[gentoo-user] Re: FreeCAD permission problems - gentoo-user

From:	Kai Krakow <hurikhan77@×××××.com>
To:	gentoo-user@l.g.o
Subject:	[gentoo-user] Re: FreeCAD permission problems
Date:	Sat, 06 May 2017 13:20:41
Message-Id:	`20170506152023.4d95c4d0@jupiter.sol.kaishome.de`
In Reply to:	Re: [gentoo-user] Re: FreeCAD permission problems by tuxic@posteo.de

1

Am Sat, 6 May 2017 14:42:59 +0200

2

schrieb tuxic@××××××.de:

3

4

> On 05/06 02:16, Kai Krakow wrote:

5

> > Am Sat, 6 May 2017 12:55:24 +0200

6

> > schrieb tuxic@××××××.de:

7

> >

8

> > > On 05/06 12:28, Kai Krakow wrote:

9

>  [...]

10

>  [...]

11

> > >  [...]

12

> > >  [...]

13

>  [...]

14

> > >  [...]

15

>  [...]

16

> > >  [...]

17

>  [...]

18

> > >  [...]

19

>  [...]

20

> > >  [...]

21

> > >  [...]

22

>  [...]

23

>  [...]

24

>  [...]

25

>  [...]

26

> > >

27

> > > Hi,

28

> > >

29

> > > ...it runs now at least for root (called as user it crashes

30

> > > still).

31

> > >

32

> > > I did the following:

33

> > >

34

> > >

35

> > > mv /usr/lib64/libGL.so  /usr/lib64/off.libGL.so

36

> > >

37

> > > for all libGL.so* in /usr/lib64/libGL.so*

38

> >

39

> > You shouldn't shuffle those files around. They are controlled by the

40

> > package manager.

41

> >

42

> > I think it's a bug of the software that it overwrites ld paths.

43

> > With a Gentoo standard configuration and eselect opengl switched to

44

> > nvidia, every software should find and load the nvidia opengl stuff

45

> > first.

46

> >

47

> > Could you show the output of

48

> >

49

> > # lddtree $(which FreeCAD)

50

> >

51

> > E.g., lddtree $(which kwin_x11) shows a line for me:

52

> >

53

> > libGL.so.1 => /usr/lib64/opengl/nvidia/lib/libGL.so.1

54

> >

55

> > which clearly says it's linking libGL.so.1 from nvidia first.

56

> >

57

> > If a libGL line is missing for FreeCAD, it is dynamically loaded by

58

> > the application itself. Then it's a FreeCAD bug that should be

59

> > fixed.

60

> >

61

> > If it's loading from /usr/lib64/libGL* for you, then some paths and

62

> > configs are borked in your system.

63

> >

64

> >

65

> > > Addtionally I added 06nvidia to /etc/ld.so.config.d/. with this

66

> > > contents:

67

> > > /usr/lib64/opengl/nvidia/lib

68

> > > and did a ldconfig afterwards and reboot to release any

69

> > > filehandle.

70

> >

71

> > I wonder why these paths are missing for you... My ld.so.conf has

72

> > nvidia paths right in the beginning (first two lines). It's

73

> > actually made from /etc/env.d/000opengl. There's nothing nvidia

74

> > specific in the .d directory.

75

> >

76

> >

77

> > > One question remains:

78

> > > It works for root but not for any other user.

79

> > > I (as user) am in the video group.

80

> > >

81

> > > I checked the directory/file permissions of opencascade and they

82

> > > seem to be ok.

83

> >

84

> > I don't think that modern kernels and desktop managers still use the

85

> > video group. It should be handled by ACLs. Please have a look at the

86

> > ACLs of the device nodes.

87

> >

88

> > It all depends on your login manager and pam configuration. You

89

> > should check that if things don't work right. If you're using

90

> > systemd, you are using systemd-logind, otherwise you're probably

91

> > using consolekit.

92

> >

93

> > If you're not using either of those, the system would fall back to

94

> > standard unix group permissions. But I'm not sure if this works

95

> > correctly if you didn't configure the whole chain to work that way.

96

> >

97

> >

98

> > > I straced FreeCAD...but...I fear not to see anything suspicious

99

> > > because the output contains a lot of noise (much more as normally

100

> > > seen in such traces)...

101

> >

102

> > You can use call filters to limit that to what you want to see.

103

> > Also, there's ltrace which could be interesting.

104

> >

105

> >

106

> > > The eselects show:

107

>  [...]

108

> > > Available OpenGL implementations:

109

> > >   [1]   nvidia *

110

> > >   [2]   xorg-x11

111

>  [...]

112

> > > i915 (Intel 915, 945)

113

> > > i965 (Intel GMA 965, G/Q3x, G/Q4x, HD)

114

> > > r300 (Radeon R300-R500)

115

> > > r600 (Radeon R600-R700, Evergreen, Northern Islands)

116

> > > sw (Software renderer)

117

> > >   [1]   classic

118

> > >   [2]   gallium *

119

> > >

120

> > > Why is nvidia not listed with the second command?

121

> >

122

> > Afaik, it does not provide mesa drivers. That's probably why it

123

> > cannot find an "swrast" driver/visual then. Directly using nvidia

124

> > OpenGL fixes that, which is what you did now.

125

> >

126

> > I think the bug with FreeCAD is, that it cannot properly handle

127

> > multiple opengl implementations which it tries to do itself. It

128

> > should be left to the system to correctly load the correct opengl

129

> > implementation.

130

> >

131

> > I guess FreeCAD looks up visuals by loading libGL from /usr/lib,

132

> > then it loads libGL again using means provided by the system, which

133

> > ends up loading the nvidia implementation. But that does not

134

> > provide swrast. I can only guess why they did that. But I could

135

> > also be totally wrong.

136

> >

137

> >

138

> > --

139

> > Regards,

140

> > Kai

141

> >

142

> > Replies to list-only preferred.

143

> >

144

>

145

>

146

>

147

>

148

> Hi Kai,

149

>

150

> NO PANIC! :) the renaming of libGL and friends was for

151

> testing/experimenting purposes only! :)

152

>

153

> After renaming those back to normal and doing a ldconfig

154

> these were back for root and user:

155

>

156

>     libGL error: No matching fbConfigs or visuals found

157

>     libGL error: failed to load driver: swrast

158

>     *** Abort *** an exception was raised, but no catch was found.

159

>         ... The exception is:SIGSEGV 'segmentation violation'

160

> detected. Address 0

161

>

162

> I checked for the 000opengl file in /etc/env.d on my installation and

163

> it is there...so I removed my file under /etc/ld.config.d/.

164

>

165

> lddtree /usr/bin/FreeCAD gives me:

166

>

167

> FreeCAD => /usr/bin/FreeCAD (interpreter => /lib64/ld-linux-x86-64.so.2)

168

[...snip...]

169

> libGL.so.1 => /usr/lib64/libGL.so.1

170

[...snap...]

171

172

So it's loading the wrong lib...

173

174

Let's find out why... Is there /etc/env/000opengl?

175

176

Did you run env-update and logged out and in again? (or rebooted)

177

178

If all yes, you should in /etc/ld.so.conf that the very first lines

179

(after the comments) are for the nvidia opengl implementation.

180

181

> Next: ACL

182

>

183

> What? ;)

184

185

Access control lists...

186

187

It's fine grained controls than posix access controls

188

(user,group,others,owner,group-owner etc).

