Lock command on Linux running gdm results in a black screen and stuck state #22437
Comments
allenhouchins
added
bug
allenhouchins
changed the title
|
Thanks Allen, we will take a look here sometime next week |
georgekarrv
added
:release
lukeheath
added
~released bug
|
Some initial research on this: It appears to be related to a change made to GDM. I can replicate this behaviour by just creating the Previously GDM would show the login prompt as usual and throw an error when the user enters a password instead of coming up as a black screen alltogether. I will continue to investigate. |
|
This bug appears to be Ubuntu only. It doesn't happen on the latest release of Fedora |
#22437 There is a bug in Ubuntu 24.04's distribution of GDM that prevents it from starting correctly and displaying a prompt to the user if `/etc/nologin` is present. This issue is not present on the current release of Fedora, meaning it is Ubuntu specific. The way we lock users out is by manually creating the `nologin` file and then masking the `systemd-user-sessions` systemd unit, which creates the file on shutdown and deletes it on startup. This will cause a PAM policy to fail and prevents anyone from logging in. When we unlock the system we delete the `nologin` file, unmask the `systemd-user-sessions` unit, and manually run the binary that it should start. This process removes the cause of the GDM bug, but we need to reboot the machine to get GDM working again. While I have not yet been able to determine the exact cause of the bug, this fix will prevent the user from being stuck with a black screen once the machine is unlocked. This fix will not remedy GDM showing a black screen upon being locked, it only ensures that the user isn't stuck having to manually reboot the machine once it's unlocked. We should check back on this soon to see if the bug gets been fixed upstream.
|
QA Notes: Confirmed that when sending a lock command to ubuntu 22.04+ the screen goes black due to the Ubuntu bug. With the fix applied, the user/admin no longer has to restart the device to get to the login screen when the |
|
In locked state, dark, |
Fleet version: 4.57.0
Web browser and operating system: Chrome or Safari
💥 Actual behavior
If you have an Ubuntu 24.04 host running
gdmas its desktop manager, sending a Lock command will put the device in an unusable state -- the screen goes black and takes no user input. Rebooting the device never gets you back to the login screen. You have to send an Unlock command and reboot again to regain functionality. If you switch your desktop manager tolightdm, the Lock and Unlock commands work as you would expect.🧑💻 Steps to reproduce
gdmas the desktop manager (this should be the default)lightdmand observe normal, expected behavior🕯️ More info (optional)
Video demonstration
I was able to replicate this in Parallels, VMware Fusion, bare metal arm64, and bare metal amd64
This might be a bug for
gdmand not Fleet but wanted to verify there wasn't a different approach we could take withgdmto prevent this behavior. This issue is not present in RHEL, Kali, or Fedora but I believe they do not usegdm.The text was updated successfully, but these errors were encountered: