Orca won't start up on login screen

mr-keys · June 28, 2021, 5:12pm

Hi everyone, this is my first post.

Using Fedora 34, with the GNOME desktop. I am unable to start up the screen reader: orca at the login screen. With the key combination super key, plus alt, plus, S. This does work in other distributions though. E.G. Ubuntu, Mint.

However, when I do finally manage to type out my password, hit enter and gain access to the desktop with trial and error. It is then that the screen reader does start-up and I’m able to use the system.

So, is this a bug with V34 work station addition?
Any input would be most appreciated.
Thank you for reading.

nes · June 30, 2021, 6:41am

It looks like a misconfiguration in Fedora, so it should be fixed before long. Maybe someone can come up with a workaround in the meantime. I’m adding a log entry from my system below that I think shows the problem:

avc:  denied  { write } for  pid=51469 comm="orca" name="dbus-IREpHY7Ryj" dev="tmpfs" ino=901 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0

vgaetera · June 30, 2021, 7:32am

If this is a SELinux-related problem, you can create a custom policy to resolve it.

mr-keys · June 30, 2021, 2:04pm

Thank you both for your replies.
If it is a miss configured problem with orca and Fedora 34. How will we know when the bug is fixed?

I’m not a developer, just a user.

nes · June 30, 2021, 3:59pm

The problem has been reported a couple of months ago here: 1959392 – Orca can not access the system dbus bus when run as the gdm user. The bug entry will probably be updated once a fix is implemented.

mr-keys · July 17, 2021, 2:33pm

Any updates on this?

vgaetera · July 17, 2021, 2:48pm

Check if it works with a custom permissive SELinux policy as mentioned above.

mr-keys · July 17, 2021, 5:47pm

Sorry but what is a: custom permissive SELinux policy? How would I make the change?

vgaetera · July 18, 2021, 1:40am

sudo tee /tmp/custom.te << EOF
module custom 1.0;
require {
class sock_file write;
class unix_stream_socket connectto;
type tmp_t;
type unconfined_service_t;
type xdm_t;
}
allow xdm_t tmp_t:sock_file write;
allow xdm_t unconfined_service_t:unix_stream_socket connectto;
EOF
sudo checkmodule -M -m -o /tmp/custom.mod /tmp/custom.te
sudo semodule_package -o /tmp/custom.pp -m /tmp/custom.mod
sudo semanage module -r custom
sudo semanage module -a /tmp/custom.pp

nes · July 19, 2021, 9:15am

I tried this a while back (using audit2allow) and it didn’t resolve the issue. I think the problem runs deeper, because I see a ton of DBus errors.

vgaetera · July 19, 2021, 9:31am

It would be helpful to collect relevant logs if possible.
This may reveal more details when the initial issue is resolved.

nes · July 19, 2021, 10:00am

Here’s a cleaned-up log after enabling the custom module from your previous comment:

XDM Orca Crash

юли 19 12:33:28 desktop systemd[3180]: Starting D-Bus User Message Bus...
юли 19 12:33:28 desktop dbus-broker-launch[3207]: Service file '/usr/share/dbus-1/services/sealert.service' is not named after the D-Bus name 'org.fedoraproject.Setroubleshootd'.
юли 19 12:33:28 desktop dbus-broker-launch[3207]: Policy to allow eavesdropping in /usr/share/dbus-1/session.conf +31: Eavesdropping is deprecated and ignored
юли 19 12:33:28 desktop dbus-broker-launch[3207]: Policy to allow eavesdropping in /usr/share/dbus-1/session.conf +33: Eavesdropping is deprecated and ignored
юли 19 12:33:28 desktop systemd[3180]: Started D-Bus User Message Bus.
юли 19 12:33:28 desktop dbus-broker-lau[3207]: Ready
юли 19 12:33:28 desktop gnome-session[3217]: gnome-session-binary[3217]: WARNING: Failed to upload environment to systemd: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.freedesktop.systemd1" does not exist
юли 19 12:33:28 desktop gnome-session-binary[3217]: WARNING: Failed to upload environment to systemd: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.freedesktop.systemd1" does not exist
юли 19 12:33:28 desktop gnome-session[3217]: gnome-session-binary[3217]: WARNING: Failed to reset failed state of units: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.freedesktop.systemd1" does not exist
юли 19 12:33:28 desktop gnome-session-binary[3217]: WARNING: Failed to reset failed state of units: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.freedesktop.systemd1" does not exist
юли 19 12:33:28 desktop gnome-session[3217]: gnome-session-binary[3217]: WARNING: Falling back to non-systemd startup procedure due to error: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.freedesktop.systemd1" does not exist
юли 19 12:33:28 desktop gnome-session-binary[3217]: WARNING: Falling back to non-systemd startup procedure due to error: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.freedesktop.systemd1" does not exist
юли 19 12:33:28 desktop gnome-shell[3227]: Adding device '/dev/dri/card0' (amdgpu) using atomic mode setting.
юли 19 12:33:28 desktop gnome-shell[3227]: Boot VGA GPU /dev/dri/card0 selected as primary
юли 19 12:33:29 desktop gnome-shell[3227]: Disabling DMA buffer screen sharing for driver 'amdgpu'.
юли 19 12:33:29 desktop gnome-shell[3227]: Using public X11 display :1024, (using :1025 for managed services)
юли 19 12:33:29 desktop gnome-shell[3227]: Using Wayland display name 'wayland-0'
юли 19 12:33:29 desktop audit[3227]: AVC avc:  denied  { write } for  pid=3227 comm="gnome-shell" name="dbus-SGzWfP4KA7" dev="tmpfs" ino=100 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
юли 19 12:33:29 desktop gnome-shell[3227]: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-SGzWfP4KA7: Permission denied
юли 19 12:33:29 desktop org.gnome.Shell.desktop[3304]: glamor: No eglstream capable devices found
юли 19 12:33:29 desktop gnome-shell[3227]: Skipping parental controls support as it’s disabled
юли 19 12:33:29 desktop gnome-shell[3227]: Unset XDG_SESSION_ID, getCurrentSessionProxy() called outside a user session. Asking logind directly.
юли 19 12:33:29 desktop gnome-shell[3227]: Will monitor session c2
юли 19 12:33:29 desktop audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
юли 19 12:33:29 desktop systemd[3180]: Started Multimedia Service.
юли 19 12:33:29 desktop systemd[3180]: Started PipeWire PulseAudio.
юли 19 12:33:29 desktop polkitd[820]: Registered Authentication Agent for unix-session:c2 (system bus name :1.151 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
юли 19 12:33:30 desktop systemd[1]: Starting Hostname Service...
юли 19 12:33:30 desktop audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.13-org.fedoraproject.Setroubleshootd@2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
юли 19 12:33:30 desktop systemd[1]: Started dbus-:1.13-org.fedoraproject.Setroubleshootd@2.service.
юли 19 12:33:30 desktop gsd-sharing[3395]: Failed to StopUnit service: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process org.freedesktop.systemd1 exited with status 1
юли 19 12:33:30 desktop gsd-sharing[3395]: Failed to StopUnit service: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process org.freedesktop.systemd1 exited with status 1
юли 19 12:33:30 desktop gsd-sharing[3395]: Failed to StopUnit service: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process org.freedesktop.systemd1 exited with status 1
юли 19 12:33:30 desktop audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
