Gentoo Archives: gentoo-user

From: Kai Krakow <hurikhan77@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: FreeCAD permission problems
Date: Sat, 06 May 2017 13:20:41
Message-Id: 20170506152023.4d95c4d0@jupiter.sol.kaishome.de
In Reply to: Re: [gentoo-user] Re: FreeCAD permission problems by tuxic@posteo.de
1 Am Sat, 6 May 2017 14:42:59 +0200
2 schrieb tuxic@××××××.de:
3
4 > On 05/06 02:16, Kai Krakow wrote:
5 > > Am Sat, 6 May 2017 12:55:24 +0200
6 > > schrieb tuxic@××××××.de:
7 > >
8 > > > On 05/06 12:28, Kai Krakow wrote:
9 > [...]
10 > [...]
11 > > > [...]
12 > > > [...]
13 > [...]
14 > > > [...]
15 > [...]
16 > > > [...]
17 > [...]
18 > > > [...]
19 > [...]
20 > > > [...]
21 > > > [...]
22 > [...]
23 > [...]
24 > [...]
25 > [...]
26 > > >
27 > > > Hi,
28 > > >
29 > > > ...it runs now at least for root (called as user it crashes
30 > > > still).
31 > > >
32 > > > I did the following:
33 > > >
34 > > >
35 > > > mv /usr/lib64/libGL.so /usr/lib64/off.libGL.so
36 > > >
37 > > > for all libGL.so* in /usr/lib64/libGL.so*
38 > >
39 > > You shouldn't shuffle those files around. They are controlled by the
40 > > package manager.
41 > >
42 > > I think it's a bug of the software that it overwrites ld paths.
43 > > With a Gentoo standard configuration and eselect opengl switched to
44 > > nvidia, every software should find and load the nvidia opengl stuff
45 > > first.
46 > >
47 > > Could you show the output of
48 > >
49 > > # lddtree $(which FreeCAD)
50 > >
51 > > E.g., lddtree $(which kwin_x11) shows a line for me:
52 > >
53 > > libGL.so.1 => /usr/lib64/opengl/nvidia/lib/libGL.so.1
54 > >
55 > > which clearly says it's linking libGL.so.1 from nvidia first.
56 > >
57 > > If a libGL line is missing for FreeCAD, it is dynamically loaded by
58 > > the application itself. Then it's a FreeCAD bug that should be
59 > > fixed.
60 > >
61 > > If it's loading from /usr/lib64/libGL* for you, then some paths and
62 > > configs are borked in your system.
63 > >
64 > >
65 > > > Addtionally I added 06nvidia to /etc/ld.so.config.d/. with this
66 > > > contents:
67 > > > /usr/lib64/opengl/nvidia/lib
68 > > > and did a ldconfig afterwards and reboot to release any
69 > > > filehandle.
70 > >
71 > > I wonder why these paths are missing for you... My ld.so.conf has
72 > > nvidia paths right in the beginning (first two lines). It's
73 > > actually made from /etc/env.d/000opengl. There's nothing nvidia
74 > > specific in the .d directory.
75 > >
76 > >
77 > > > One question remains:
78 > > > It works for root but not for any other user.
79 > > > I (as user) am in the video group.
80 > > >
81 > > > I checked the directory/file permissions of opencascade and they
82 > > > seem to be ok.
83 > >
84 > > I don't think that modern kernels and desktop managers still use the
85 > > video group. It should be handled by ACLs. Please have a look at the
86 > > ACLs of the device nodes.
87 > >
88 > > It all depends on your login manager and pam configuration. You
89 > > should check that if things don't work right. If you're using
90 > > systemd, you are using systemd-logind, otherwise you're probably
91 > > using consolekit.
92 > >
93 > > If you're not using either of those, the system would fall back to
94 > > standard unix group permissions. But I'm not sure if this works
95 > > correctly if you didn't configure the whole chain to work that way.
96 > >
97 > >
98 > > > I straced FreeCAD...but...I fear not to see anything suspicious
99 > > > because the output contains a lot of noise (much more as normally
100 > > > seen in such traces)...
101 > >
102 > > You can use call filters to limit that to what you want to see.
103 > > Also, there's ltrace which could be interesting.
104 > >
105 > >
106 > > > The eselects show:
107 > [...]
108 > > > Available OpenGL implementations:
109 > > > [1] nvidia *
110 > > > [2] xorg-x11
111 > [...]
112 > > > i915 (Intel 915, 945)
113 > > > i965 (Intel GMA 965, G/Q3x, G/Q4x, HD)
114 > > > r300 (Radeon R300-R500)
115 > > > r600 (Radeon R600-R700, Evergreen, Northern Islands)
116 > > > sw (Software renderer)
117 > > > [1] classic
118 > > > [2] gallium *
119 > > >
120 > > > Why is nvidia not listed with the second command?
121 > >
122 > > Afaik, it does not provide mesa drivers. That's probably why it
123 > > cannot find an "swrast" driver/visual then. Directly using nvidia
124 > > OpenGL fixes that, which is what you did now.
125 > >
126 > > I think the bug with FreeCAD is, that it cannot properly handle
127 > > multiple opengl implementations which it tries to do itself. It
