Solved Wayland Nvidia - Unable to drop root

[Geezer]

Trying wayland, even though X works alright.

14.2-RELEASE-p1
14.2-RELEASE-p1
14.2-RELEASE-p3

Graphics Processor: Quadro P620
NVIDIA Driver Version: 570.124.04

hw.nvidiadrm.modeset=1

nvidia-driver-570.124.04.1402000 NVidia graphics card binary drivers for hardware OpenGL rendering
nvidia-drm-61-kmod-570.124.04.1402000_1 NVIDIA DRM Kernel Module
nvidia-drm-kmod-570.124.04 NVIDIA DRM Kernel Module
nvidia-settings-535.146.02_1 Display Control Panel for X NVidia driver

5 1 0xffffffff83325000 149c0 nvidia-drm.ko
11 2 0xffffffff83400000 52ef728 nvidia.ko
14 1 0xffffffff88721000 1507d8 nvidia-modeset.ko

wayfire -c ~/.config/wayfire.ini

EE 24-05-25 12:11:45.906 - [src/main.cpp:59] Unable to drop root (we shouldn't be able to restore it after setuid), refusing to start

Any ideas?

May 24 12:06:04 ochre seatd[61800]: 00:00:00.000 [INFO] [seatd/seat.c:48] Created VT-bound seat seat0
May 24 12:06:04 ochre seatd[61800]: 00:00:00.000 [INFO] [seatd/seatd.c:194] seatd started
May 24 12:08:58 ochre seatd[61800]: 00:02:54.092 [INFO] [seatd/server.c:146] New client connected (pid: 63193, uid: 1000, gid: 0)
May 24 12:08:58 ochre seatd[61800]: 00:02:54.092 [INFO] [seatd/seat.c:239] Added client 2 to seat0
May 24 12:08:58 ochre seatd[61800]: 00:02:54.092 [INFO] [seatd/seat.c:563] Opened client 2 on seat0
May 24 12:08:58 ochre seatd[61800]: 00:02:54.466 [INFO] [seatd/seat.c:158] No clients on seat0 to activate
May 24 12:08:58 ochre seatd[61800]: 00:02:54.466 [INFO] [seatd/seat.c:290] Removed client 2 from seat0
May 24 12:08:58 ochre seatd[61800]: 00:02:54.466 [INFO] [seatd/client.c:496] Client disconnected

