Red Hat Bugzilla – Bug 683629
KWin doesn't start up in firstboot, error message: Configuration file "/root/.kde/share/config/kdedrc" not writable
Last modified: 2011-10-10 23:28:31 EDT
Description of problem:
Error popup during display of Welcome screen following installation of F15 Alpha KDE x86_64 Live CD to KVM VM (F14).
Configuration file "/root/.kde/share/config/kdedrc" not writable. Please contact your system administrator
Version-Release number of selected component (if applicable):
Unknown - occurred immediately following installation.
Steps to Reproduce:
1.(Speculative). Boot VM off Live CD ISO.
2.Immediately the desktop is displayed, select install to hard drive.
3.Install, re-boot and error is displayed as the Welcome screen is displayed
Error popup is displayed.
No popup, standard Welcome screen displayed.
I should have noted that other than having to dismiss the popup, no other ill effects were observed. The installed VM is running just fine at the moment.
Firstboot does not do anything with that file. I think this error message is from kwin.
Also, you didn't attach any screenshot.
Hmmm, is SELinux blocking this now? KWin as started (as root) by firstboot needs read-write access to at least /root/.kde/share/config/*, possibly all of /root/.kde and subdirectories. This worked fine until F14.
Fwiw, I just installed kde F15-alpha (x86_64) yesterday, didn't recall seeing any such popup.
We need the avc message. I have no idea what is being blocked.
I'm not even 100% sure SELinux is involved here, it's just that I don't know what else would be blocking this.
Can you run the install in permissive mode?
Created attachment 483544 [details]
Screenshot of Welcome screen showing error
Missing screenshot. Apologies!
avc logs to follwo
Created attachment 483549 [details]
Log of avc error messages from /var/log/messages
Requested avc messages.
I have captured audit.log if that would be of any use. Let me know and I will upload it.
Well the latest policy has them dontaudited. Most of those are caused by a bug in the kernel.
None related to kdm/kde though.
This doesn't seem to be an issue with SELinux as I have created a respin with it disabled and ran into the same issue. When kwin is ran the missing .kde folder gets created for root and all the files that are not included in the kde-settings package end up getting created with just rw on user (root in this case) and nothing else. I'm guessing this is the issue but I have tested with my own kde-settings version with an included kdedrc file (pretty much empty) and it seems to fix the issue. So this seems to be an issue solely with KDE and what permissions it's config files get generated with.
Well, it's normal that /root/.kde is only accessible by root. But there shouldn't be anything running as non-root and trying to access those files, the files of the relevant non-root user are supposed to be used instead.
To anyone experiencing this: What file system is your /root on, i.e. what's the file system of your / partition (or /root if it's separate)?
I think you mis-read me or I typed wrong, nothing non-root (or running not as root) should be trying to access roots .kde folder, but root "group" should have at least read privileges, on the file no? Right now it's 600. In that case shouldn't all the files kde-settings share the same privileges? Maybe it going away for me was a fluke.
I'm running ext4
/root is running on ext4/LVM.
I accepted the installer defaults for a 32GB disk (provided by KVM)
> but root "group" should have at least read privileges, on the file no?
No. Settings are per user, not per group.
Can this issue have anything to do with firstboot not using the gtk-oxygen theme?
Unlikely, but possible I guess.
Well, If I run firstboot from within the started desktop, the window decorations are OK, but when it's run as a systemd service, they are not. And firstboot does not do anything special, just runs Xorg and kwin, so I have no idea what else could cause this.
The lack of theming (or not) is a separate issue to *this* bug. :)
Is it possible that the selinux relabeling happens _after_ firstboot is run, causing files having wrong context during firstboot, but everything is OK later?
*** Bug 692641 has been marked as a duplicate of this bug. ***
Discussed at 2011-04-15 blocker review meeting. We can sort of stretch the criteria "# In most cases (see Blocker_Bug_FAQ), a system installed according to any of the above criteria (or the appropriate Beta or Final criteria, when applying this criterion to those releases) must boot to the 'firstboot' utility on the first boot after installation, without unintended user intervention. This includes correctly accessing any encrypted partitions when the correct passphrase is supplied. The firstboot utility must be able to create a working user account" and/or "# In most cases, there must be no SELinux 'AVC: denied' messages or abrt crash notifications on initial boot and subsequent login (see Blocker_Bug_FAQ) " to cover this; it's a bit of a stretch but we'll go with it for now. We may re-evaluate later if this turns out to be hard to fix...
Fedora Bugzappers volunteer triage team
Just to note that I did not experience the issue when I installed the Beta KDE (x86_64) live CD into the same VM as was used for the original issue.
KDE team, can you take a look at this and decide if anything needs doing here? It's an open release blocker but we're not sure where it needs to go. Thanks.
Fedora Bugzappers volunteer triage team
Installed f15-beta kde to vm (virt-manager/kvm), cannot reproduce. firstboot started up fine (oxygen-gtk themed and all).
I can see the same error on most of KDE apps in my Fedora 15 based remix.
It was in Fedora 14 based remix but i did not report it.
Once I click "OK" button in the error message, it wont appear again