More Frustations when Installing Fedora 41 Linux

Getting past the basics of just installing Fedora 41 Linux, there are several changes which break things. The biggest being the switch from the windowing grapical user interface using X11 to using Wayland.

Starting the User Interface from a Command Line

Previously, I would use the "startx" command to start up X-Windows, which uses X11 as the venerable and complex programming interface to run a graphical user interface in Unix. That command no longer exists. You could use the default GDM (Gnome Display Manager) login screen to start a graphical session. But previously, it would steal some keystrokes which broke VNC and VirtualBox functionality - where you want ALL keys to go to the remote or virtual machine. Also it would log you into a virtual TTY choosen by its own algorithm, rather than ones you picked (so you could switch to terminal N by typing control-alt-Fn). Thus it was better to manually log into a particular terminal and switch it to graphical user interface mode by using the "startx" command.

After a bit of searching, I found the non-obvious command to start a graphical session from the command line is "XDG_SESSION_TYPE=wayland dbus-run-session gnome-session".

However, the keystroke problems seem to have been fixed in VNC and VirtualBox, and if you use Gnome Connections instead of VNC, on first run it asks you if you want to disable the keyboard shortcuts, which was what was stealing the keystrokes.

Still, with GDM started sessions, it has a habbit of pausing some programs while the screen for that session isn't visible or the screen blanker has kicked in. Things like System Monitor, which shows graphs of system activity as it happens, except when paused - then there's a gap. So there's still a use for starting a graphical session outside GDM, so things keep running.

[System Monitor Hour Long Graph screen shot]

 

Switcheroo and 3D Hardware

On the plus side, Switcheroo is now built in. That lets you use systems (like laptops) that have fancy 3D graphics hardware (nVidia chips) and simpler 2D display hardware (Intel built-in HDMI). Switcheroo would let you choose which display to use, or set up a data copying mechanism to copy the 3D screen into the 2D screen (perhaps inside a 2D window). Also, I didn't have to manually install nVidia drivers on my laptop. Convenient.

VNC Server and Remote Desktop

I used to use TigerVNC Server to make the displays on my workstation useable remotely. However, it needs X11 and doesn't work with the new Wayland system.

Instead, I gave the Gnome Remote Desktop system a try. With dnf install gnome-remote-desktop freerdp gnome-connections to install it, you have settings in the System/Remote Desktop to turn off and on desktop sharing. It does both RDP and VNC protocols. The Remote Control one shows you a login screen, which lets you log in, unless you already are logged in. For some reason you can't use a second session easily; the same programs (like the file browser Nautilus) can't be run in both sessions, seems to be a general Wayland limitation.

The Desktop sharing is more useful, letting you log in at home, and then remotely continue working on the same desktop.

[Settings for Remote Desktop]

The magic command is "grdctl", short for "Gnome Remote Desktop Control". This lets you set passwords, network ports, turn on VNC, etc. Note that there is a gnome-remote-desktop system created user that has a certificate in /var/lib/gnome-remote-desktop/. This is what I do (logged in as root) to set up the remote login screen, though the Settings may do a lot of it for you if you turn it on there:

winpr-makecert -rdp -path ~gnome-remote-desktop rdp-tls
grdctl --system rdp enable
# You need to pick a generic user and password for the pre-login screen...
grdctl --system rdp set-credentials "${RDP_USER}" "${RDP_PASS}"
grdctl --system rdp set-tls-key ~gnome-remote-desktop/rdp-tls.key
grdctl --system rdp set-tls-cert ~gnome-remote-desktop/rdp-tls.crt
systemctl --now enable gnome-remote-desktop.service
firewall-cmd --permanent --add-service=rdp
firewall-cmd --reload

For VNC (or similarly RDP) remote access to already logged in screens, run these commands as the logged in user:

grdctl vnc enable
grdctl vnc disable-view-only
grdctl vnc set-auth-method password
grdctl vnc set-password
systemctl --user enable gnome-remote-desktop.service
systemctl --user restart gnome-remote-desktop.service

And to see what's set (such as port numbers or view-only mode), use grdctl status.

Samba Networking Windows File Shares

This probably isn't Fedora 41 specific, but I wanted to have a Windows SMB file share writeable by the public, so my printer/scanner (on the network, not directly connected) could scan to a network folder directly. There's some SELinux security fuss to make magic directories. First install it using these commands as root:

dnf install samba samba-usershares
setsebool -P samba_enable_home_dirs off
systemctl enable smb nmb
firewall-cmd --add-service=samba --permanent
firewall-cmd --reload
# This pdbedit asks for the password; type it in.
pdbedit --verbose --create --user=SomeUserName
pdbedit --list --verbose
Use your favourite editor to create /etc/samba/smb.conf
mkdir -v -p /home/SomeUserName/SharedFolder
chown -v SomeUserName:SomeUserName /home/SomeUserName/SharedFolder
chmod -v 0777 /home/SomeUserName/SharedFolder
semanage fcontext -a -t samba_share_t '/home/SomeUserName/SharedFolder(/.*)?'
restorecon -r -v /home/SomeUserName
systemctl restart smb nmb

The /etc/samba/smb.conf file would have a section in it like this:

[ShareName]
	comment = For sharing with Windows and scanner.
	path = /home/SomeUserName/SharedFolder
	public = yes
	writable = yes

VirtualBox and Bridged Networking Broken in Kernel 6.12

With the update to Fedora that installed Kernel 6.12.xx (around Christmas 2024), VirtualBox stopped working. Though it did give an informative message about how it wasn't able to access the CPU's virtualisation hardware. Turns out the new kernel's KVM (kernel-based virtual machine) grabs control at boot now. You can temporarily get KVM to release the hardware with modprobe -r kvm_intel or more permanently, add kvm.enable_virt_at_load=0 to the boot command line (edit /etc/default/grub and regenerate the grub config).

Fine. I booted up my little server virtual machine on the host laptop, and it seemed to work - could SSH into it. But it couldn't see the rest of the world, couldn't ping 8.8.8.8 or do anything else network related. You kind of need that for a server! After five hours of hunting around and trying things, it turns out that "promiscuous" networking mode wasn't working for my Intel AX201 WiFi connection, even though the system log says it is turning on promiscuous mode when the VM starts up. Without that mode, the VM can't have its own IP address on the network and thus serve requests from outside. Sure, there's a NAT mode that piggybacks on the host's network address, but that would be awkward (have to set up NAT port forwarding rules, in addition to the router ones). The solution is to switch to wired networking, so I'm setting up an ethernet cable to the laptop. Understandably the unpromiscuous change is for consumer grade security (no spying on WiFi network traffic), but it makes running a server on a laptop difficult.

Anyway, after a few more annoyances (SSH crypto policies so I can connect to an older computer, etc), I got Fedora 41 working well enough.

Copyright © 2024 by Alexander G. M. Smith.