128 > > should be left to the system to correctly load the correct opengl
129 > > implementation.
130 > >
131 > > I guess FreeCAD looks up visuals by loading libGL from /usr/lib,
132 > > then it loads libGL again using means provided by the system, which
133 > > ends up loading the nvidia implementation. But that does not
134 > > provide swrast. I can only guess why they did that. But I could
135 > > also be totally wrong.
136 > >
137 > >
138 > > --
139 > > Regards,
140 > > Kai
141 > >
142 > > Replies to list-only preferred.
143 > >
144 >
145 >
146 >
147 >
148 > Hi Kai,
149 >
150 > NO PANIC! :) the renaming of libGL and friends was for
151 > testing/experimenting purposes only! :)
152 >
153 > After renaming those back to normal and doing a ldconfig
154 > these were back for root and user:
155 >
156 > libGL error: No matching fbConfigs or visuals found
157 > libGL error: failed to load driver: swrast
158 > *** Abort *** an exception was raised, but no catch was found.
159 > ... The exception is:SIGSEGV 'segmentation violation'
160 > detected. Address 0
161 >
162 > I checked for the 000opengl file in /etc/env.d on my installation and
163 > it is there...so I removed my file under /etc/ld.config.d/.
164 >
165 > lddtree /usr/bin/FreeCAD gives me:
166 >
167 > FreeCAD => /usr/bin/FreeCAD (interpreter => /lib64/ld-linux-x86-64.so.2)
168 [...snip...]
169 > libGL.so.1 => /usr/lib64/libGL.so.1
170 [...snap...]
171
172 So it's loading the wrong lib...
173
174 Let's find out why... Is there /etc/env/000opengl?
175
176 Did you run env-update and logged out and in again? (or rebooted)
177
178 If all yes, you should in /etc/ld.so.conf that the very first lines
179 (after the comments) are for the nvidia opengl implementation.
180
181 > Next: ACL
182 >
183 > What? ;)
184
185 Access control lists...
186
187 It's fine grained controls than posix access controls
188 (user,group,others,owner,group-owner etc).
189
190 If you "ls -l" the dev directory, you should notice a "+" behind some
191 permissions. This actually tells you that there are ACLs. The input
192 devices you're using should show that:
193
194 $ ls -al /dev/input/event*
195 crw-rw----+ 1 root input 13, 69 6. Mai 13:28 /dev/input/event5
196
197 $ getfacl /dev/input/event5
198 getfacl: Removing leading '/' from absolute path names
199 # file: dev/input/event5
200 # owner: root
201 # group: input
202 user::rw-
203 user:kakra:rw-
204 group::rw-
205 mask::rw-
206 other::---
207
208 So you see, additionally to root:input=rwrw it also gave my user
209 explicit rw permissions. This is handled by the login manager which
210 gives users exact permissions to only the devices attached to that seat
211 instead of generic access for everything, no matter how the user logged
212 in. E.g., why would you need access to those devices if logged in by
213 SSH? Even if you have local login permissions, why should those be
214 valid when logged in by remote?
215
216 This problem is fixed by ACLs.
217
218 Other essential devices should show similar ACLs for you.
219
220 BTW: I'm in the video group, too. I think this is required for nvidia
221 drivers. So I don't believe that is the problem for you and we are on
222 the wrong path here. You should check that /dev/nvidia* belongs to the
223 video group, tho. Otherwise check that NVreg_DeviceFileGID matches your
224 video group id in /etc/modprobe.d/nvidia.conf.
225
226 Does glxgears work for you?
227
228
229 > Sorry Kai...you hit the blank spot of my knowledge of Linux here.
230 > Please give me some hints...
231
232 I hope I did.
233
234
235 > To summarize:
236 > I am using good 'ole openrc. Consolekit is installed.
237 > My login manager is slim.
238
239 It's systemd and sddm here...
240
241 I ditched consolekit long time ago so I cannot really help you here by
242 comparing with my local configuration.
243
244
245 > ltrace:
246 > I will take a look, what I may find with that one.
247 > strace: It is difficult to filter unimportant things
248 > as long I dont know the reason (the important thing)
249 > for the problem... ;) :)
250 > But I will take a deeper look...
251
252 You could enable coredumps and feed that to gdb to get a backtrace. But
253 I believe you need to enable debug symbols in portage and
254 recompile stuff to have debug info. Even if incomplete, it could be
255 helpful to identify the offender. Maybe it can be fixed by preloading
256 older .so files.
257
258
259 --
260 Regards,
261 Kai
262
263 Replies to list-only preferred.

Replies

Subject Author
Re: [gentoo-user] Re: FreeCAD permission problems tuxic@××××××.de