Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[gentoo-user] gdm fails to start

596 views
Skip to first unread message

Raffaele Belardi

unread,
May 22, 2017, 4:20:04 AM5/22/17
to
I'm unable to start the gdm service on a recently installed gnome
desktop (~x86): the service continuously fails and restarts with the
errors below. If I disable the service and login into a text console,
startx works fine but the Gnome session misses some features (e.g.
screen lock). I enabled debug logging on gdm but nothing significant
appears.

Any suggestions?

thanks,

raffaele


systemd[356]: us...@32.service: Failed at step PAM spawning
/usr/lib/systemd/systemd: Operation not permitted
systemd[1]: Failed to start User Manager for UID 32.
gdm-launch-environment][310]: pam_systemd(gdm-launch-
environment:session): Failed to create session: Start job for unit user
@32.service failed with 'failed'
systemd[1]: us...@32.service: Unit entered failed state.
systemd[1]: us...@32.service: Failed with result 'protocol'.

...

/usr/libexec/gdm-x-session[359]: Activated service
'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1
exited with stat
/usr/libexec/gdm-x-session[359]: Unable to register display with
display manager

# grep 32 /etc/passwd
gdm:x:32:32:GDM:/var/lib/gdm:/bin/false

# eselect profile list
Available profile symlink targets:
  [1]   default/linux/x86/13.0
  [2]   default/linux/x86/13.0/selinux
  [3]   default/linux/x86/13.0/desktop
  [4]   default/linux/x86/13.0/desktop/gnome
  [5]   default/linux/x86/13.0/desktop/gnome/systemd *
  [6]   default/linux/x86/13.0/desktop/plasma
  [7]   default/linux/x86/13.0/desktop/plasma/systemd
  [8]   default/linux/x86/13.0/developer
  [9]   default/linux/x86/13.0/systemd
  [10]  hardened/linux/x86
  [11]  hardened/linux/x86/selinux
  [12]  hardened/linux/musl/x86
  [13]  default/linux/uclibc/x86
  [14]  hardened/linux/uclibc/x86

Alexander Kapshuk

unread,
May 22, 2017, 5:50:03 AM5/22/17
to
A Google search found this systemd issue:
https://github.com/systemd/systemd/issues/4342
Quote:
@poettering I see I left no account modules in the bare-bones PAM
config. Maybe it is pam_acct_mgmt failing then?

@yuwata what happens if you add account required pam_unix.so ?

@fsateler Thanks. By adding the line, user sessions successfully start
without the error messages. Do you think the line should be added to
the minimal PAM file?

See if that helps.

Raffaele Belardi

unread,
May 22, 2017, 6:00:05 AM5/22/17
to
On Mon, 2017-05-22 at 12:47 +0300, Alexander Kapshuk wrote:
>
> A Google search found this systemd issue:
> https://github.com/systemd/systemd/issues/4342
> Quote:
> @poettering I see I left no account modules in the bare-bones PAM
> config. Maybe it is pam_acct_mgmt failing then?
>
> @yuwata what happens if you add account required pam_unix.so ?
>
> @fsateler Thanks. By adding the line, user sessions successfully
> start
> without the error messages. Do you think the line should be added to
> the minimal PAM file?
>
> See if that helps.
>

Yes, I saw that but the solution is not at all clear to me: which PAM
config file are they referring to?

raffaele

Alexander Kapshuk

unread,
May 22, 2017, 6:10:03 AM5/22/17
to
Could it be this one, /etc/pam.d/systemd-user?

Raffaele Belardi

unread,
May 22, 2017, 8:20:04 AM5/22/17
to
Done then issued 'systemctl daemon-reload' and 'systemctl start gdm',
no change:

$ cat /etc/pam.d/systemd-user 
# This file is part of systemd.
#
# Used by systemd --user instances.

account include system-auth
# [RB]
account required pam_unix.so
session include system-auth
session optional pam_keyinit.so force revoke
session optional pam_systemd.so

#journalctl -b
...
systemd[1]: Created slice User Slice of gdm.
systemd[1]: Starting User Manager for UID 32...
systemd[1]: Started Session c519 of user gdm.
systemd-logind[173]: New session c519 of user gdm.
systemd[15240]: us...@32.service: Failed at step PAM spawning
/usr/lib/systemd/systemd: Operation not permitted
systemd[1]: Failed to start User Manager for UID 32.
systemd[1]: us...@32.service: Unit entered failed state.
systemd[1]: us...@32.service: Failed with result 'protocol'.
gdm-launch-environment][15237]: pam_systemd(gdm-launch-
environment:session): Failed to create session: Start job for unit user
@32.service failed with 'failed'
systemd-logind[173]: Removed session c519.

Hogren

unread,
May 22, 2017, 10:10:04 AM5/22/17
to
Hello,

Very simple question but did you have "pam" in your global USE flag or
Systemd USE flag ?

If this is on the first, did you compile systemd and may be dependencies
after add it ?

