Bug 766332 - "seat0" not assigned for logged in user
Summary: "seat0" not assigned for logged in user
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: 16
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-12-11 18:19 UTC by Tomasz Torcz
Modified: 2011-12-16 20:10 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-16 20:10:30 UTC
Type: ---


Attachments (Terms of Use)

Description Tomasz Torcz 2011-12-11 18:19:43 UTC
Description of problem:
After upgrading to F16 I had big problems with all around the system. gnome-shell wasn't starting, sound wasn't working, simple-scan couldn't work. All was caused by missing ACLs. I found that logged in user does not have "seat0" attached, so no ACLs are granted:

# systemd-loginctl 
   SESSION        UID USER             SEAT            
        49        500 zdzichu                          
       392        500 zdzichu

(here you see one session from GDM-autologin and second from ssh login).
I've checked with another user, with UID 1039 - this user don't get seat attached also.

  logind seems to work fine, here's what caused by cron jobs:

Dec 11 19:05:01 mother systemd-logind[1307]: New session 560 of user mailman. 
Dec 11 19:05:02 mother systemd-logind[1307]: Removed session 560. 

 And the seat is present:
# systemd-loginctl  list-seats
SEAT            
seat0           

1 seats listed.

[root@mother 002]# systemd-loginctl seat-status seat0
seat0
         Devices:
                  ├ /sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1
                  │ (input:input1) "Power Button"
                  ├ /sys/devices/LNXSYSTM:00/device:00/PNP0C0C:00/input/input0
                  │ (input:input0) "Power Button"
                  ├ /sys/devices/pci0000:00/0000:00:02.0/drm/card0
                  │ (drm:card0)
                  ├ /sys/devices/pci0000:00/0000:00:02.0/graphics/fb0
                  │ (graphics:fb0) "inteldrmfb"
                  ├ /sys/devices/pci0000:00/0000:00:1a.0/usb1
                  │ (usb:usb1)
                  │ └ /sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1
                  │   (usb:1-1)
                  │   ├ /sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/video4linux/video0
                  │   │ (video4linux:video0) "gspca main driver"
                  │   ├ /sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.1/sound/card1
                  │   │ (sound:card1) "U0x46d0x8da"
                  │   └ /sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/input/input47
                  │     (input:input47) "zc3xx"
                  ├ /sys/devices/pci0000:00/0000:00:1b.0/sound/card0
                  │ (sound:card0) "PCH"
                  │ ├ /sys/devices/pci0000:00/0000:00:1b.0/sound/card0/input5
                  │ │ (input:input5) "HDA Intel PCH HDMI/DP"
                  │ ├ /sys/devices/pci0000:00/0000:00:1b.0/sound/card0/input6
                  │ │ (input:input6) "HDA Intel PCH HDMI/DP"
                  │ └ /sys/devices/pci0000:00/0000:00:1b.0/sound/card0/input7
                  │   (input:input7) "HDA Intel PCH Headphone"
                  ├ /sys/devices/pci0000:00/0000:00:1c.6/0000:06:00.0/usb3
                  │ (usb:usb3)
                  ├ /sys/devices/pci0000:00/0000:00:1c.6/0000:06:00.0/usb4
                  │ (usb:usb4)
                  ├ /sys/devices/pci0000:00/0000:00:1d.0/usb2
                  │ (usb:usb2)
                  │ └ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1
                  │   (usb:2-1)
                  │   ├ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2
                  │   │ (usb:2-1.2)
                  │   └ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3
                  │     (usb:2-1.3)
                  │     ├ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3.2/2-1.3.2:1.0/input/input2
                  │     │ (input:input2) "  USB Keyboard"
                  │     ├ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3.2/2-1.3.2:1.1/input/input3
                  │     │ (input:input3) "  USB Keyboard"
                  │     └ /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3.4/2-1.3.4:1.0/input/input35
                  │       (input:input35) "Logitech Optical USB Mouse"
                  └ /sys/devices/virtual/misc/rfkill
                    (misc:rfkill)

  I've run authconfig to regenerate *auth-ac files and *auth symlinks in pam.d. Those look fine:


# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so debug=yes
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
[root@mother pam.d]# 
[root@mother pam.d]# cat password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so debug=yes
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

(I've added debug=yes during investigation, but it did not generate any additional info from loginctl).

