Mailinglist Archive: opensuse-factory (339 mails)

< Previous Next >
Re: [opensuse-factory] New Tumbleweed snapshot 20201007 released!
On Thu, Oct 08, 2020 at 04:53:49PM +0200, Michael Pujos wrote:

After this update I could not start Xorg anymore due to the xorg/xinit
package changes

Now my setup is unusual, as I do not use a DM and just use startx launched
in ~/.profile which itself run at console login.
I'm documenting the issue I had, for reference.

With this update /usr/bin/Xorg is now a shell script running
/usr/bin/Xorg.wrap if present or /usr/bin/Xorg.bin otherwise.
previously,  /usr/bin/Xorg was /usr/bin/Xorg.bin.

I had /usr/bin/Xorg setuid root via /etc/permission.local and chkstat, but
this obviously did not work anymore since now
/usr/bin/Xorg.bin needed to be setuid root instead.

Did that and X started successfully  but exited immediately with code 0.
Investigating further, I found that /etc/X11/xinit/xinitrc had been moved to
/usr/libexec/xinit/xinitrc, and since
I had my ~/.xinitrc call /etc/X11/xinit/xinitrc, it choked on that (file not
found) and updating the path fixed it.

Next, I thought it might be a good idea to switch to Xorg.wrap found in
package xorg-x11-server-wrapper.
So I installed it, removed setuid on /usr/bin/Xorg.bin and startx worked
when logged on the console and starting it from there.
But it failed when startx was launched in  ~/.profile, during console login.
Looked at 'man Xrapper.config', created /etc/X11/Xwrapper.conf with

allowed_users=anybody

But then, no matter what, startx always failed with:

/usr/bin/Xorg.wrap: Xserver option ":0" invalid or not in whitelist.
Aborting.

Thus had to revert to the initial setuid solution.

I suggest with your setup to uninstall xorg-x11-server-wrapper, i.e. not to
use Xwrapper at all.

Background: We introduced it for gdm, so Xserver started by gdm no longer
needs to be run as user root. Until now we used a special patch against gdm to
start it still as root, which our gdm developers wanted to get rid
of. RH/Debian are using Xwrapper since some time for gdm.

It sounds weird you're calling xinitrc thru your ~/.xinitrc. The sample
.xinitrc in /etc/skel just sources /etc/X11/xinit/xinitrc.common, but I added
a compat link for this.

When using xinit/startx, /usr/libexec/xinit/xinitrc should be found. Try these
first without any ~/.xinitrc. Although we no longer really support starting a
Xsession via xinit/startx, at least for simple WMs it should be somewhat
possible with a reduced functionality (sound may not work, etc.). So if this
is no longer working, I need to fix this.

allowed_users=anybody

This is already the default for our Xwrapper. This doesn't need to be set
explicitely. We've added a Xserver option whitelist to Xwrapper for security
reasons. Therefore ":0" is not allowed as option (gdm doesn't use/need it).

Hope this helps. Thanks for your feedback!

CU,
Stefan

Public Key available
------------------------------------------------------
Stefan Dirsch (Res. & Dev.) SUSE Software Solutions Germany GmbH
Tel: 0911-740 53 0 Maxfeldstraße 5
FAX: 0911-740 53 479 D-90409 Nürnberg
http://www.suse.de Germany
----------------------------------------------------------------
(HRB 36809, AG Nürnberg) Geschäftsführer: Felix Imendörffer
----------------------------------------------------------------
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >