Hello dear rockers!
I just did a fresh install of 8.5 from the DVD.iso,
but I can not login as a usual user.
The login works for root though.
*The error message is *
“cannot make/remove an entry”
I am not sure whether or not the following issue is related
after GNOME loads during startup I get some error like
nouveau: DRM: chid0 … unresolvable handle
*or *
nouveau DRM: failed to idle channel 0 [DRM]
Hopefully someone has an idea what could be causing this.
When you say you can only login as root, is that a graphical login with the gnome-desktop presented with root privileges?
What happens if you access a console by typing Ctrl+Alt+F3 and then try your regular username and password?
It would be nice to get a better profile of your hardware by installing the profiler “inxi”. You can do that from a terminal as root:
# dnf install inxi
then issue the command:
# inxi -SCG >> hardware.txt
You can then open “hardware.txt” and copy/paste the output to your reply to this post.
This information will give us a bit more to work with to help solve your issue.
Isn’t inxi in EPEL? If yes, then you need to install epel-release first?
Looks like it’s in base repo also.
dnf provides inxi
Last metadata expiration check: 0:10:16 ago on Wed 29 Dec 2021 09:29:07 AM EST.
inxi-3.3.09-1.el8.noarch : A full featured system information script
Repo : @System
Matched from:
Provide : inxi = 3.3.09-1.el8inxi-3.3.09-1.el8.noarch : A full featured system information script
Repo : epel
Matched from:
Provide : inxi = 3.3.09-1.el8
This means the package is installed, just that.
You will also see
$ dnf info inxi
...
Repository : @System
From repo : epel
...
Also note that per definition EPEL only provides Packages that are not available in the main distro.
You need epel and powertools repository enabled for inxi to install.
Base respos have names: baseos, appstream, powertools, and extras.
One can define multiple repositories for the installer. I’d guess that “System” was such name (but, for epel).
to enable the epel repository then you would enter the command:
dnf install epel-release
I didn’t remember doing so till I reread the Mate Desktop install instructions.
Thank @all, also for hinting towards epel!
trying to login as regular user without Gnome GUI give the same error as written in first post.
Hardware is new, although released about a year ago:
System: Host: localhost.localdomain Kernel: 4.18.0-348.7.1.el8_5.x86_64 x86_64 bits: 64
Desktop: GNOME 3.32.2 Distro: Rocky Linux release 8.5 (Green Obsidian)
CPU: Info: 8-Core model: AMD Ryzen 9 5900HX with Radeon Graphics bits: 64 type: MT MCP
cache: L2: 4 MiB
Speed: 1789 MHz min/max: 1200/3300 MHz Core speeds (MHz): 1: 1789 2: 1872 3: 4153
4: 1909 5: 1786 6: 3616 7: 2798 8: 1731 9: 4211 10: 3868 11: 3652 12: 1770
13: 2872 14: 1734 15: 3988 16: 3003
Graphics: Device-1: NVIDIA GA104M [GeForce RTX 3080 Mobile / Max-Q 8GB/16GB]
driver: nouveau v: kernel
Device-2: AMD Cezanne driver: amdgpu v: kernel
Display: wayland server: X.Org 1.21.1.1 driver: loaded: ati,modesetting
unloaded: fbdev,vesa resolution: 2560x1440~40Hz
OpenGL: renderer: AMD RENOIR (DRM 3.40.0 4.18.0-348.7.1.el8_5.x86_64 LLVM 12.0.1)
v: 4.6 Mesa 21.1.5
I don’t have any specific drivers for on board or dicrete gpu installed except the standard nouveau.
That’s interesting. I’ve never had two graphics cards running at the same time. I’m wondering if you might disable the onboard AMD graphics in the firmware and see if after doing that and relying on just the nvidia card your issue changes.
Or
Remove the nvidia card and rely on just the AMD graphics.
Before Chrismas I did install (CentOS 7) to an HP that had both Intel IGP and discrete NVidia. The drivers failed to see the monitor more than barely. (Still got picture and could log in, but not with optimal settings.) The solution was to disable the integrated graphics in EFI. Then NVidia was the only GPU and communication with monitor was ok. (I did add NVidia’s drivers; ELRepo-packages too. They do some things better than Nouveau.)
If you want to test those drivers, then:
sudo dnf install elrepo-release # defines ELRepo's repo for us
sudo dnf install nvidia-detect # a tool that tells which version supports the card
sudo dnf install $(nvidia-detect) # install that version
“3080 Mobile” … a laptop? I’ve seen laptops with IGP and discrete (NVidia). There was something to set them up. Basically, the IGP is used for everything, but starting graphics-heavy programs with helper-tool makes them use the discrete GPU. (Apples do such scheduling auto-magickally?)
Point is, is it even possible to disable the IGP in a laptop? Then again, pulling out RTX 3080M as “useless” does not feel nice.
This laptops Nvidia card will be used for 3d-rendering and similar tasks with the Nvidia driver.
Because of it’s power draw only once plugged into the grid.
For mobile usage and office tasks the Radeon IGPU should be used.
Windows does the switching more or less automatic.
I can try disabling the IGPU for testing, but it is no viable solution really.
Do you expect the nvidia-driver to solve the login issue?
I’ve had two Nvidia cards running under CentOS previously,
but this mobile combo seems more tricky.
Wow, never before was I able to install the nvidia driver with just two lines!
