Ubuntu
xorg-server package

mounting /proc with hidepid causes: Fatal server error: (EE) xf86OpenConsole: Cannot open virtual console 1 (Permission denied)

Bug #1754401 reported by Simon Déziel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
X.Org X server
Unknown
Medium
xorg-server (Ubuntu)
Triaged
Low
Unassigned

Bug Description

I don't what changed but today, my Artful laptop refuses to start a graphical session. The last update seems entirely unrelated:

# /var/log/apt/history.log
Start-Date: 2018-03-06 15:50:35
Commandline: apt-get dist-upgrade
Requested-By: simon (1000)
Upgrade: libpq5:amd64 (9.6.7-0ubuntu0.17.10, 9.6.8-0ubuntu0.17.10)
End-Date: 2018-03-06 15:50:39

I tried linux-image-4.13.0-32-generic and linux-image-4.13.0-36-generic to no avail. I removed the "quiet splash" args from /etc/default/grub but it didn't help. Using "nomodeset" makes the graphical session almost work but the brightness of the screen is so low that I cannot use it and can't make it brighter either.

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: gdm3 3.26.1-3ubuntu3
ProcVersionSignature: Ubuntu 4.13.0-36.40-generic 4.13.13
Uname: Linux 4.13.0-36-generic x86_64
ApportVersion: 2.20.7-0ubuntu3.7
Architecture: amd64
Date: Thu Mar 8 11:08:35 2018
InstallationDate: Installed on 2017-10-21 (137 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Simon Déziel (sdeziel) wrote :
Revision history for this message
Simon Déziel (sdeziel) wrote :
Daniel van Vugt (vanvugt)
summary: - gdm-x-session xf86OpenConsole: Cannot open virtual console 1 (Permission
- denied)
+ Fatal server error: (EE) xf86OpenConsole: Cannot open virtual console 1
+ (Permission denied)
Simon Déziel (sdeziel)
summary: - Fatal server error: (EE) xf86OpenConsole: Cannot open virtual console 1
- (Permission denied)
+ mounting /proc with hidepid causes: Fatal server error: (EE)
+ xf86OpenConsole: Cannot open virtual console 1 (Permission denied)
Revision history for this message
Simon Déziel (sdeziel) wrote :

Finally found what changed. I updated /etc/fstab to have /proc mounted with hidepid=2,gid=sudo for added security. This works perfectly on 16.04 but totally breaks on 17.10.

To recap: mounting /proc with "nodev,noexec,nosuid" works but adding "hidepid=2,gid=sudo" breaks.

tags: added: regression
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Thanks for the clarification.

Sounds like the next step should be to tell the Xorg developers about the bug. Please report it here:

  https://bugs.freedesktop.org/enter_bug.cgi?product=xorg

and then let us know the new bug ID.

no longer affects: gdm3 (Ubuntu)
Changed in xorg-server (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Revision history for this message
In , Simon Déziel (sdeziel) wrote :

Created attachment 138109
/var/lib/gdm3/.local/share/xorg/Xorg.0.log

Mounting /proc with hidepid=2,gid=sudo prevents X from starting properly. I originally reported the issue to Ubuntu in [1]. I'm using those mount options for added security/privacy.

On older releases this used to work fine.

1: https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1754401

Revision history for this message
Simon Déziel (sdeziel) wrote :

I added a link to the upstream bug, thanks for the guidance Daniel.

Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
importance: Unknown → Medium
status: Unknown → Confirmed
Revision history for this message
In , Ajax-a (ajax-a) wrote :

Booting with hidepid=2 on a Fedora 28 machine, X starts with no problem. Presumably some other part of Ubuntu's setup is getting confused by this. It would be helpful if you could strace X startup to see why it doesn't think it can find the console.

Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
status: Confirmed → Incomplete
Revision history for this message
In , Gitlab-migration (gitlab-migration) wrote :

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/243.

Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
status: Incomplete → Unknown
Revision history for this message
Simon Déziel (sdeziel) wrote :

I've found a workaround that was tested on Ubuntu 20.04:

$ cat /etc/systemd/system/systemd-logind.service.d/override.conf
# XXX: required to have /proc mounted with hidepid=2,gid=pidgrp
[Service]
SupplementaryGroups=pidgrp

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.