Singularity: startx: Cannot open /dev/tty0 (Permission denied)

Created on 26 Sep 2020  路  6Comments  路  Source: hpcng/singularity

Version of Singularity:

What version of Singularity are you using? Run:

$ singularity version
3.5-2.2020081216.gea34b0da8.el7

Steps to reproduce this behavior

  1. I build a sandbox image in which I can modify some files in the container without root.
singularity build --sandbox ai2thor.sif docker://quanguet/ai2thor:nano

This image is actually built with docker with Dockerfile having the following lines, that enables to run X server.

RUN apt-get update && apt-get -y install python3-pip libxrender1 libsm6 xserver-xorg-core xorg python3-venv vim pciutils wget git module-init-tools nano

It works pretty well when I launch this image with docker run --priviledged -it quanguet/ai2thor and start the X server inside the docker.

  1. Get into the environment
singularity shell --writable --fakeroot --nv ai2thor.sif

Inside the container, I modify /etc/X11/Xwrapper.config with the following change:

Singularity> nano /etc/X11/Xwrapper.config

# allowed_users=console
# changed into 
allowed_users=anybody
  1. Start an X server:
Singularity> startx

and get the error:

_XSERVTransmkdir: Owner of /tmp/.X11-unix should be set to root

X.Org X Server 1.19.6
Release Date: 2017-12-20
X Protocol Version 11, Revision 0
Build Operating System: Linux 4.15.0-115-generic x86_64 Ubuntu
Current Operating System: Linux g0003.abci.local 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64
Kernel command line: BOOT_IMAGE=/vmlinuz-3.10.0-862.el7.x86_64 root=UUID=41b57a73-124f-47dd-ada6-860528ae35d8 ro selinux=0 quiet console=tty0 console=ttyS0,115200 ipv6.disable=1 crashkernel=256M thash_entries=131072 consoleblank=0 scsi_mod.eh_deadline=1
Build Date: 04 September 2020  03:34:39PM
xorg-server 2:1.19.6-1ubuntu4.6 (For technical support please see http://www.ubuntu.com/support) 
Current version of pixman: 0.34.0
    Before reporting problems, check http://wiki.x.org
    to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
    (++) from command line, (!!) notice, (II) informational,
    (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sat Sep 26 15:12:07 2020
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
(EE) 
Fatal server error:
(EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied)
(EE) 
(EE) 
Please consult the The X.Org Foundation support 
     at http://wiki.x.org
 for help. 
(EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information.
(EE) 
(EE) Server terminated with error (1). Closing log file.

I check the ownership of /dev/tty0:

Singularity> ls -l /dev/tty0
crw--w---- 1 nobody nogroup 4, 0 Sep  8 20:16 /dev/tty0

What OS/distro are you running

$ cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

How did you install Singularity

Singularity is installed by the HPC center named ABCI, and I'm an user of ABCI.

I'm totally new to Singularity, and have no root account.
Any pointer to this error would be super great for me.
Thank you a lot!

Question
Source
picture davidnvq

All 6 comments

When you run under docker with the --privileged flag docker run --priviledged -it quanguet/ai2thor you are permitting the container to have privileges that it cannot have under Singularity running as a normal user on a shared system.

I'm afraid that the X server is really designed to be run as root, or able to gain some root privilege through use of 'setuid' or a similar mechanism. These are unsafe on shared systems, so they are not allowed in Singularity's security model.

Generally the correct thing to do is to use an XServer that is running outside of the container, on the host, instead of running one inside the container. When you run an application in the container it can use the DISPLAY environment variable and connect to the corresponding host XServer in order to display itself. If you need an X server in the container you may be also able to run XVnc as the X server and connect to it remotely etc.

Further unformation about what you are trying to accomplish, and the environment you are running on (e.g. is this in an interactive GUI session on HPC / batch job etc) would be useful.

If you are a SingularityPRO user (noted from your link to your center), you may also ask your center about raising a support query.

dtrudg picture dtrudg on 28 Sep 2020
1

Many thanks for your response. Let me follow what you have said. I'm going to try Xvfb as I've just found that option.

davidnvq picture davidnvq on 29 Sep 2020

Many thanks for your response. Let me follow what you have said. I'm going to try Xvfb as I've just found that option.

Xvfb is definitely the tool to use if you do not need to view the graphical output directly, but the program requires access to an X server to run.

dtrudg picture dtrudg on 29 Sep 2020
1 😕1

yes, you are right. It got still stuck with the X server.

davidnvq picture davidnvq on 30 Sep 2020

I would suggest bringing the issue up on the mailing list or slack channel. There may be others using the same or similar software who have a strategy that you can adopt.

dtrudg picture dtrudg on 30 Sep 2020

Closing, as this issue is a usage question that has not had follow up for >90 days.

For issues that are questions r.e. using Singularity, rather than bugs or feature requests, the mailing-list and slack channel are often better venues. Questions to the slack channel and mailing list will be seen by a large number of subscribed users, rather than only those who look inside a particular GitHub issue. Therefore they are encouraged for this type of inquiry.

Slack: See https://hpcng.org/ for invite (bottom of page)
Mailing List / Google Group: https://groups.google.com/a/lbl.gov/forum/#!forum/singularity

dtrudg picture dtrudg on 4 Jan 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gdolle picture gdolle  路  5Comments
alalazo picture alalazo  路  3Comments
GodloveD picture GodloveD  路  3Comments
jmdf picture jmdf  路  4Comments
rhattersley picture rhattersley  路  4Comments