189

190

If you "ls -l" the dev directory, you should notice a "+" behind some

191

permissions. This actually tells you that there are ACLs. The input

192

devices you're using should show that:

193

194

$ ls -al /dev/input/event*

195

crw-rw----+ 1 root input 13, 69  6. Mai 13:28 /dev/input/event5

196

197

$ getfacl /dev/input/event5

198

getfacl: Removing leading '/' from absolute path names

199

# file: dev/input/event5

200

# owner: root

201

# group: input

202

user::rw-

203

user:kakra:rw-

204

group::rw-

205

mask::rw-

206

other::---

207

208

So you see, additionally to root:input=rwrw it also gave my user

209

explicit rw permissions. This is handled by the login manager which

210

gives users exact permissions to only the devices attached to that seat

211

instead of generic access for everything, no matter how the user logged

212

in. E.g., why would you need access to those devices if logged in by

213

SSH? Even if you have local login permissions, why should those be

214

valid when logged in by remote?

215

216

This problem is fixed by ACLs.

217

218

Other essential devices should show similar ACLs for you.

219

220

BTW: I'm in the video group, too. I think this is required for nvidia

221

drivers. So I don't believe that is the problem for you and we are on

222

the wrong path here. You should check that /dev/nvidia* belongs to the

223

video group, tho. Otherwise check that NVreg_DeviceFileGID matches your

224

video group id in /etc/modprobe.d/nvidia.conf.

225

226

Does glxgears work for you?

227

228

229

> Sorry Kai...you hit the blank spot of my knowledge of Linux here.

230

> Please give me some hints...

231

232

I hope I did.

233

234

235

> To summarize:

236

> I am using good 'ole openrc. Consolekit is installed.

237

> My login manager is slim.

238

239

It's systemd and sddm here...

240

241

I ditched consolekit long time ago so I cannot really help you here by

242

comparing with my local configuration.

243

244

245

> ltrace:

246

> I will take a look, what I may find with that one.

247

> strace: It is difficult to filter unimportant things

248

> as long I dont know the reason (the important thing)

249

> for the problem... ;) :)

250

> But I will take a deeper look...

251

252

You could enable coredumps and feed that to gdb to get a backtrace. But

253

I believe you need to enable debug symbols in portage and

254

recompile stuff to have debug info. Even if incomplete, it could be

255

helpful to identify the offender. Maybe it can be fixed by preloading

256

older .so files.

257

258

259

--

260

Regards,

261

Kai

262

263

Replies to list-only preferred.