Did you try that:

|systemctl reset-failed|

|For a guy on github, that solve (without explanation) the problem:
|

|https://github.com/coreos/bugs/issues/1498|
||



Hogren

Raffaele Belardi

unread,
May 23, 2017, 4:40:03 AM5/23/17
to
On Mon, 2017-05-22 at 16:09 +0200, Hogren wrote:
> Hello,
>
> Very simple question but did you have "pam" in your global USE flag
> or
> Systemd USE flag ?

Yes, I am using the gnome/systemd profile:

# euse -I pam
global use flags (searching: pam)
************************************************************
no matching entries found

local use flags (searching: pam)
************************************************************
[+  D   ] pam (net-dialup/ppp):
Enables PAM (Pluggable Authentication Modules) support

[+  D   ] pam (sys-apps/util-linux):
build runuser helper

# euse -I systemd
global use flags (searching: systemd)
************************************************************
No matching entries found

local use flags (searching: systemd)
************************************************************
[+  D   ] systemd (gnome-extra/gnome-system-monitor):
Display sys-apps/systemd metadata, e.g. unit names, for running
processes

[+  D   ] systemd (media-sound/pulseaudio):
Build with sys-apps/systemd support to replace standalone ConsoleKit.

[+  D   ] systemd (sys-apps/accountsservice):
Use sys-apps/systemd instead of sys-auth/consolekit for session
tracking

[+  D   ] systemd (sys-apps/busybox):
Support systemd

[+  D   ] systemd (sys-apps/dbus):
Build with sys-apps/systemd at_console support

[+  D   ] systemd (sys-auth/pambase):
Use pam_systemd module to register user sessions in the systemd control
group hierarchy.

[+  D   ] systemd (sys-auth/polkit):
Use sys-apps/systemd instead of sys-auth/consolekit for session
tracking

[+  D   ] systemd (sys-fs/udisks):
Support sys-apps/systemd's logind

# grep USE= /etc/portage/make.conf 
USE="-bluetooth -cups -cdr -dvd -dvdr -fortran -games -ipv6 -kde -libav
-modemmanager -ppp -qt -qt3 -qt4 -shotwell -wifi"

>
> If this is on the first, did you compile systemd and may be
> dependencies
> after add it ?

I'm not sure I understood the question: the box was initially
LXDE/OpenRC; I installed and booted into systemd and got the system up
again; then I installed Gnome and removed LXDE.
Out of ideas I also recently did an 'emerge -e world'.

>
> Did you try that:
>
> > systemctl reset-failed|
> > For a guy on github, that solve (without explanation) the problem:
> >
> > https://github.com/coreos/bugs/issues/1498|
> > >
>

I just tried it and also the other tip mentioned in the bug
(modification in the /etc/pam.d/systemd-user), no change.

raffaele

Hogren

unread,
May 23, 2017, 7:00:03 AM5/23/17
to


On 23/05/2017 10:34, Raffaele Belardi wrote:
> On Mon, 2017-05-22 at 16:09 +0200, Hogren wrote:
>> Hello,
>>
>> Very simple question but did you have "pam" in your global USE flag
>> or
>> Systemd USE flag ?
> Yes, I am using the gnome/systemd profile:
>
> # euse -I pam
> global use flags (searching: pam)
> ************************************************************
> no matching entries found
>
> local use flags (searching: pam)
> ************************************************************
> [+ D ] pam (net-dialup/ppp):
> Enables PAM (Pluggable Authentication Modules) support
>
> [+ D ] pam (sys-apps/util-linux):
> build runuser helper

There is a "pam" USE flag for systemd.
Did you try to add it ?
https://packages.gentoo.org/packages/sys-apps/systemd

Hogren

Raffaele Belardi

unread,
May 23, 2017, 8:00:03 AM5/23/17
to
Yes, it is set, I don't know why euse does not show it:

# eix -I sys-apps/systemd
[I] sys-apps/systemd
     Available versions:  226-r2(0/2) (~)231(0/2) [M](~)232(0/2) 233-
r1(0/2) **9999(0/2) {acl apparmor audit build cryptsetup curl doc
elfutils (+)gcrypt gnuefi http idn importd +kdbus +kmod +libidn2 +lz4
lzma nat pam policykit qrcode +seccomp selinux ssl sysv-utils test
vanilla xkb ABI_MIPS="n32 n64 o32" ABI_PPC="32 64" ABI_S390="32 64"
ABI_X86="32 64 x32"}
     Installed versions:  233-r1(05:53:09 AM 05/20/2017)(acl gcrypt
kmod lz4 pam policykit seccomp ssl -apparmor -audit -build -cryptsetup
-curl -doc -elfutils -gnuefi -http -idn -importd -lzma -nat -qrcode
-selinux -sysv-utils -test -vanilla -xkb ABI_MIPS="-n32 -n64 -o32"
ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="32 -64 -x32")

Hogren

unread,
May 23, 2017, 8:10:04 AM5/23/17
to
I suppose there is a group in /etc/groups for gdm ?

