I’m trying to start X server as a regular user. I’ve created a snap command and I execute into it as my current user in the device (a Rpi3, btw), but I cannot since I hit this problem:
EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied)
Seems that regular user needs to belong to tty group in order to gain access to /dev/tty0. But that group is not into /var/lib/extrausers, so I’m not sure if it is possible make current user belong to that group. If I launch the command as root that works perfectly, but I would like to skip using root. Is there any other way I can solve this?
You can see all startx startup traces at:
X.Org X Server 1.18.4
Release Date: 2016-07-19
X Protocol Version 11, Revision 0
Build Operating System: Linux 4.4.0-45-generic armv7l Ubuntu
Current Operating System: Linux sieglinde 4.4.0-1030-raspi2 #37-Ubuntu SMP Thu Oct 20 15:06:25 UTC 2016 armv7l
Kernel command line: 8250.nr_uarts=1 dma.dmachans=0x7f35 bcm2708_fb.fbwidth=1824 bcm2708_fb.fbheight=984 bcm2709.boardrev=0xa02082 bcm2709.serial=0x13133fe5 smsc95xx.macaddr=B8:27:EB:13:3F:E5 bcm2708_fb.fbswap=1 bcm2709.uart_clock=48000000 vc_mem.mem_base=0x3dc00000 vc_mem.mem_size=0x3f000000 dwc_otg.lpm_enable=0 console=ttyS0,115200 console=tty0 elevator=deadline root=/dev/disk/by-label/writable net.ifnames=0 init=/lib/systemd/systemd ro panic=-1 fixrtc snap_core=core_1690.snap snap_kernel=pi2-kernel_22.snap
Build Date: 02 November 2016 10:05:15PM
xorg-server 2:1.18.4-0ubuntu0.2 (For technical support please see http://www.ubuntu.com/support)
Current version of pixman: 0.33.6
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Markers: (–) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: “/home/rmescandon/snap/thesnap/x6/.local/share/xorg/Xorg.1.log”, Time: Tue May 2 15:17:25 2017
(==) Using system config directory “/usr/share/X11/xorg.conf.d”
(EE)
Fatal server error:
(EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied)
(EE)
(EE)
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
(EE) Please also check the log file at “/home/rmescandon/snap/thesnap/x6/.local/share/xorg/Xorg.1.log” for additional information.
(EE)
(EE) Server terminated with error (1). Closing log file.
xinit: giving up
xinit: unable to connect to X server: Connection refused
xinit: server error
Couldn’t get a file descriptor referring to the console
xinit: giving up
xinit: unable to connect to X server: Connection refused
xinit: server error
Couldn’t get a file descriptor referring to the console
note that even if you manage to somehow start an Xorg session on an UbuntuCore install through hackery, your snaps will (and wont) be able to talk to the display.
this would require that the x11 snap interface is available in “snap interfaces” and that your snap would connect to it … since the x11 protocol is insecure and allows snaps to break out of confinement we will not add it to the UbuntuCore images.
to run graphical kiosk applications on a core IoT system you can use the mir-kiosk snap and have your app talk to it via the provided interface (i assume there will also be a wayland-kiosk snap at some point to allow standalone fullscreen apps to run on wayland)
Xorg is definitely nothing we plan to support on UbuntuCore.
@ogra is right about the x11 interface needing the ‘slot’ side to allow other snaps to talk to X. Furthermore, even if the access to /dev/tty0 was worked through, you would find that X requires a lot of other access to the system in order to run, and the current interfaces don’t allow that (the slot side of x11 would necessarily have to). It is possible for someone to implement the security policy for the slot side of the current x11 interface. I suspect that we would require manual connections in that case due to the problems with X security.
But to answer your question very specifically, /dev/tty0 is the current virtual console (https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/devices.txt). There are currently no interfaces that allow using /dev/tty0 (though one is in progress) so only a devmode snap could be used for this. The permissions on the device do not allow non-root to access this device:
There is currently no mechanism in snappy to change the permissions and there are limitations with nss-extrausers in that you can’t mix system user/groups (those in /etc/passwd and /etc/group) with extrausers (/var/lib/extrausers/passwd and /var/lib/extrausers/group). Snappy and users and groups (obsolete) use case ‘2’ would need to be implemented to allow access for non-root to /dev/tty0.
