Bugzilla – Bug 1220352
[Build 58.1] non-root user can not log in to system at XscreenSaver
Last modified: 2024-03-19 08:21:41 UTC
## Description, non-root user can not log into the system at XscreenSaver with below errors: xscreensaver-auth: 03:15:20: OOM: /proc/2637/oom_score_adj: Permission denied xscreensaver-auth: 03:15:20: To prevent the kernel from randomly unlocking xscreensaver-auth: 03:15:20: your screen via the out-of-memory killer, xscreensaver-auth: 03:15:20: "xscreensaver-auth" must be setuid root. MESA-LOADER: failed to open zink: /usr/lib64/dri/zink_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib64/dri, suffix _dri) failed to load driver: zink Authorization required, but no authorization protocol specified Authorization required, but no authorization protocol specified Authorization required, but no authorization protocol specified ## Observation openQA test in scenario sle-15-SP6-Online-ppc64le-minimal_x@ppc64le fails in [consoletest_finish](https://openqa.suse.de/tests/13602507/modules/consoletest_finish/steps/9) ## Test suite description Maintainer: slindomansilla As default but explicitly unselecting DE patterns, for example gnome, to have only a "minimal X" environment preserved, for example icewm. ## Reproducible Fails since (at least) Build [58.1](https://openqa.suse.de/tests/13581802) ## Expected result Last good: [57.1](https://openqa.suse.de/tests/13547201) (or more recent) ## Further details Always latest result in this scenario: [latest](https://openqa.suse.de/tests/latest?arch=ppc64le&distri=sle&flavor=Online&machine=ppc64le&test=minimal_x&version=15-SP6)
Hi Richard, just to make sure I understood it correctly, did it happen in the latest build? It seems the unlock works fine here https://openqa.suse.de/tests/13640177 . Besides ppc64 specfic, or we have other tests failed at this issue?
(In reply to Yifan Jiang from comment #1) > Hi Richard, just to make sure I understood it correctly, did it happen in > the latest build? It seems the unlock works fine here > https://openqa.suse.de/tests/13640177 . Besides ppc64 specfic, or we have > other tests failed at this issue? The issue is gone in the latest build https://openqa.suse.de/tests/13640177 And yes, it happened on ppc64le only based on openqa results
The intermittent issue looks not that clear to me if it is on xscreensaver, X driver side or other parts. About the logs: > xscreensaver-auth: 03:15:20: OOM: /proc/2637/oom_score_adj: Permission denied > xscreensaver-auth: 03:15:20: To prevent the kernel from randomly unlocking > xscreensaver-auth: 03:15:20: your screen via the out-of-memory killer, > xscreensaver-auth: 03:15:20: "xscreensaver-auth" must be setuid root. The error seems not blocking the screensaver to run continuously: https://github.com/Zygo/xscreensaver/blob/0c43268adc2e7a932ca5427db7b18d37ef53f7ad/driver/xscreensaver-auth.c#L128-L167 > MESA-LOADER: failed to open zink: /usr/lib64/dri/zink_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib64/dri, suffix _dri) zink dri driver smells unrelated. > Authorization required, but no authorization protocol specified This message sounds suspicious to me though I couldn't reproduce it in my local environment (x86_64). It feels better to keep colleagues worked on xscreensaver and X to share some ideas.
(In reply to Yifan Jiang from comment #3) > > MESA-LOADER: failed to open zink: /usr/lib64/dri/zink_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib64/dri, suffix _dri) > zink dri driver smells unrelated. Yes, This is just a misleading warning. Meanwhile if no native OpenGL driver exists (which is the case on virtual GPUs on VMs) zink driver (OpenGL via Vulkan native driver) is being tried. If that fails, fallback to llvmpipe driver is being used.
(In reply to Yifan Jiang from comment #3) > The intermittent issue looks not that clear to me if it is on xscreensaver, > X driver side or other parts. About the logs: > > > xscreensaver-auth: 03:15:20: OOM: /proc/2637/oom_score_adj: Permission denied > > xscreensaver-auth: 03:15:20: To prevent the kernel from randomly unlocking > > xscreensaver-auth: 03:15:20: your screen via the out-of-memory killer, > > xscreensaver-auth: 03:15:20: "xscreensaver-auth" must be setuid root. > > The error seems not blocking the screensaver to run continuously: > > https://github.com/Zygo/xscreensaver/blob/ > 0c43268adc2e7a932ca5427db7b18d37ef53f7ad/driver/xscreensaver-auth.c#L128-L167 > > > MESA-LOADER: failed to open zink: /usr/lib64/dri/zink_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib64/dri, suffix _dri) > > zink dri driver smells unrelated. > > > Authorization required, but no authorization protocol specified > > This message sounds suspicious to me though I couldn't reproduce it in my > local environment (x86_64). > > It feels better to keep colleagues worked on xscreensaver and X to share > some ideas. The "Authorization required, but no authorization protocol specified" certainly seems most likely, I also don't see that on my Tumbleweed install, I also can't see anything in the xscreensaver codebase that prints that message, we use PAM for Authentication so i'd probably be looking there. The suid bit message is a different issue. The security team has decided we would rather risk xscreensaver unlocking due to the machine running out of memory then give xscreensaver root permissions.
Though it is not crystal clear why pam stated the issue in the context, I saw this happened in a particular testing environment and the problem was gone in latter builds. So I am closing it now.