Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 768381

Summary: x11-misc/sddm and GLEP-81 vs. x11-drivers/nvidia-drivers
Product: Gentoo Linux Reporter: Andreas Sturmlechner <asturm>
Component: Current packagesAssignee: Ionen Wolkens <ionen>
Status: RESOLVED WONTFIX    
Severity: normal CC: josef64, kde, lxqt, soap
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://gitweb.gentoo.org/repo/gentoo.git/tree/eclass/nvidia-driver.eclass#n47
See Also: https://bugs.gentoo.org/show_bug.cgi?id=753104
https://github.com/gentoo/gentoo/pull/18935
https://bugzilla.opensuse.org/show_bug.cgi?id=1165987
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 701210    

Description Andreas Sturmlechner gentoo-dev 2021-02-02 15:18:52 UTC
As we know, nvidia-drivers need to have the user in video group, and the same is true for SDDM to display anything else than a black screen.

Part of the GLEP-81 migration for SDDM will be hard-requiring logind and pam which makes it unnecessary for everyone else.

I would like to avoid having to add acct-user/sddm to video group if there is any other way, and at least opensuse seem to have found a workaround.

See also: https://bugzilla.opensuse.org/show_bug.cgi?id=1165987
Comment 1 Ionen Wolkens gentoo-dev 2021-03-06 05:07:38 UTC
As the bug mentions, neither kernel nor udev really know about nvidia devices.

suid root nvidia-modprobe (need :video to run) is called by nvidia libraries and creates devices + load modules on-demand. That can let a non-suid non-logind startx work.

If I get this right, solution would involve force loading the modules at boot, creating devices, then do something similar to that tmpfiles hack which in all I'd rather not if can avoid it as it'd need its own bootscript (trying to load modules from udev rules has proven to cause hangs for some users).

It may(?) be possible to hack something into nvidia-modprobe (will be building it from source soon), but that would involve making it world executable so sddm can run it.

Another option would be to patch systemd/elogind, but I imagine nobody wants to do that.

display-manager-init could also do the dirty work, like run nvidia-modprobe -m and setup static_nodes links. If had setpriv (util-linux[caps]) could just start display managers with setpriv --groups video if group exists (doesn't change group id, but adds supplementary groups). As much as I love setpriv, caps is not a default flag on util-linux.

Suggestions welcome.
Comment 2 Ionen Wolkens gentoo-dev 2021-03-06 05:33:25 UTC
(In reply to Ionen Wolkens from comment #1)
> setpriv --groups video if group exists
I might add that, so far, this would be my favored solution (regardless of tool used to set groups) as it doesn't need each DMs adding themselves, and still let things work as-nvidia-intended (as bad as that is).
Comment 3 Ionen Wolkens gentoo-dev 2021-03-06 16:08:53 UTC
Actually, I might have to use udev to modules (hopefully without hanging systems this time) anyway due to some other issue. I'll see if the symlink thing works later.
Comment 4 Ionen Wolkens gentoo-dev 2021-03-07 14:16:24 UTC
It's actually rather inconvenient after all, it's the modules loading part that's the issue and I know some users don't want them loaded at boot.

tmpfiles workaround also couldn't easily account for every devices, it's more of a half-solution.

Unless want to setup something in bootscripts, staying in video group post-glep81 would be simplest, some others (like acct-user/greetd) already do this it looks like.
Comment 5 Conrad Kostecki gentoo-dev 2021-07-13 22:44:56 UTC
Any update here?
Comment 6 Ionen Wolkens gentoo-dev 2021-07-13 23:11:37 UTC
(In reply to Conrad Kostecki from comment #5)
> Any update here?
This bug was about finding an alternative to being in video group for DMs, but I still don't see a good/complete solution to this that won't introduce more problems.

I can only suggest with going ahead with what gdm and greetd already did, i.e. migrate to acct-user/sddm with video group.