юли 19 12:33:30 desktop systemd[1]: Started Hostname Service.
юли 19 12:33:30 desktop kernel: rfkill: input handler disabled
юли 19 12:33:30 desktop dbus-broker[802]: A security policy denied :1.151 to send method call /org/freedesktop/PackageKit:org.freedesktop.DBus.Properties.GetAll to :1.42.
юли 19 12:33:30 desktop gnome-shell[3227]: Error looking up permission: GDBus.Error:org.freedesktop.portal.Error.NotFound: No entry for geolocation
юли 19 12:33:30 desktop audit[3403]: AVC avc:  denied  { write } for  pid=3403 comm="gsd-keyboard" name="dbus-SGzWfP4KA7" dev="tmpfs" ino=100 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
юли 19 12:33:30 desktop audit[3398]: AVC avc:  denied  { write } for  pid=3398 comm="gsd-wacom" name="dbus-SGzWfP4KA7" dev="tmpfs" ino=100 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
юли 19 12:33:30 desktop gsd-wacom[3398]: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-SGzWfP4KA7: Permission denied
юли 19 12:33:30 desktop gsd-keyboard[3403]: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-SGzWfP4KA7: Permission denied
юли 19 12:33:30 desktop audit[3400]: AVC avc:  denied  { write } for  pid=3400 comm="gsd-color" name="dbus-SGzWfP4KA7" dev="tmpfs" ino=100 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
юли 19 12:33:30 desktop gsd-color[3400]: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-SGzWfP4KA7: Permission denied
юли 19 12:33:30 desktop audit[3423]: AVC avc:  denied  { write } for  pid=3423 comm="gsd-power" name="dbus-SGzWfP4KA7" dev="tmpfs" ino=100 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
юли 19 12:33:30 desktop gsd-power[3423]: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-SGzWfP4KA7: Permission denied
юли 19 12:33:30 desktop audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
юли 19 12:33:30 desktop gsd-media-keys[3413]: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-SGzWfP4KA7: Permission denied
юли 19 12:33:30 desktop audit[3413]: AVC avc:  denied  { write } for  pid=3413 comm="gsd-media-keys" name="dbus-SGzWfP4KA7" dev="tmpfs" ino=100 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
юли 19 12:33:30 desktop setroubleshoot[3453]: AnalyzeThread.run(): Cancel pending alarm
юли 19 12:33:30 desktop audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=realmd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
юли 19 12:33:30 desktop gnome-session-binary[3217]: Entering running state
юли 19 12:33:30 desktop systemd[1]: Started dbus-:1.13-org.fedoraproject.SetroubleshootPrivileged@2.service.
юли 19 12:33:30 desktop audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.13-org.fedoraproject.SetroubleshootPrivileged@2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
юли 19 12:33:30 desktop audit[3644]: AVC avc:  denied  { write } for  pid=3644 comm="ibus-x11" name="dbus-SGzWfP4KA7" dev="tmpfs" ino=100 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
юли 19 12:33:30 desktop gsd-media-keys[3413]: Failed to grab accelerator for keybinding settings:hibernate
юли 19 12:33:30 desktop gsd-media-keys[3413]: Failed to grab accelerator for keybinding settings:playback-repeat
юли 19 12:33:30 desktop audit[3634]: AVC avc:  denied  { write } for  pid=3634 comm="orca" name="dbus-SGzWfP4KA7" dev="tmpfs" ino=100 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
юли 19 12:33:30 desktop orca[3634]: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-SGzWfP4KA7: Permission denied
юли 19 12:33:30 desktop audit[3634]: AVC avc:  denied  { write } for  pid=3634 comm="orca" name="dbus-SGzWfP4KA7" dev="tmpfs" ino=100 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
юли 19 12:33:30 desktop kernel: traps: orca[3634] trap int3 ip:7fe5a1e10f7f sp:7ffe45232fc0 error:0 in libglib-2.0.so.0.6800.2[7fe5a1dd2000+90000]
юли 19 12:33:30 desktop audit[3634]: ANOM_ABEND auid=4294967295 uid=42 gid=42 ses=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 pid=3634 comm="orca" exe="/usr/bin/python3.9" sig=5 res=1
юли 19 12:33:30 desktop orca[3634]: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-SGzWfP4KA7: Permission denied
юли 19 12:33:30 desktop orca[3634]: AT-SPI: Couldn't connect to accessibility bus. Is at-spi-bus-launcher running?
юли 19 12:33:30 desktop systemd[1]: Started Process Core Dump (PID 3739/UID 0).
юли 19 12:33:30 desktop audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@2-3739-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
юли 19 12:33:30 desktop systemd-coredump[3740]: Process 3634 (orca) of user 42 dumped core.
                                                   