1	Am Sat, 6 May 2017 14:42:59 +0200
2	schrieb tuxic@××××××.de:
3
4	> On 05/06 02:16, Kai Krakow wrote:
5	> > Am Sat, 6 May 2017 12:55:24 +0200
6	> > schrieb tuxic@××××××.de:
7	> >
8	> > > On 05/06 12:28, Kai Krakow wrote:
9	> [...]
10	> [...]
11	> > > [...]
12	> > > [...]
13	> [...]
14	> > > [...]
15	> [...]
16	> > > [...]
17	> [...]
18	> > > [...]
19	> [...]
20	> > > [...]
21	> > > [...]
22	> [...]
23	> [...]
24	> [...]
25	> [...]
26	> > >
27	> > > Hi,
28	> > >
29	> > > ...it runs now at least for root (called as user it crashes
30	> > > still).
31	> > >
32	> > > I did the following:
33	> > >
34	> > >
35	> > > mv /usr/lib64/libGL.so /usr/lib64/off.libGL.so
36	> > >
37	> > > for all libGL.so* in /usr/lib64/libGL.so*
38	> >
39	> > You shouldn't shuffle those files around. They are controlled by the
40	> > package manager.
41	> >
42	> > I think it's a bug of the software that it overwrites ld paths.
43	> > With a Gentoo standard configuration and eselect opengl switched to
44	> > nvidia, every software should find and load the nvidia opengl stuff
45	> > first.
46	> >
47	> > Could you show the output of
48	> >
49	> > # lddtree $(which FreeCAD)
50	> >
51	> > E.g., lddtree $(which kwin_x11) shows a line for me:
52	> >
53	> > libGL.so.1 => /usr/lib64/opengl/nvidia/lib/libGL.so.1
54	> >
55	> > which clearly says it's linking libGL.so.1 from nvidia first.
56	> >
57	> > If a libGL line is missing for FreeCAD, it is dynamically loaded by
58	> > the application itself. Then it's a FreeCAD bug that should be
59	> > fixed.
60	> >
61	> > If it's loading from /usr/lib64/libGL* for you, then some paths and
62	> > configs are borked in your system.
63	> >
64	> >
65	> > > Addtionally I added 06nvidia to /etc/ld.so.config.d/. with this
66	> > > contents:
67	> > > /usr/lib64/opengl/nvidia/lib
68	> > > and did a ldconfig afterwards and reboot to release any
69	> > > filehandle.
70	> >
71	> > I wonder why these paths are missing for you... My ld.so.conf has
72	> > nvidia paths right in the beginning (first two lines). It's
73	> > actually made from /etc/env.d/000opengl. There's nothing nvidia
74	> > specific in the .d directory.
75	> >
76	> >
77	> > > One question remains:
78	> > > It works for root but not for any other user.
79	> > > I (as user) am in the video group.
80	> > >
81	> > > I checked the directory/file permissions of opencascade and they
82	> > > seem to be ok.
83	> >
84	> > I don't think that modern kernels and desktop managers still use the
85	> > video group. It should be handled by ACLs. Please have a look at the
86	> > ACLs of the device nodes.
87	> >
88	> > It all depends on your login manager and pam configuration. You
89	> > should check that if things don't work right. If you're using
90	> > systemd, you are using systemd-logind, otherwise you're probably
91	> > using consolekit.
92	> >
93	> > If you're not using either of those, the system would fall back to
94	> > standard unix group permissions. But I'm not sure if this works
95	> > correctly if you didn't configure the whole chain to work that way.
96	> >
97	> >
98	> > > I straced FreeCAD...but...I fear not to see anything suspicious
99	> > > because the output contains a lot of noise (much more as normally
100	> > > seen in such traces)...
101	> >
102	> > You can use call filters to limit that to what you want to see.
103	> > Also, there's ltrace which could be interesting.
104	> >
105	> >
106	> > > The eselects show:
107	> [...]
108	> > > Available OpenGL implementations:
109	> > > [1] nvidia *
110	> > > [2] xorg-x11
111	> [...]
112	> > > i915 (Intel 915, 945)
113	> > > i965 (Intel GMA 965, G/Q3x, G/Q4x, HD)
114	> > > r300 (Radeon R300-R500)
115	> > > r600 (Radeon R600-R700, Evergreen, Northern Islands)
116	> > > sw (Software renderer)
117	> > > [1] classic
118	> > > [2] gallium *
119	> > >
120	> > > Why is nvidia not listed with the second command?
121	> >
122	> > Afaik, it does not provide mesa drivers. That's probably why it
123	> > cannot find an "swrast" driver/visual then. Directly using nvidia
124	> > OpenGL fixes that, which is what you did now.
125	> >
126	> > I think the bug with FreeCAD is, that it cannot properly handle
127	> > multiple opengl implementations which it tries to do itself. It
128	> > should be left to the system to correctly load the correct opengl
129	> > implementation.
130	> >
131	> > I guess FreeCAD looks up visuals by loading libGL from /usr/lib,
