Re: How to avoid using policy kit with openvpn

[matti kaasinen <matti kaasinen gmail com>]

Lubo,
It took some time before I had change to get to this issue again. I got new board and it did not start at all, so I had to study u-boot in between..
Anyhow, answers to your comments:

2016-11-25 18:15 GMT+02:00 Lubomir Rintel <lkundrak v3 sk>:

That sounds very strange.

Please enable eavesdropping on the system bus:
https://wiki.ubuntu.com/DebuggingDBus#How_to_monitor_the_system_bus

And then monitor the actual bus traffic before starting the "openvpn
service" (is that the NM VPN plugin?) and after starting it and look
out for what changed.

No. That is coming from Yocto/meta-openembedded/meta-networking layer. Just pure openvpn binary and systemd unit file for starting service.

Only (main) difference I noticed from dbus-monitor log was that before openvpn I got following errors:

   string "Could not get owner of name 'org.freedesktop.nm_avahi_autoipd': no such name"
   string "Could not get owner of name 'org.fedoraproject.FirewallD1': no such name"
   string "Could not get owner of name 'org.freedesktop.login1': no such name"
   string "Could not get owner of name 'org.bluez': no such name"
   string "Could not get owner of name 'org.freedesktop.ModemManager1': no such name"
   string "Could not get owner of name 'org.bluez': no such name"
   string "Could not get owner of name 'org.freedesktop.nm_dispatcher': no such name"

And after enabling openvpn service I got:

   string "Could not get owner of name 'org.freedesktop.nm_avahi_autoipd': no such name"
   string "Could not get owner of name 'org.fedoraproject.FirewallD1': no such name"
   string "Could not get owner of name 'org.freedesktop.login1': no such name"
   string "Could not get owner of name 'org.bluez': no such name"
   string "Could not get owner of name 'org.freedesktop.PolicyKit1': no such name"
   string "Could not get owner of name 'org.bluez': no such name"
   string "Could not get owner of name 'org.freedesktop.nm_dispatcher': no such name"

So, policy kit has vanished.

I'm not sure at all that I could concentrate on the correct details of these logs, though.  So, I would really appreciate any suggestions.

What I noticed from systemd journal regarding ntp synchronization was:

Dec 09 15:08:47 cpr3 systemd[1]: Starting Network Time Synchronization...
Dec 09 15:08:47 cpr3 systemd-timesyncd[467]: [[0;1;31mFailed to allocate manager: Permission denied[[0m
Dec 09 15:08:47 cpr3 systemd[1]: [[0;1;39msystemd-timesyncd.service: Main process exited, code=exited, status=1/FAILURE[[0m
Dec 09 15:08:47 cpr3 systemd[1]: [[0;1;31mFailed to start Network Time Synchronization.[[0m
Dec 09 15:08:47 cpr3 systemd[1]: [[0;1;39msystemd-timesyncd.service: Unit entered failed state.[[0m
Dec 09 15:08:47 cpr3 systemd[1]: [[0;1;39msystemd-timesyncd.service: Failed with result 'exit-code'.[[0m
Dec 09 15:08:47 cpr3 systemd[1]: systemd-timesyncd.service: Service has no hold-off time, scheduling restart.
Dec 09 15:08:47 cpr3 systemd[1]: Stopped Network Time Synchronization.
Dec 09 15:08:47 cpr3 systemd[1]: Starting Network Time Synchronization...
....

Avahi was behaving pretty much the same besides that "Permission denied" message:

Dec 09 15:09:01 cpr3 systemd[1]: Starting Avahi mDNS/DNS-SD Stack...
Dec 09 15:09:01 cpr3 systemd[1]: [[0;1;39mavahi-daemon.service: Main process exited, code=exited, status=255/n/a[[0m
Dec 09 15:09:01 cpr3 systemd[1]: [[0;1;31mFailed to start Avahi mDNS/DNS-SD Stack.[[0m
Dec 09 15:09:01 cpr3 systemd[1]: [[0;1;39mavahi-daemon.service: Unit entered failed state.[[0m
Dec 09 15:09:01 cpr3 systemd[1]: [[0;1;39mavahi-daemon.service: Failed with result 'exit-code'.[[0m
Dec 09 15:09:01 cpr3 systemd[1]: avahi-daemon.service: Service hold-off time over, scheduling restart.
Dec 09 15:09:01 cpr3 systemd[1]: Stopped Avahi mDNS/DNS-SD Stack.
Dec 09 15:09:01 cpr3 systemd[1]: Starting Avahi mDNS/DNS-SD Stack...

Any help appreciated,

-Matti