First of all. Thanks to everybody for your quick and detailed answers. I think I got enough info in all your replies. @Simon, Imagine that I can’t confine the snap for any reason and besides it is enough having it working in devmode. In that case, root is having more access to the system than a regular user. That’s why I was trying to start it avoiding root.
What alternative to Xorg should we expect in the future?
Mark Shuttleworth on Ubuntu Insights said that smartphone projects are abandoned, so are Unity8 and as a result Mir.
So basically Mir is a dead body, isn’t it?
The only alternative here is Wayland?
the mir-kiosk snap (and the mir-kiosk-apps demo snap) will stay maintained (there are customers using this AFAIK). i can imagine that we will eventually have a snap that provides a wayland like setup too, though as i understand the architecture here is different and you need actually a compositor to achieve the same with wayland.
so it wouldnt actually be a wayland-kiosk snap but rather a “$compositor-kiosk” snap using the wayland protocol. mir simply brings along a little more here out of the box …
@ogra Where is this mir-kiosk snap? I am trying to run a browser in my raspberry pi to have a kind of kiosk so this is exactly what I need, but $ snap find mir-kiosk The search "mir-kiosk" returned 0 snaps
snap find only searches the stable channel, apparently there was no stable release of the mir-kiosk, mir-libs and mir-kiosk-apps packages yet… but snap info is giving some detail here:
ogra@bbb:~$ snap info mir-kiosk
name: mir-kiosk
summary: "A minimal Mir based shell for kiosk type applications"
publisher: canonical
description: |
A minimal Mir based shell for kiosk type applications
snap-id: rW4inp7UbJb1YBxWr6SVebxa3Yv7K1Vm
channels:
stable: –
candidate: –
beta: 0.1 (28) 19MB -
edge: 1.2.0 (33) 17MB -
ogra@bbb:~$ snap info mir-libs
name: mir-libs
summary: "A content snap serving mir related libraries"
publisher: canonical
description: |
A content snap serving mir server and client libraries.
snap-id: hfOyKSNBdLxwln6nUA6KnhqlY1bGIEhX
channels:
stable: –
candidate: –
beta: 0.1 (22) 19MB -
edge: 0.26.1 (28) 18MB -
ogra@bbb:~$ snap info mir-kiosk-apps
name: mir-kiosk-apps
summary: "Example apps to run with mir-kiosk"
publisher: canonical
description: |
Example apps to run with mir-kiosk
snap-id: bMa7Nm8zOXlEoEg8OLUIoxgqihAMc9sT
channels:
stable: –
candidate: –
beta: –
edge: 0.1 (16) 64MB -
ogra@bbb:~$
so you can install them like:
snap install mir-libs --edge …
seems that the docs are gone is a mistake and will be corrected soon.
I am however working on a chromium-browser snap. This is not considered stable yet (actually not even published in the store yet), but if you feel adventurous you can grab a snap from there and let me know how well it works for you.
looks like this uses the x11 and unity7 plugs though … for an install on UbuntuCore it will need to use the mir plug since we do not have x11 or unity7 on there.
@ogra
So if webbrowser-app is not available and the new ones from @oSoMoN are for X, which is not available, what can I do? Am I screwed?
Could I try to package Firefox myself? It looks like no given the deeper problem is having a display server. Wayland is not available, mir is not available, X is not feasible.
Can I at least create some kind of hybrid system to install deb packages? It’s a pitty though. I chose Ubuntu Core because the idea of running a sandboxed browser for a kiosk makes a lot of sense to me
well, perhaps what @morphis said above (using a --devmode snap that bundles X11) might be the way to go atm …
I know that @oSoMoN’s work will result in a Gtk3 based chromium build that should theoretically also run on Mir then. perhaps simply waiting would be the solution.
Ok, I thought that bundling x11 was not possible at all as per your comment about Ubuntu core but if that works (even if with -devmode) then that’s OK. It will buy me time until something more secure comes out
I’m sorry for the silly question. I want to try your snap but I have no idea how to put it in ubuntu core. there’s no wget or curl, no sftp or snap version of either of them. How do I push files to an ubuntu core installation?
scp is there.
Or rsync from your desktop.
Or Midnight Commander is great (mc), can connect your desktop to Ubuntu Core device using ssh protocol in a two-panel view. You can navigate inside your device and copy/move files as if it was on your desktop.
Indeed. Although I’m not working on it myself, I know that there is ongoing work to make chromium work with Mir, so as soon as that’s working I’ll make sure the snap gets it.