132	> > then it loads libGL again using means provided by the system, which
133	> > ends up loading the nvidia implementation. But that does not
134	> > provide swrast. I can only guess why they did that. But I could
135	> > also be totally wrong.
136	> >
137	> >
138	> > --
139	> > Regards,
140	> > Kai
141	> >
142	> > Replies to list-only preferred.
143	> >
144	>
145	>
146	>
147	>
148	> Hi Kai,
149	>
150	> NO PANIC! :) the renaming of libGL and friends was for
151	> testing/experimenting purposes only! :)
152	>
153	> After renaming those back to normal and doing a ldconfig
154	> these were back for root and user:
155	>
156	> libGL error: No matching fbConfigs or visuals found
157	> libGL error: failed to load driver: swrast
158	> * Abort * an exception was raised, but no catch was found.
159	> ... The exception is:SIGSEGV 'segmentation violation'
160	> detected. Address 0
161	>
162	> I checked for the 000opengl file in /etc/env.d on my installation and
163	> it is there...so I removed my file under /etc/ld.config.d/.
164	>
165	> lddtree /usr/bin/FreeCAD gives me:
166	>
167	> FreeCAD => /usr/bin/FreeCAD (interpreter => /lib64/ld-linux-x86-64.so.2)
168	[...snip...]
169	> libGL.so.1 => /usr/lib64/libGL.so.1
170	[...snap...]
171
172	So it's loading the wrong lib...
173
174	Let's find out why... Is there /etc/env/000opengl?
175
176	Did you run env-update and logged out and in again? (or rebooted)
177
178	If all yes, you should in /etc/ld.so.conf that the very first lines
179	(after the comments) are for the nvidia opengl implementation.
180
181	> Next: ACL
182	>
183	> What? ;)
184
185	Access control lists...
186
187	It's fine grained controls than posix access controls
188	(user,group,others,owner,group-owner etc).
189
190	If you "ls -l" the dev directory, you should notice a "+" behind some
191	permissions. This actually tells you that there are ACLs. The input
192	devices you're using should show that:
193
194	$ ls -al /dev/input/event*
195	crw-rw----+ 1 root input 13, 69 6. Mai 13:28 /dev/input/event5
196
197	$ getfacl /dev/input/event5
198	getfacl: Removing leading '/' from absolute path names
199	# file: dev/input/event5
200	# owner: root
201	# group: input
202	user::rw-
203	user:kakra:rw-
204	group::rw-
205	mask::rw-
206	other::---
207
208	So you see, additionally to root:input=rwrw it also gave my user
209	explicit rw permissions. This is handled by the login manager which
210	gives users exact permissions to only the devices attached to that seat
211	instead of generic access for everything, no matter how the user logged
212	in. E.g., why would you need access to those devices if logged in by
213	SSH? Even if you have local login permissions, why should those be
214	valid when logged in by remote?
215
216	This problem is fixed by ACLs.
217
218	Other essential devices should show similar ACLs for you.
219
220	BTW: I'm in the video group, too. I think this is required for nvidia
221	drivers. So I don't believe that is the problem for you and we are on
222	the wrong path here. You should check that /dev/nvidia* belongs to the
223	video group, tho. Otherwise check that NVreg_DeviceFileGID matches your
224	video group id in /etc/modprobe.d/nvidia.conf.
225
226	Does glxgears work for you?
227
228
229	> Sorry Kai...you hit the blank spot of my knowledge of Linux here.
230	> Please give me some hints...
231
232	I hope I did.
233
234
235	> To summarize:
236	> I am using good 'ole openrc. Consolekit is installed.
237	> My login manager is slim.
238
239	It's systemd and sddm here...
240
241	I ditched consolekit long time ago so I cannot really help you here by
242	comparing with my local configuration.
243
244
245	> ltrace:
246	> I will take a look, what I may find with that one.
247	> strace: It is difficult to filter unimportant things
248	> as long I dont know the reason (the important thing)
249	> for the problem... ;) :)
250	> But I will take a deeper look...
251
252	You could enable coredumps and feed that to gdb to get a backtrace. But
253	I believe you need to enable debug symbols in portage and
254	recompile stuff to have debug info. Even if incomplete, it could be
255	helpful to identify the offender. Maybe it can be fixed by preloading
256	older .so files.
257
258
259	--
260	Regards,
261	Kai
262
263	Replies to list-only preferred.

Gentoo Archives: gentoo-user

Replies