II 24-05-25 12:11:45.639 - [src/main.cpp:364] Starting wayfire version v0.9.0
II 24-05-25 12:11:45.639 - [libseat] [libseat/libseat.c:77] Seat opened with backend 'seatd'
II 24-05-25 12:11:45.639 - [libseat] [libseat/backend/seatd.c:212] Enabling seat
II 24-05-25 12:11:45.639 - [backend/session/session.c:109] Successfully loaded libseat session
II 24-05-25 12:11:45.712 - [backend/backend.c:213] Found 1 GPUs
II 24-05-25 12:11:45.713 - [backend/drm/backend.c:202] Initializing DRM backend for /dev/dri/card0 (nvidia-drm)
II 24-05-25 12:11:45.713 - [backend/drm/drm.c:255] Found 4 DRM CRTCs
II 24-05-25 12:11:45.713 - [backend/drm/drm.c:213] Found 12 DRM planes
II 24-05-25 12:11:45.731 - [render/egl.c:206] Supported EGL client extensions: EGL_EXT_platform_base EGL_EXT_device_base EGL_EXT_device_enumeration EGL_EXT_device_query EGL_KHR_client_get_all_proc_addresses EGL_EXT_client_extensions EGL_KHR_debug EGL_KHR_platform_x11 EGL_EXT_platform_x11 EGL_EXT_platform_device EGL_MESA_platform_surfaceless EGL_EXT_explicit_device EGL_KHR_platform_wayland EGL_EXT_platform_wayland EGL_KHR_platform_gbm EGL_MESA_platform_gbm EGL_EXT_platform_xcb
II 24-05-25 12:11:45.745 - [render/egl.c:355] Using EGL 1.5
II 24-05-25 12:11:45.745 - [render/egl.c:356] Supported EGL display extensions: EGL_ANDROID_native_fence_sync EGL_EXT_buffer_age EGL_EXT_client_sync EGL_EXT_create_context_robustness EGL_EXT_image_dma_buf_import EGL_EXT_image_dma_buf_import_modifiers EGL_MESA_image_dma_buf_export EGL_EXT_output_base EGL_EXT_output_drm EGL_EXT_protected_content EGL_EXT_stream_consumer_egloutput EGL_EXT_stream_acquire_mode EGL_EXT_sync_reuse EGL_IMG_context_priority EGL_KHR_config_attribs EGL_KHR_create_context_no_error EGL_KHR_context_flush_control EGL_KHR_create_context EGL_KHR_fence_sync EGL_KHR_get_all_proc_addresses EGL_KHR_partial_update EGL_KHR_swap_buffers_with_damage EGL_KHR_no_config_context EGL_KHR_gl_colorspace EGL_KHR_gl_renderbuffer_image EGL_KHR_gl_texture_2D_image EGL_KHR_gl_texture_3D_image EGL_KHR_gl_texture_cubemap_image EGL_KHR_image EGL_KHR_image_base EGL_KHR_reusable_sync EGL_KHR_stream EGL_KHR_stream_attrib EGL_KHR_stream_consumer_gltexture EGL_KHR_stream_cross_process_fd EGL_KHR_stream_fifo EGL_KHR_stream_producer_eglsurface EGL_KHR_surfaceless_context EGL_KHR_wait_sync EGL_NV_quadruple_buffer EGL_NV_stream_consumer_eglimage EGL_NV_stream_cross_display EGL_NV_stream_cross_object EGL_NV_stream_cross_process EGL_NV_stream_cross_system EGL_NV_stream_flush EGL_NV_stream_metadata EGL_NV_stream_remote EGL_NV_stream_reset EGL_NV_stream_socket EGL_NV_stream_socket_inet EGL_NV_stream_socket_unix EGL_NV_stream_sync EGL_NV_stream_fifo_next EGL_NV_stream_fifo_synchronous EGL_NV_stream_consumer_gltexture_yuv EGL_NV_stream_attrib EGL_NV_stream_origin EGL_NV_system_time EGL_NV_output_drm_flip_event EGL_NV_triple_buffer EGL_NV_robustness_video_memory_purge EGL_EXT_present_opaque EGL_WL_bind_wayland_display EGL_WL_wayland_eglstream
II 24-05-25 12:11:45.745 - [render/egl.c:358] Supported EGL device extensions: EGL_NV_device_cuda EGL_EXT_device_drm EGL_EXT_device_drm_render_node EGL_EXT_device_query_name EGL_EXT_device_persistent_id
II 24-05-25 12:11:45.745 - [render/egl.c:360] EGL vendor: NVIDIA
II 24-05-25 12:11:45.745 - [render/egl.c:362] EGL driver name: nvidia
II 24-05-25 12:11:45.880 - [render/gles2/renderer.c:842] Creating GLES2 renderer
II 24-05-25 12:11:45.880 - [render/gles2/renderer.c:843] Using OpenGL ES 3.2 NVIDIA 570.124.04
II 24-05-25 12:11:45.880 - [render/gles2/renderer.c:844] GL vendor: NVIDIA Corporation
II 24-05-25 12:11:45.880 - [render/gles2/renderer.c:845] GL renderer: Quadro P620/PCIe/SSE2
