** Changed in: lightdm (Ubuntu Groovy)
Status: Triaged => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1921655
Title:
lightdm-guest-session ICEauthority error
Status in Ubuntu MATE:
New
Status in lightdm package in Ubuntu:
Fix Released
Status in lightdm source package in Focal:
Triaged
Status in lightdm source package in Groovy:
Incomplete
Status in lightdm source package in Hirsute:
Fix Released
Bug description:
Hello I ran into trouble to start the lightdm-guest-session in linux
mint (cinnamon).
## How to reproduce:
- boot linux mint (20.02) or ubuntu mate (20.04) I haven't tested other
distros but I think others are also affected.
- enable guest user session
- try to login as guest user
## Error logs:
### Error Message:
` Could not update file ICEauthority file /run/user/XXX/ICEauthority`
### aa-notify:
```
Profile: /usr/lib/lightdm/lightdm-guest-session
Operation: open
Name: /proc/8125/uid_map
Denied: w
Logfile: /var/log/kern.log
Profile: /usr/lib/lightdm/lightdm-guest-session
Operation: open
Name: /proc/8125/setgroups
Denied: w
Logfile: /var/log/kern.log
Profile: /usr/lib/lightdm/lightdm-guest-session
Operation: open
Name: /proc/8125/gid_map
Denied: w
Logfile: /var/log/kern.log
Profile: /usr/lib/lightdm/lightdm-guest-session
Operation: open
Name: /proc/8624/fd/
Denied: r
Logfile: /var/log/kern.log
```
### dmesg:
```
[ 218.831289] audit: type=1400 audit(1616864450.287:76): apparmor="DENIED"
operation="sendmsg" profile="/usr/lib/lightdm/lightdm-guest-session"
name="/run/systemd/journal/dev-log" pid=3916 comm="cinnamon-sessio"
requested_mask="w" denied_mask="w" fsuid=999 ouid=0
[ 1157.263045] audit: type=1400 audit(1616865388.720:1084): apparmor="DENIED"
operation="open" profile="/usr/lib/lightdm/lightdm-guest-session"
name="/proc/9899/fd/" pid=9899 comm="gpg-agent" requested_mask="r"
denied_mask="r" fsuid=999 #ouid=0
[ 1157.899223] audit: type=1400 audit(1616865389.356:1085): apparmor="DENIED"
operation="open" profile="/usr/lib/lightdm/lightdm-guest-session"
name="/proc/1/cgroup" pid=9840 comm="cinnamon-sessio" requested_mask="r"
denied_mask="r" fsuid=999 ouid=0
[ 1157.899445] audit: type=1400 audit(1616865389.360:1086): apparmor="DENIED"
operation="sendmsg" profile="/usr/lib/lightdm/lightdm-guest-session"
name="/run/systemd/journal/dev-log" pid=9840 comm="cinnamon-sessio"
requested_mask="w" denied_mask="w" fsuid=999 ouid=0
[ 1157.903410] audit: type=1400 audit(1616865389.364:1087): apparmor="DENIED"
operation="link" profile="/usr/lib/lightdm/lightdm-guest-session"
name="/run/user/999/ICEauthority-l" pid=9840 comm="cinnamon-sessio"
requested_mask="l" denied_mask="l" fsuid=999 ouid=999
target="/run/user/999/ICEauthority-c"
```
## Solutions:
### bad but common work around
Solutions I found in different forums were to move lightdm-guest-session into
complain mode like this:
`aa-complain /usr/lib/lightdm/lightdm-guest-session`
### maybe better sollution:
My fix would be to add this to `/etc/apparmor.d/lightdm-guest-session`:
```
...
/usr/lib/lightdm/lightdm-guest-session {
...
owner /run/user/[0-9]*/ICEauthority-? l,`
...
}
```
I honestly have no clue about apparmor and I'm unsure where to post this but
I hope this maybe helps some other people in the future.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-mate/+bug/1921655/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