“”"
System:
Host: localhost.localdomain Kernel: 4.18.0-348.7.1.el8_5.x86_64 x86_64
bits: 64 Desktop: GNOME 3.32.2
Distro: Rocky Linux release 8.5 (Green Obsidian)
CPU:
Info: 8-Core model: AMD Ryzen 9 5900HX with Radeon Graphics bits: 64
type: MT MCP cache: L2: 4 MiB
Speed: 1523 MHz min/max: 1200/3300 MHz Core speeds (MHz): 1: 1523 2: 1734
3: 3154 4: 4160 5: 1789 6: 3206 7: 2893 8: 1729 9: 1694 10: 1486 11: 3619
12: 1643 13: 3753 14: 1812 15: 1891 16: 1541
Graphics:
Device-1: NVIDIA GA104M [GeForce RTX 3080 Mobile / Max-Q 8GB/16GB]
driver: nvidia v: 470.94
Device-2: AMD Cezanne driver: amdgpu v: kernel
Display: x11 server: X.Org 1.20.11 driver: loaded: nvidia
resolution: 1920x1080~60Hz
OpenGL: renderer: NVIDIA GeForce RTX 3080 Laptop GPU/PCIe/SSE2
v: 4.6.0 NVIDIA 470.94
“”"
You might notice the difference in resolution,
that’s because when the nvidia driver is loaded the laptop monitor goes black
and I need to use an external as primary.
Apart from that I still get the same error “cannot make/remove an entry”
when trying to login as regular user.
Since Ctrl-Alt-F3 level login didn’t work either my chances of getting up and running with KDE instead of Gnome are slim right?
On a sidenote: The “windowskey” of the laptop keyboard became function less both under rockylinux
and Windows 
I disabled the IGPU in bios,
so the laptop screen is active again
but the login issue persists.
So my guess is we are looking at at least two seperated problems here.
The one that’s most unexpected being unable to login as regular user.
I did another install of rocky before with the same issue,
then I though it might be because I added the user account during installation as part of the wheel group. But seems unrelated as well in hinsight.
Graphics:
Device-1: NVIDIA GA104M [GeForce RTX 3080 Mobile / Max-Q 8GB/16GB]
driver: nvidia v: 470.94
Display: x11 server: X.Org 1.20.11 driver: loaded: nvidia
resolution: 2560x1440~40Hz
OpenGL: renderer: NVIDIA GeForce RTX 3080 Laptop GPU/PCIe/SSE2
v: 4.6.0 NVIDIA 470.94
Agreed.
A note: the root has home in /root, which is in same filesystem as /, i.e. in volume as most of system. Regular account homes are under /home, which the default install mounts from separate filesystem.
Being member of wheel does not explain errors.
The root should not login with GUI session. I thought that that was blocked. Log to text console, via ssh, or su/sudo.
Can regular account log into text console? That is what I would check first. When that fails, check the logs for explanation. (Files /var/log/messages, /var/log/secure, and output of journalctl -xe )
How are the filesystems?
lsblk
findmnt
df -h
“cannot make/remove an entry” even when login through init 3 as regular user
regular users /home is mounted
here are some excerpts from secure:
edit: deleted
and from messages:
edit: deleted
maybe that’s already enough info for problem solving
Bugzilla has entry about that, but quite old, so perhaps not relevant: Full Text Bug Listing
This is more likely reason. SELinux can and will block things. Another way to get list of those is:
audit2why < /var/log/audit/audit.log
Perhaps some files lack proper SELinux context? They can be reset by:
touch /.autorelabel and then reboot.
Thank you!!!
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=885479
sounds very familiar indeed, especially the confusion that something like this can arise in a fresh install…
I tried touch /.autorelabel but to no avail.
audit2why suggested to setsebool -P polyinstantiation_enabled 1
and since it reminded of a workaround from the bugzilla page i tried it as well.
and: login issue solved! 
Thanks again!
For the questions regarding graphics drivers I will open a new topic
But what is polyinstantiation?
Is something configured in your /etc/security/namespace.conf ? (Probably)
You are right, there is a namespace config since the installation of rocky.
Also I just discovered that the regular user accounts are not in the sudoers file.
So I tried usermod -a -G sudo
but received error that sudo group does not exist…
Shoud I create this manually?
> # /etc/security/namespace.conf
> #
> # See /usr/share/doc/pam-*/txts/README.pam_namespace for more information.
> #
> # Uncommenting the following three lines will polyinstantiate
> # /tmp, /var/tmp and user’s home directories. /tmp and /var/tmp will
> # be polyinstantiated based on the MLS level part of the security context as well as user
> # name, Polyinstantion will not be performed for user root and adm for directories
> # /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users.
> # The user name and context is appended to the instance prefix.
> #
> # Note that instance directories do not have to reside inside the
> # polyinstantiated directory. In the examples below, instances of /tmp
> # will be created in /tmp-inst directory, where as instances of /var/tmp
> # and users home directories will reside within the directories that
> # are being polyinstantiated.
> #
> # Instance parent directories must exist for the polyinstantiation
> # mechanism to work. By default, they should be created with the mode
> # of 000. pam_namespace module will enforce this mode unless it
> # is explicitly called with an argument to ignore the mode of the
> # instance parent. System administrators should use this argument with
> # caution, as it will reduce security and isolation achieved by
> # polyinstantiation.
> #
> #/tmp /tmp-inst/ level root,adm
> #/var/tmp /var/tmp/tmp-inst/ level root,adm
> #$HOME $HOME/$USER.inst/ level
> /tmp /tmp/tmp-inst/ level root,adm
> /var/tmp /var/tmp/tmp-inst/ level root,adm
From my understanding it ups the systems safety.
I am getting this also:
SELinux is preventing login from getattr access on the filesystem /sys/fs/cgroup.
No.
Group ‘wheel’ exists and is in sudoers. Add your account to that group.