II 24-05-25 12:11:45.880 - [render/gles2/renderer.c:846] Supported GLES2 extensions: GL_EXT_base_instance GL_EXT_blend_func_extended GL_EXT_blend_minmax GL_EXT_buffer_storage GL_EXT_clear_texture GL_EXT_clip_control GL_EXT_clip_cull_distance GL_EXT_color_buffer_float GL_EXT_color_buffer_half_float GL_EXT_conservative_depth GL_EXT_copy_image GL_EXT_depth_clamp GL_EXT_debug_label GL_EXT_discard_framebuffer GL_EXT_disjoint_timer_query GL_EXT_draw_buffers_indexed GL_EXT_draw_elements_base_vertex GL_EXT_EGL_image_array GL_EXT_EGL_image_storage GL_EXT_EGL_image_external_wrap_modes GL_EXT_float_blend GL_EXT_frag_depth GL_EXT_geometry_point_size GL_EXT_geometry_shader GL_EXT_gpu_shader5 GL_EXT_map_buffer_range GL_EXT_multi_draw_indirect GL_EXT_multisample_compatibility GL_EXT_multisampled_render_to_texture GL_EXT_multisampled_render_to_texture2 GL_EXT_multiview_texture_multisample GL_EXT_multiview_timer_query GL_EXT_occlusion_query_boolean GL_EXT_polygon_offset_clamp GL_EXT_post_depth_coverage GL_EXT_primitive_bounding_box GL_EXT_raster_multisample GL_EXT_render_snorm GL_EXT_robustness GL_EXT_separate_shader_objects GL_EXT_shader_group_vote GL_EXT_shader_implicit_conversions GL_EXT_shader_integer_mix GL_EXT_shader_io_blocks GL_EXT_shader_non_constant_global_initializers GL_EXT_shader_texture_lod GL_EXT_shadow_samplers GL_EXT_sparse_texture GL_EXT_sparse_texture2 GL_EXT_sRGB GL_EXT_sRGB_write_control GL_EXT_tessellation_point_size GL_EXT_tessellation_shader GL_EXT_texture_border_clamp GL_EXT_texture_buffer GL_EXT_texture_compression_bptc GL_EXT_texture_compression_dxt1 GL_EXT_texture_compression_rgtc GL_EXT_texture_compression_s3tc GL_EXT_texture_cube_map_array GL_EXT_texture_filter_anisotropic GL_EXT_texture_filter_minmax GL_EXT_texture_format_BGRA8888 GL_EXT_texture_mirror_clamp_to_edge GL_EXT_texture_norm16 GL_EXT_texture_query_lod GL_EXT_texture_rg GL_EXT_texture_shadow_lod GL_EXT_texture_sRGB_R8 GL_EXT_texture_sRGB_decode GL_EXT_texture_storage GL_EXT_texture_view GL_EXT_draw_transform_feedback GL_EXT_unpack_subimage GL_EXT_window_rectangles GL_KHR_context_flush_control GL_KHR_debug GL_EXT_memory_object GL_EXT_memory_object_fd GL_NV_memory_object_sparse GL_KHR_parallel_shader_compile GL_KHR_no_error GL_KHR_robust_buffer_access_behavior GL_KHR_robustness GL_EXT_semaphore GL_EXT_semaphore_fd GL_NV_timeline_semaphore GL_KHR_shader_subgroup GL_KHR_texture_compression_astc_ldr GL_KHR_texture_compression_astc_sliced_3d GL_KHR_texture_compression_astc_hdr GL_NV_bgr GL_NV_bindless_texture GL_NV_blend_equation_advanced GL_NV_blend_equation_advanced_coherent GL_NVX_blend_equation_advanced_multi_draw_buffers GL_NV_blend_minmax_factor GL_NV_clip_space_w_scaling GL_NV_conditional_render GL_NV_conservative_raster GL_NV_conservative_raster_pre_snap_triangles GL_NV_copy_buffer GL_NV_copy_image GL_NV_draw_buffers GL_NV_draw_instanced GL_NV_draw_texture GL_NV_draw_vulkan_image GL_NV_EGL_stream_consumer_external GL_NV_explicit_attrib_location GL_NV_fbo_color_attachments GL_NV_fill_rectangle GL_NV_fragment_coverage_to_color GL_NV_fragment_shader_interlock GL_NV_framebuffer_blit GL_NV_framebuffer_mixed_samples GL_NV_framebuffer_multisample GL_NV_generate_mipmap_sRGB GL_NV_geometry_shader_passthrough GL_NV_instanced_arrays GL_NV_internalformat_sample_query GL_NV_gpu_shader5 GL_NV_image_formats GL_NV_memory_attachment GL_NV_occlusion_query_samples GL_NV_non_square_matrices GL_NV_pack_subimage GL_NV_packed_float GL_NV_packed_float_linear GL_NV_path_rendering GL_NV_path_rendering_shared_edge GL_NV_pixel_buffer_object GL_NV_polygon_mode GL_NV_read_buffer GL_NV_read_depth GL_NV_read_depth_stencil GL_NV_read_stencil GL_NV_sample_locations GL_NV_sample_mask_override_coverage GL_NV_shader_atomic_fp16_vector GL_NV_shader_noperspective_interpolation GL_NV_shader_subgroup_partitioned GL_NV_shadow_samplers_array GL_NV_shadow_samplers_cube GL_NV_sRGB_formats GL_NV_stereo_view_rendering GL_NV_texture_array GL_NV_texture_barrier GL_NV_texture_border_clamp GL_NV_texture_compression_latc GL_NV_texture_compression_s3tc GL_NV_texture_compression_s3tc_update GL_NV_timer_query GL_NV_viewport_
EE 24-05-25 12:11:45.906 - [src/main.cpp:59] Unable to drop root (we shouldn't be able to restore it after setuid), refusing to start