                                                   Stack trace of thread 3634:
                                                   #0  0x00007fe5a1e10f7f g_log_structured_array (libglib-2.0.so.0 + 0x5bf7f)
                                                   #1  0x00007fe5a1e11249 g_log_default_handler (libglib-2.0.so.0 + 0x5c249)
                                                   #2  0x00007fe5a1e1261a g_logv (libglib-2.0.so.0 + 0x5d61a)
                                                   #3  0x00007fe5a1e12903 g_log (libglib-2.0.so.0 + 0x5d903)
                                                   #4  0x00007fe5a107e2ae _atspi_bus (libatspi.so.0 + 0x182ae)
                                                   #5  0x00007fe5a107e868 get_application.lto_priv.0 (libatspi.so.0 + 0x18868)
                                                   #6  0x00007fe5a1083f11 _atspi_ref_accessible (libatspi.so.0 + 0x1df11)
                                                   #7  0x00007fe5a1d31c04 ffi_call_unix64 (libffi.so.6 + 0x6c04)
                                                   #8  0x00007fe5a1d31107 ffi_call (libffi.so.6 + 0x6107)
                                                   ...

Edit: I also misspoke about all tools not working, there’s a lot of DBus errors but it’s just Orca that crashes.

vgaetera · July 19, 2021, 10:22am

That’s weird as there are still several AVC warnings.
And the cause of the process crash may be related to those messages.
The AVC warnings should not appear if the policy has been applied properly.

nes · July 19, 2021, 10:55am

Here’s a log from a fresh boot, no AVC denials. Orca doesn’t crash this time, but it still doesn’t seem to work:

Login window log

13:37:09 desktop gnome-shell[1150]: Using public X11 display :1024, (using :1025 for managed services)
13:37:09 desktop gnome-shell[1150]: Using Wayland display name 'wayland-0'
13:37:10 desktop systemd[1041]: Started Multimedia Service.
13:37:10 desktop systemd[1041]: Started PipeWire PulseAudio.
13:37:10 desktop polkitd[820]: Registered Authentication Agent for unix-session:c1 (system bus name :1.34 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
13:37:10 desktop dbus-broker[802]: A security policy denied :1.34 to send method call /org/freedesktop/PackageKit:org.freedesktop.DBus.Properties.GetAll to :1.42.
13:37:11 desktop gnome-shell[1150]: ATK Bridge is disabled but a11y has already been enabled.
13:37:11 desktop org.gnome.Shell.desktop[1584]: The XKEYBOARD keymap compiler (xkbcomp) reports:
13:37:11 desktop org.gnome.Shell.desktop[1584]: > Warning:          Unsupported maximum keycode 708, clipping.
13:37:11 desktop org.gnome.Shell.desktop[1584]: >                   X11 cannot support keycodes above 255.
13:37:11 desktop org.gnome.Shell.desktop[1584]: Errors from xkbcomp are not fatal to the X server
13:37:11 desktop gnome-shell[1150]: Registering session with GDM
13:37:17 desktop orca-autostart.desktop[1671]: Warning:          Could not load keyboard geometry for :1024
13:37:17 desktop orca-autostart.desktop[1671]:                   BadName (named color or font does not exist)
13:37:17 desktop orca-autostart.desktop[1671]:                   Resulting keymap file will not describe geometry
13:37:24 desktop pipewire-pulse[1243]: client 0x55b2bfed3200 [speech-dispatcher-espeak-ng]: stream 0x55b2c07814a0 UNDERFLOW channel:0 offset:280358 underrun:236
13:37:26 desktop pipewire-pulse[1243]: 5 events suppressed
13:37:26 desktop pipewire-pulse[1243]: client 0x55b2bfed3200 [speech-dispatcher-espeak-ng]: stream 0x55b2c07814a0 UNDERFLOW channel:0 offset:317050 underrun:236
13:37:29 desktop orca-autostart.desktop[1642]: The following are not valid: main-window splash-window

nes · July 19, 2021, 11:08am

I can confirm that the SELinux workaround does indeed fix the issue with Orca.

What it doesn’t fix is the other issue that Pipewire selects the wrong sound device and/or output on the login screen, and that was the reason I heard nothing after applying the custom module I have an onboard sound card I don’t use, but instead send the audio over HDMI. On the login screen, Pipewire either selects the wrong card or the wrong output (S/PDIF) on the right card. After plugging a speaker it picked it up and sound was working at login, including the screen reader.