Does your user is associate with this group ?


Hogren

Raffaele Belardi

unread,
May 23, 2017, 8:50:03 AM5/23/17
to
On Tue, 2017-05-23 at 14:05 +0200, Hogren wrote:
> I suppose there is a group in /etc/groups for gdm ?
>
> Does your user is associate with this group ?
>
>

Yes, there is a gdm group but my user is not part of it. I will test it
later since I cannot logout right now, but where did you find a
reference for this?

Searching for a reference myself, I found this not really related but
interesting (https://help.gnome.org/admin/gdm/stable/security.html.en):

"The only special privilege the "gdm" user requires is the
ability to read and write Xauth files to the <var>/run/gdm
directory.  The <var>/run/gdm directory should have root:gdm ownership
and 1777 permissions."

My /var/run/gdm has different permissions:

drwx--x--x  3 root gdm      60 May 23 10:19 gdm

I did not change or create this directory so it must be the default
created by the ebuild. Can anyone confirm that with these permissions
gdm works correctly?

raffaele

Hogren

unread,
May 23, 2017, 11:20:05 AM5/23/17
to


On 23/05/2017 14:44, Raffaele Belardi wrote:
> On Tue, 2017-05-23 at 14:05 +0200, Hogren wrote:
>> I suppose there is a group in /etc/groups for gdm ?
>>
>> Does your user is associate with this group ?
>>
>>
> Yes, there is a gdm group but my user is not part of it. I will test it
> later since I cannot logout right now, but where did you find a
> reference for this?
Hum, sorry it's possible that it's a mistake.

Other thing, who is the user UID=32 ?

Why it's him who try to execute systemd ?

>
> Searching for a reference myself, I found this not really related but
> interesting (https://help.gnome.org/admin/gdm/stable/security.html.en):
>
> "The only special privilege the "gdm" user requires is the
> ability to read and write Xauth files to the <var>/run/gdm
> directory. The <var>/run/gdm directory should have root:gdm ownership
> and 1777 permissions."
>
> My /var/run/gdm has different permissions:
>
> drwx--x--x 3 root gdm 60 May 23 10:19 gdm
>
> I did not change or create this directory so it must be the default
> created by the ebuild. Can anyone confirm that with these permissions
> gdm works correctly?
>
> raffaele
>



Hogren

Raffaele Belardi

unread,
May 23, 2017, 12:40:04 PM5/23/17
to
On Tue, 2017-05-23 at 17:17 +0200, Hogren wrote:
>
> On 23/05/2017 14:44, Raffaele Belardi wrote:
> > On Tue, 2017-05-23 at 14:05 +0200, Hogren wrote:
> > > I suppose there is a group in /etc/groups for gdm ?
> > >
> > > Does your user is associate with this group ?
> > >
> > >
> >
> > Yes, there is a gdm group but my user is not part of it. I will
> > test it
> > later since I cannot logout right now, but where did you find a
> > reference for this?
>
> Hum, sorry it's possible that it's a mistake.

Anyway, I just tried to add my user to group gdm, no change.

>
> Other thing, who is the user UID=32 ?
>
> Why it's him who try to execute systemd ?

It's gdm, by comparison with another system where gdm starts fine it is
normal.

> >
> > "The only special privilege the "gdm" user requires is the
> > ability to read and write Xauth files to the <var>/run/gdm
> > directory.  The <var>/run/gdm directory should have root:gdm
> > ownership
> > and 1777 permissions."
> >
> > My /var/run/gdm has different permissions:
> >
> > drwx--x--x  3 root gdm      60 May 23 10:19 gdm
> >

I tried to set the /var/lib/gdm permission to 1777, no change.
Finally I cleared the /var/lib/gdm contents, no change.

Going back to the error log:

systemd[356]: us...@32.service: Failed at step PAM spawning
/usr/lib/systemd/systemd: Operation not permitted

I believe that systemd is telling me that PAM did not allow spawning a
'/usr/lib/systemd/systemd' for user gdm. Maybe I should try to
understand why PAM is denying it. Anyone expert with PAM?

raffaele

Raffaele Belardi

unread,
Sep 5, 2017, 2:10:04 AM9/5/17
to
On Mon, 2017-05-22 at 10:16 +0200, Raffaele Belardi wrote:
> I'm unable to start the gdm service on a recently installed gnome
> desktop (~x86): the service continuously fails and restarts with the
> errors below. If I disable the service and login into a text console,
> startx works fine but the Gnome session misses some features (e.g.
> screen lock). I enabled debug logging on gdm but nothing significant
> appears.
>

Sorry to pick up a rather old thread started by myself, but someone
found a solution and I suppose it should be visible here also:

1. Unmerge gdm.
2. Remove the gdm user, the gdm group and any files in /var/lib/gdm.
3. Merge gdm. This created a new gdm user with a different uid.

Ref:
https://github.com/systemd/systemd/issues/6038

raffaele
0 new messages