 

[USerID]

Post in thread 'wayfire config question'

Mar 12, 2024

Simply in your .config folder : .config/wf-shell.ini :
I see is working Wayfire/Wayland/EGL/IntelIrisPlus640-Drm-KMOD:
all i have to do is specify XDG_USER_DIR=/tmp wayfire -c .config/wayfire.ini
with seatbeltd loaded and itll run as configured. ->as USER:
logging in as root will crash with unable to drop down to user:

• fspkwon

T

Post in thread 'starting wayland (wayfire) fails using nvidia card [Found 0 GPUS]'

Mar 11, 2024

So those of you with wayland working on Nvidia, are you using an iGPU that has an unused Nvidia card?

I physically have iGPU in CoffeeLake CPU and nvidia Quadro P1000 dGPU.
The iGPU is disabled on UEFI firmware configuration and does not appear on dmesg, so using only dGPU.
Wayfire looks mostly working for a user whose primary group is operator and member of wheel, video and some others that any of software installed requires. See what happenes in my former posts.
Doesn't work for long-standing user whose primary group is wheel. But this would be re-considered by trying newly...

• T-Aoki

Maybe something was written here. Lots of interesting things.

 

[scottro]

I haven't had a problem since NVidia drivers were updated quite awhile ago. From your post, I can't see if you have seatd running. It is necessary.
But I've never tried running it as root, and I use labwc or dwl, not wayfire.

NapoleonWils0n has info here. https://forums.freebsd.org/threads/still-cant-get-wayland-working-with-nvidia.94129/

and a youtube tutorial, (mostly about dwl, but covers wayland with NVidia) here.

View: https://www.youtube.com/watch?v=OyXAl_EOAO8


Handbook article on Wayland here.

Chapter 6. Wayland

This chapter describes how to install and configure Wayland and compositors on FreeBSD, which provides a graphical user environment

docs.freebsd.org

 

[Geezer]

But I've never tried running it as root

I am not. I am running as user geezer in the wheel and video groups.

Have followed the handbook religiously.

Might well try labwc. Got that running on a radeon a while back.

Will definitely look at NapoleonWils0n 's stuff.

 

[Geezer]

Well labwc works without ceremony.

I can get a black screen with a mouse menu of reconfigure / exit, so I can actually get out of it too. I can start it with the -s option and start alacritty, so I can see one window, and start applications from there. Not much of a desktop though. I am going to have to find out how to customise it.

And I can start xfce with labwc too, and about two thirds of it works.

Does not seem to be a replacement for X yet. I would like to get a workable desktop up and running. And I would like to know why wayfire does not start.

 

[Deleted member 82802]

I am running as user geezer in the wheel and video groups.

I have a feeling this might be related. The code in question does the following:

    if ((setgid(0) != -1) || (setuid(0) != -1))
    {
        LOGE("Unable to drop root (we shouldn't be able to "
             "restore it after setuid), refusing to start");

        return false;
    }

So if your primary group is wheel, that setgid(0) call might be succeeding, i.e. not returning -1, and wayfire thinks it couldn't drop the root privileges (which is kinda weird way to check it).

 

[T-Aoki]

I have a feeling this might be related. The code in question does the following:

    if ((setgid(0) != -1) || (setuid(0) != -1))
    {
        LOGE("Unable to drop root (we shouldn't be able to "
             "restore it after setuid), refusing to start");

        return false;
    }

So if your primary group is wheel, that setgid(0) call might be succeeding, i.e. not returning -1, and wayfire thinks it couldn't drop the root privileges (which is kinda weird way to check it).

So do you think it would be fixed if the check

if ((setgid(0) != -1) || (setuid(0) != -1))

is modified

if ((setgid(0) != -1) && (setuid(0) != -1))

like above?
And is the code in Wayfire, or wlroots?

 

[Geezer]

So if your primary group is wheel, that setgid(0) call might be succeeding, i.e. not returning -1, and wayfire thinks it couldn't drop the root privileges (which is kinda weird way to check it).

How right you are. Just tried an ordinary user, and wayfire sprang into colouful life.

I would still like to run it as myself in the wheel group.

 

[scottro]

Geezer, I'll spam my own wayland page https://srobb.net/wayland.html because it has links to getting started with labc. If you have an openbox rc.xml, you can just drop that right into $HOME/.config/labwc/rc.xml and 90 percent of what you have there will work. There should also be a labwc rc.xml sample, though all I see on my system is /usr/local/share/xfce4/labwc/labwc-rc.xml.
Even without using -s you can install wmenu, give it a keybinding, and use it to enter commands.
I have, for example

<keybind key="W-d">
<action name="Execute" command="wmenu-run" />
</keybind>

 

[Geezer]

So do you think it would be fixed if the check

if ((setgid(0) != -1) || (setuid(0) != -1))

is modified

if ((setgid(0) != -1) && (setuid(0) != -1))

like above?
And is the code in Wayfire, or wlroots?

