Description of problem: The current version of the sample file for the VNC service configuration (/lib/systemd/system/vncserver@.service) does not work with the current version of SystemD: The service file runs as root, but the PID file is created as a user. In newer versions, systemd refuses to take a PID file that is not owned by root as the PID for the root service: vncserver-myusername@:1.service: New main PID 2095 does not belong to service, and PID file is not owned by root. Refusing. This is probably because of the changes in commit https://github.com/systemd/systemd/commit/db256aab13d8a89d583ecd2bacf0aca87c66effc . If I add User=myusername Group=myusername to the service file, I get the following errors: Mai 28 12:02:51 mymachine.local runuser[1635]: runuser: darf von Benutzern ohne Administratorrechte nicht verwendet werden Mai 28 12:02:51 mymachine.local systemd[1]: vncserver-myusername@:4.service: Control process exited, code=exited status=1 Mai 28 12:02:51 mymachine.local systemd[1]: vncserver-myusername@:4.service: Failed with result 'exit-code'. Mai 28 12:02:51 mymachine.local systemd[1]: Failed to start Remote desktop service (VNC). The fix is to remove the `runuser` invocation from the ExecStart= key, start vncserver directly and instead set the User= and Group= keys in the service section: [Unit] Description=Remote desktop service (VNC) After=syslog.target network.target [Service] Type=forking User=<USER> Group=<USER> # Clean any existing files in /tmp/.X11-unix environment ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' ExecStart=//usr/bin/vncserver %i PIDFile=/home/<USER>/.vnc/%H%i.pid ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' [Install] WantedBy=multi-user.target Version-Release number of selected component (if applicable): tigervnc-server-1.8.0-7.fc28.x86_64 How reproducible: Every time Steps to Reproduce: 1. Follow the instructions in /lib/systemd/system/vncserver@.service to create service units 2. 3. Actual results: Obtain defunct service unit Expected results: Obtain functional service unit Additional info:
Created attachment 1443332 [details] Proposed Unit file for the Tiger VNC service For that matter, here's our unit file for a VNC server that runs as a "service": * Start and Stop are properly detected * Logging out of the server causes the service to be marked as stop * 15 seconds after logout, the service is restart to permit a new login
Created attachment 1450824 [details] Proposed vncserver.service file What about this one? Few questions regarding your version. Why do you use "type=notify" under [Service] section, I think it should stay on "type=forking". I see there is problem when using runuser, it was there as Gnome had problems to fully start without it. I was suggested once to use e.g. "PAMName=login" instead, but now it seems that neither of them is needed.
This one looks good too. > Why do you use "type=notify" under [Service] section, I think it should stay on "type=forking". You are right, forking is probably better. The reason I had notify in there is that I wanted to avoid the whole PIDFile business due to Bug 1418463 and let the desktop sessions communicate their status via sd_notify. However, that requires NotifyAccess=all because it's not vncserver who sends the sd_notify, but the GNOME/XFCE session. This may or may not be awkward for security. > I was suggested once to use e.g. "PAMName=login" instead, but now it seems that neither of them is needed. It certainly seems so. If the SELinux policy is amended to allow systemd to access .vnc directories, the unit file works pretty well.
tigervnc-1.8.0-10.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-f67d10ae9e
tigervnc-1.8.0-10.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-817f36c368
tigervnc-1.8.0-10.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-f67d10ae9e
tigervnc-1.8.0-10.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-817f36c368
tigervnc-1.8.0-10.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
tigervnc-1.8.0-10.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.