Weston: repaint-flush failed: Permission denied

Hi,

My app deployed previously on imx8x, colibris board details below:

 Static hostname: colibri-imx8x-14727654
       Icon name: computer
      Machine ID: d6f8f42f9de94e94aa9bdde57a01ae68
         Boot ID: 8c2466bdbc88499bbc13b93380f98648
Operating System: TorizonCore 6.5.0+build.8 (kirkstone)
          Kernel: Linux 5.15.129-6.5.0+git.6f8fd49366db
    Architecture: arm64

docker-compose is:

version: "2.5"
services:

  weston:
    image: torizon/weston-vivante:2
    # Accept the EULA required to run imx8 vivante graphic drivers
    network_mode: host
    environment:
      - ACCEPT_FSL_EULA=1
    # Required to get udev events from host udevd via netlink
    volumes:
      - type: bind
        source: /tmp
        target: /tmp
      - type: bind
        source: /dev
        target: /dev
      - type: bind
        source: /run/udev
        target: /run/udev
    cap_add:
      - CAP_SYS_TTY_CONFIG
    # Add device access rights through cgroup...
    device_cgroup_rules:
      # ... for tty0
      - 'c 4:0 rmw'
      # ... for tty7
      - 'c 4:7 rmw'
      # ... for tty1
      - 'c 4:1 rmw'
      # ... for /dev/input devices
      - 'c 13:* rmw'
      - 'c 199:* rmw'
      # ... for /dev/dri devices
      - 'c 226:* rmw'
    command: --developer

  app:
    image: company/app:latest
    depends_on:
      - weston
    environment:
      - ACCEPT_FSL_EULA=1 # for Weston
    volumes:
      - /tmp:/tmp
      - /dev/dri:/dev/dri # for Weston
      - /dev/galcore:/dev/galcore # for Weston
      - /sys/class/backlight/backlight/brightness:/root/brightness # for screen
      - /var/run/dbus:/var/run/dbus # for wifi
    devices:
      - /dev/ttyLP2 # for serial
    device_cgroup_rules:
      - 'c 199:* rmw' # for weston
      - 'c 226:* rmw' # for weston

It works great since many time, but I tried to install this stack on a new board with easy installer, pair with torizon.io and push package OS and docker-compose.

But I receive this error during app start :

torizon-weston-1  | [09:41:00.016] atomic: couldn't commit new state: Permission denied
torizon-weston-1  | [09:41:00.029] repaint-flush failed: Permission denied

and board screen become like:

Do you have any idea, why the same app, os, board work but suddenly on a new device it fails ?

Thanks in advance,

Hi, I’m the Toradex AI Assistant. I’m in early beta, and I would appreciate your feedback.
The Toradex Support team will follow up with you shortly!

Did you like my answer?

:+1: :-1:


The error message atomic: couldn't commit new state: Permission denied and repaint-flush failed: Permission denied suggests that there might be a permissions issue related to the DRM (Direct Rendering Manager) devices or other related resources.

Here are a few steps you can take to troubleshoot and potentially resolve this issue:

  1. Check Device Permissions:
    Ensure that the necessary device permissions are correctly set in your docker-compose.yml file. You have already added device cgroup rules for /dev/dri and /dev/galcore, but double-check that these devices exist and have the correct permissions on the new board.

  2. Verify Weston Configuration:
    Make sure that the weston.ini configuration file is correctly set up and accessible. If you are using a custom weston.ini, ensure it is correctly bind-mounted or included in the Weston container.

  3. Check Kernel and Driver Compatibility:
    Ensure that the kernel version and the graphics drivers on the new board are compatible with the Weston version you are using. Sometimes, differences in kernel versions or driver updates can cause permission issues.

  4. Udev Rules:
    Verify that the udev rules are correctly set up and applied. You can try reloading the udev rules and restarting the udev service:

    sudo udevadm control --reload-rules
    sudo systemctl restart udev
    
  5. Run Weston with Elevated Privileges:
    As a temporary measure, you can try running the Weston container with elevated privileges to see if it resolves the issue. Add the privileged: true flag to the Weston service in your docker-compose.yml:

    weston:
      image: torizon/weston-vivante:2
      network_mode: host
      environment:
        - ACCEPT_FSL_EULA=1
      volumes:
        - type: bind
          source: /tmp
          target: /tmp
        - type: bind
          source: /dev
          target: /dev
        - type: bind
          source: /run/udev
          target: /run/udev
      cap_add:
        - CAP_SYS_TTY_CONFIG
      device_cgroup_rules:
        - 'c 4:0 rmw'
        - 'c 4:7 rmw'
        - 'c 4:1 rmw'
        - 'c 13:* rmw'

Hi @fjolain

From the board screen picture, I see you are running the Torizon evaluation app and not your app.

Can you explain how are you starting your app on the device?
The last step you mentioned is pushing the OS and docker-compose to the cloud.

Also, are you running a custom Torizon OS or just the base Torizon OS with evaluation app?

Thanks Allan for your response,

My steps are :

  1. install last torizonOS with easy Installer, select torizon os with paring.
  2. pairing with torizon.io
    3 . deploy os package (base torizon with deviceTree to work with touchscreen) from torizon.io (os work well no issue)
  3. deploy docker-compose package, deploy failed and this screen above appears.

If I try manually by start docker-compose up in machine, I see this error and screen also

Hi,

I redo the procedure on same device, same issue. I use an other device, issue disappear. Therefore, issue seems appears on only one devise. I don’t investigate more and close the ticket.

Thanks for your help

Hi @fjolain

Sorry I could not help you because I could not reproduce this behavior.

But I have some things to note.

  • The tag you are using on torizon/weston-vivante:2 is supposed to be for Torizon OS 5 users, Torizon OS 6 users should use torizon/weston-vivante:3.
  • For production is usually a best practice to canonicalize the composer using the container hash that way you can make sure it is always the same image running on your app, the tag 2 is actually the latest major version 2 of this container and it is overwritten at each release.

Thanks,

I will test it.