Surely the gid is irrelevant, and the code should be merely:

if (setuid(0) != -1)

 

[Deleted member 82802]

like above?

Yes, that looks better, or even just check the setuid() return value -- the difference here is probably that FreeBSD users are more likely to have wheel as primary group due to su(1) requirements, though I don't know what is the gid 0's name on linux.

And is the code in Wayfire, or wlroots?

Wayfire, just checked the code mentioned in the error message:

[src/main.cpp:59]

 

[T-Aoki]

Surely the gid is irrelevant, and the code should be merely:

if (setuid(0) != -1)

Yes, usually paranoid. But in some cases, if some binary has non-wheel group,having setgid, and invoked as root, it could run as root but not wheel.
If such a cases acutally having no problem or unrelated, the simplified code could be overkill.

 

[T-Aoki]

Does attached help if copied into x11-wm/wayfire/files/ on build with the filename extention ".txt" dropped?
I'm currently on the way of massive rebuilds, thus, cannot try maybe 1 or 2 days at least. (Cannot allow pulling in new dependencies, as abnormalities of pkg 2.0 already deinstalled wayfire and its specific dependencies and not installed again afterwards.) make patch on /usr/ports/x11-wm/wayfire worked fine.

You can edit line 8 if you think if (setuid(0) != -1) is better.

 

[monwarez]

Well the original code was:

main: drop root on startup like Sway · WayfireWM/wayfire@c4d4c94

wlroots may need setuid to run on DRM if built without (e)logind support.

github.com

Here an extract (the formatting is horrible, sorry)

static bool drop_permissions(void)
{
    if (getuid() != geteuid() || getgid() != getegid())
    {
        if (setuid(getuid()) != 0 || setgid(getgid()) != 0)
    {
        log_error("Unable to drop root, refusing to start");
        return false;
    }
    }
    if (setuid(0) != -1)
    {
    log_error("Unable to drop root (we shouldn't be able to "
          "restore it after setuid), refusing to start");

    return false;
    }
    return true;
}

So it appears that someone just think that it should be setgid too.

 

[shkhln]

FWIW, that code does not produce any errors for me (despite the wheel group, yes). Anyway, if you want to actually drop privileges you do something like this:

if (setresgid(GID_NOBODY, GID_NOBODY, GID_NOBODY) == -1) {
  err(EXIT_FAILURE, "setresgid");
}

if (setresuid(UID_NOBODY, UID_NOBODY, UID_NOBODY) == -1) {
  err(EXIT_FAILURE, "setresuid");
}

 

[shkhln]

Although according to the docs this is an equivalent of setgid/setuid combo anyway. (I like it for clarity, though.)

 

[Deleted member 82802]

Well the original code was:

main: drop root on startup like Sway · WayfireWM/wayfire@c4d4c94

wlroots may need setuid to run on DRM if built without (e)logind support.

github.com

Here an extract (the formatting is horrible, sorry)

static bool drop_permissions(void)
{
    if (getuid() != geteuid() || getgid() != getegid())
    {
        if (setuid(getuid()) != 0 || setgid(getgid()) != 0)
    {
        log_error("Unable to drop root, refusing to start");
        return false;
    }
    }
    if (setuid(0) != -1)
    {
    log_error("Unable to drop root (we shouldn't be able to "
          "restore it after setuid), refusing to start");

    return false;
    }
    return true;
}

So it appears that someone just think that it should be setgid too.

Yeah, it was added in https://github.com/WayfireWM/wayfire/commit/b2d3f81f77ac01cfc068efc594fc10928efc1654 and looks to be completely unrelated to real fix in that commit.

 

[Geezer]

Applied T-Aoki 's patch and it worked a treat.

I can now get wayfire up and running with me in the wheel group, and can move windows around and get the wobbly effect - which does not add any functionality at all.

When I have got a couple of days to spare, I will try and customise it to get a nice working DE to suit my aesthetics.

 

[Geezer]

Oh dear.

 

[T-Aoki]

cyric, do you think the patch is worth filing PR?
If so, would you file it, or should I file it? Asking as my patch here is based on your findings. Not sure it's accepted by the maintainer or not, though.