[1]: Starting lightdm.service - Light Display Manager...
Feb 06 06:58:17 noble-mate-01 lightdm[1243]: Seat type 'xlocal' is deprecated, use 'type=local' instead
Feb 06 06:58:17 noble-mate-01 systemd[1]: Started lightdm.service - Light Display Manager.
Feb 06 06:58:18 noble-mate-01 lightdm[1439]: pam_unix(lightdm-greeter:session): session opened for user lightdm(uid=112) by (uid=0)
Feb 06 06:58:18 noble-mate-01 lightdm[1439]: gkr-pam: couldn't unlock the login keyring.
Feb 06 06:58:18 noble-mate-01 lightdm[1439]: pam_env(lightdm-greeter:session): deprecated reading of user environment enabled
>>>
Doesn't it usually get that error if an autologin failed? Having to do with gnome-keyring-daemon.serrvice?

I don't see gnome-keyring-daemon.service there. Did that get replaced with something else?

GDM3 also uses the same keyring... Installing just to test.

I can see that might not work right either... Hmmm. Output from the end of that:
>>>
Creating config file /etc/gdm3/greeter.dconf-defaults with new version
update-alternatives: using /etc/pam.d/gdm-smartcard-sssd-exclusive to provide /etc/pam.d/gdm-smartcar
d (gdm-smartcard) in auto mode
gdm.service is not active, cannot reload.
invoke-rc.d: initscript gdm3, action "reload" failed.
Setting up gnome-control-center (1:46~alpha-2ubuntu2) ...
Processing triggers for rygel (0.42.5-1ubuntu1) ...
Processing triggers for libc-bin (2.38-3ubuntu1) ...
>>>
sudo systemctl restart gdm
>>>

Success. Reboot went to GDM3 and was able to login... Brought in gnome-sessions, whihc was okay except that the cursor was a big gray box instead of the arrow... Reset the cursor theme fixed it for the desktop, but not for GDM3. Installed oxygen cursor them and applied. Fixed it for GDM3...

Switched to Mate DE at GDM3 Login Manager, was success. Cursor theme was still the original...

But notice this:
>>>
sudo dpkg-reconfigure lightdm
reboot
>>>
On reboot, fails to start LightDM and results in Black Screen. Narrowed down to LightDM.

Is that enough to go off of?

I've also tried the kernel option apparmor=0 and can confirm that it made no difference; still got to a black screen and no GUI.
I have not had time to try the move to gdm instead of lightdm but may also try that later.

Can I assume this problem occurs on a bare metal install as well as on a virtual install? I don't have a spare area to try that at the moment.

I have added slim dm instead if lightdm which works for logging in but does not allow the system to shutdown but reboots instead.
I have now added xdm as display manager and that is working as it should for login and shutdown.

This still needs "LightDM" to work with this for Noble. That is the default DM for Mate. This is still broken in the Noble Mate Dailys, and is not close yet.

Is there something else you all want us to test, try, or tweak to help get this fixed? We are willing to help, if you direct us in a direction. We have also tried other things to try to get this to work in Mate.
RE: https://ubuntuforums.org/showthread.php?t=2495023

It's not like the Noble 'lightdm' package is completely broken. It works with other flavors, such as (straight-up) Ubuntu. I've installed it on Noble Ubuntu with gnome-sessions, and that works fine, with no errors.

This has something to do with the combination of LightDM and the Noble Mate Desktop image. If I toggle over to a vtty, and give it startx, it brings up the Mate Desktop.

Changed apparmor task to invalid as lightdm is broken with apparmor disabled (apparmor=0). We can change status if apparmor is a problem after the current lightdm issue is fixed.

As I was successfully using xdm instead of lightdm in my KVM installation of Ubuntu-Mate-24.04 I removed lightdm from the system.
I was surprised to see that arctic-greeter was also removed, not lightdm-greeter as I had assumed was being used by the system.
Reinstalling lightdm with lightdm-gtk-greeter and lightdm-greeter-settings resulted in lightdm working exactly as expected so it seems that maybe it is the use of arctic-greeter that has been behind this situation of lightdm failure.
Full details of this finding are reported in the thread at https://ubuntuforums.org/showthread.php?t=2495023

Can lightdm-greeter be made the package used by default in place of the current arctic-greeter?

The iso from today, Ubuntu-MATE 24.04 LTS "Noble Numbat" - Daily amd64 (20240226) has just installed perfectly in KVM with no problem booting to a full GUI.

It seems that the arctica-greeter difficulty has been overcome.

I can confirm ajgreeny's message. Installed in a QEMU/KVM VM and got a working GUI after reboot.

Also, a few days ago, my system stopped booting into DE/X11. Startx will also help. Wayland works great. I don't know if some package or configuration has disappeared. I'm going to reinstall it. I didn't find anything in the logs. Reinstalling some packages didn't help either. But I have Kubuntu 24.04 full upgraded.

If the new ISO helps, I wouldn't bother.