  What's next?

Version-Release number of selected component (if applicable):
systemd-37-3.fc16.i686
pam-1.1.5-1.fc16.i686
authconfig-6.1.16-2.fc16.i686
gdm-3.2.1.1-8.fc16.i686

How reproducible:
Always.

Steps to Reproduce:
1. Start computer
2. Wait for GDM to auto-log configured in user OR manually log in
3. Observer no seat attached to user -> no ACLs.

Comment 1 Tomas Mraz 2011-12-12 07:56:13 UTC
PAM is not doing any seat assignment anymore. It is probably either gdm or systemd problem.

Comment 2 Michal Schmidt 2011-12-13 19:08:18 UTC
(In reply to comment #0)
> # systemd-loginctl 
>    SESSION        UID USER             SEAT            
>         49        500 zdzichu                          
>        392        500 zdzichu

What else does logind know about the sessions? Try:
systemd-loginctl session-status 49

Comment 3 Tomasz Torcz 2011-12-13 19:57:21 UTC
49 is a ssh session, not so much interesting. 392 is graphical login. Both below:

% systemd-loginctl session-status 49 
49 - zdzichu (500)
           Since: Sat, 10 Dec 2011 17:12:40 +0100; 3 days ago
          Leader: 9865
             TTY: ssh
          Remote: sandworm.local
         Service: sshd; type tty
          Active: yes
          CGroup: /user/zdzichu/49
                  ├  6235 /usr/libexec/vino-server
                  ├  6237 /usr/libexec/gvfsd
                  ├  6246 /usr/libexec/mission-control-5
                  ├  6250 /usr/libexec/goa-daemon
                  ├  6255 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets
                  ├  9928 /bin/dbus-daemon --fork --print-pid 4 --print-address 6 --session
                  ├  9955 SCREEN
                  ├  9956 /bin/zsh
                  ├  9987 su -
                  ├  9992 -bash
                  ├ 10265 /bin/sh /root/bin/logwatch
                  ├ 10266 tail --follow=name --max-unchanged-stats=60 /var/log/vsftpd.log /var/log/httpd/access_log /var/log/messages /var/log/httpd/ssl_access_log /var/log/maillo...
                  ├ 10267 ccze -A
                  ├ 10805 /bin/zsh
                  ├ 10835 irssi
                  ├ 10875 /bin/zsh
                  ├ 10906 /bin/zsh
                  ├ 11549 /bin/zsh
                  ├ 12698 sh /home/zdzichu/bin/sd t
                  ├ 12699 slrn --nntp -f /home/zdzichu/.jnewsrc
                  ├ 17562 mutt
                  ├ 21756 systemd-loginctl session-status 49
                  ├ 24856 /bin/zsh
                  ├ 24887 su -
                  └ 24894 -bash



% systemd-loginctl session-status 392
392 - zdzichu (500)
           Since: Sun, 11 Dec 2011 10:25:49 +0100; 2 days ago
          Leader: 31525 (gdm-session-wor)
         Display: :0
         Service: gdm-password; type x11
          Active: yes
          CGroup: /user/zdzichu/392
                  ├  7014 /usr/libexec/gvfsd-metadata
                  ├ 17758 totem /home/common/seriale/Dexter/Dexter s06/Dexter.S06E02.Once.Upon.a.Time.HDTV.XviD-FQM.avi
                  ├ 31525 gdm-session-worker [pam/gdm-password]
                  ├ 31556 gnome-session
                  ├ 31565 dbus-launch --sh-syntax --exit-with-session
                  ├ 31566 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
                  ├ 31628 /usr/libexec/imsettings-daemon
                  ├ 31631 /usr/libexec/gvfsd
                  ├ 31704 /usr/libexec/gconfd-2
                  ├ 31713 /usr/libexec/gnome-settings-daemon
                  ├ 31715 /usr/bin/pulseaudio --start
                  ├ 31724 /usr/libexec/pulse/gconf-helper
                  ├ 31732 /usr/libexec/gsd-printer
                  ├ 31737 /usr/libexec/gvfs-gdu-volume-monitor
                  ├ 31743 /usr/libexec/gvfs-afc-volume-monitor
                  ├ 31746 /usr/libexec/gvfs-gphoto2-volume-monitor
                  ├ 31747 gnome-shell --sm-client-id 10e2450a3d63b3c5b8131827096097255100000032950000
                  ├ 31757 /usr/libexec/dconf-service
                  ├ 31761 nm-applet
                  ├ 31762 /usr/libexec/evolution/3.2/evolution-alarm-notify
                  ├ 31764 abrt-applet
                  ├ 31765 /usr/sbin/restorecond -u
                  ├ 31768 /usr/libexec/tracker-miner-fs
                  ├ 31769 /usr/libexec/tracker-miner-flickr
                  ├ 31770 /usr/libexec/gdu-notification-daemon
                  ├ 31778 /usr/libexec/tracker-store
                  ├ 31789 /usr/bin/seapplet
                  ├ 31794 gnome-screensaver
                  ├ 31815 /usr/lib/firefox/firefox --sm-config-prefix /firefox-5ytQgW/ --sm-client-id 10d2c346f4f910ff89132069292638160200000031250041 --screen 0
                  ├ 31856 /usr/libexec/e-calendar-factory
                  ├ 31872 /usr/libexec/e-addressbook-factory
                  ├ 31879 /usr/libexec/goa-daemon
                  ├ 31895 /usr/libexec/gnome-shell-calendar-server
                  ├ 31899 /usr/libexec/mission-control-5
                  ├ 32041 /usr/libexec/libsocialweb-core
                  ├ 32197 python /usr/bin/quodlibet
                  ├ 32221 nautilus
                  ├ 32228 /usr/libexec/gvfsd-trash --spawner :1.4 /org/gtk/gvfs/exec_spaw/0
                  └ 32234 /usr/libexec/gvfsd-burn --spawner :1.4 /org/gtk/gvfs/exec_spaw/1

Comment 4 Michal Schmidt 2011-12-13 21:55:09 UTC
The thing must be having some problem with mapping the display name to the seat. Does the Xorg process have a controlling terminal?:
ps -o tty $(pidof Xorg)

Comment 5 Tomasz Torcz 2011-12-13 22:07:02 UTC
% ps aux | grep Xorg
root     31450  0.3  0.1  24504 12084 tty7     Ss+  Dec11  13:12 /usr/bin/Xorg :0 -br -verbose -logverbose 7 -auth /var/run/gdm/auth-for-gdm-chwlyD/database -nolisten tcp

zdzichu@mother:/tmp% ps -o tty 31450
TT
tty7

Hm, weird number, but it does have. 
This whole "automatic multiseat" could be a little bit more documented.

Comment 6 Michal Schmidt 2011-12-15 00:11:07 UTC
As discussed on IRC... When you have time, please obtain debug output from pam_systemd.so (it should be in /var/log/secure) with this patch applied:

http://cgit.freedesktop.org/systemd/commit/?id=ce9593140b127ce782e2fa2f47fc55558b331126

Comment 7 Tomasz Torcz 2011-12-15 07:11:31 UTC
Dec 15 01:12:36 mother gdm-autologin][2042]: pam_systemd(gdm-autologin:session): Asking logind to create session: uid=500 pid=2042 service=gdm-autologin type=x11 seat= vtnr=0 tty= dis
play=:0 remote=no remote_user= remote_host=

Dec 15 01:12:36 mother gdm-autologin][2042]: pam_systemd(gdm-autologin:session): Reply from logind: id=1 object_path=/org/freedesktop/login1/session/1 runtime_path=/run/user/zdzichu s
ession_fd=12 seat= vtnr=0

Dec 15 01:12:36 mother gdm-autologin][2042]: pam_unix(gdm-autologin:session): session opened for user zdzichu by (uid=0)

Computer was restarted, ps -o tty $(pidof Xorg)
TT
tty1

Comment 8 Tomasz Torcz 2011-12-16 20:10:30 UTC
OK, so after investigation, separate /tmp dir caused by pam_namespace was to blame. I disabled private /tmp and problem went away.

Actual fault came from line #304 in pam-module.c. connect() to /tmp/.X11-unix/X0 was failing with errno =2 (no such file). Indeed, this socket wasn't available in user's /tmp.
Lennart suggested that pam_systemd could be modified to connect to abstract socket first.


Note You need to log in before you can comment on or make changes to this bug.