Re: How to avoid using policy kit with openvpn

From: matti kaasinen <matti kaasinen gmail com>
To: Dan Williams <dcbw redhat com>
Cc: "networkmanager." <networkmanager-list gnome org>
Subject: Re: How to avoid using policy kit with openvpn
Date: Thu, 24 Nov 2016 15:49:04 +0200

2016-11-23 19:31 GMT+02:00 matti kaasinen <matti kaasinen gmail com>:

2016-11-23 18:13 GMT+02:00 Dan Williams <dcbw redhat com>:
If these are single-user systems, you can rebuild NM with PolicyKit
disabled so that it never validates requests against PolicyKit.
I'll try rebuilding tomorrow. I suppose (hope) there is clear switch for disabling it.

I thought I found the configuration switch. I ran build using:
--enable-polkit=disabled

set-up.

From configuration log I can see: following note
NOTE: Running ../NetworkManager-1.0.10/configure --build=x86_64-linux --host=arm-poky-linux-gnueabi --target=arm-poky-linux-gnueabi --prefix=/usr --exec_prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/libexec --datadir=/usr/share --sysconfdir=/etc --sharedstatedir=/com --localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --oldincludedir=/usr/include --infodir=/usr/share/info --mandir=/usr/share/man --disable-silent-rules --disable-dependency-tracking --with-libtool-sysroot=/CPR3/sysroots/am335x-evm --enable-introspection --disable-ifcfg-rh --disable-ifnet --disable-ifcfg-suse --disable-more-warnings --with-iptables=/usr/sbin/iptables --with-tests --with-nmtui=yes --disable-static --enable-nls --enable-polkit=disabled --disable-bluez5-dun --with-libsoup=no --with-dhclient=/sbin/dhclient --with-dnsmasq=/usr/bin/dnsmasq --enable-ifupdown --with-modem-manager-1=yes --with-netconfig=yes --with-crypto=nss --disable-ppp --disable-qt --with-systemdsystemunitdir=/lib/systemd/system --with-session-tracking=systemd --enable-polkit --enable-wifi=no

But later on there is also
checking for POLKIT... yes

and als

Platform:
session tracking: systemd
suspend/resume: systemd
policykit: yes (restrictive modify.system) (default=yes)
polkit agent: yes
selinux: no

Also I got similar error message when trying to access SIM.

Could you 'nmcli g log level debug' on a problem machine and grab some
log output from before and after the error?
I don't have access to that machine now, but I'll do that tomorrow.

Please find the NetworkManager journal with above nmcli executed before (would attachment be better?)
<info> Read config: /etc/NetworkManager/NetworkManager.conf
<info> Loaded settings plugin keyfile: (c) 2007 - 2015 Red Hat, Inc. To report bugs please use the NetworkManager mailing list.
<info> keyfile: new connection /etc/NetworkManager/system-connections/eth0 (5769be4a-ee83-4674-890a-f19e96b6c31e,"eth0")
<info> monitoring kernel firmware directory '/lib/firmware'.
<info> Loaded device plugin: NMVxlanFactory (internal)
<info> Loaded device plugin: NMVlanFactory (internal)
<info> Loaded device plugin: NMVethFactory (internal)
<info> Loaded device plugin: NMTunFactory (internal)
<info> Loaded device plugin: NMMacvlanFactory (internal)
<info> Loaded device plugin: NMInfinibandFactory (internal)
<info> Loaded device plugin: NMGreFactory (internal)
<info> Loaded device plugin: NMEthernetFactory (internal)
<info> Loaded device plugin: NMBridgeFactory (internal)
<info> Loaded device plugin: NMBondFactory (internal)
<info> Loaded device plugin: NMWwanFactory (/usr/lib/NetworkManager/libnm-device-plugin-wwan.so)
<info> Loaded device plugin: NMBluezManager (/usr/lib/NetworkManager/libnm-device-plugin-bluetooth.so)
<info> WiFi enabled by radio killswitch; enabled by state file
<info> WWAN enabled by radio killswitch; enabled by state file
<info> WiMAX enabled by radio killswitch; enabled by state file
<info> Networking is enabled by state file
<info> (lo): link connected
<info> (lo): new Generic device (carrier: ON, driver: 'unknown', ifindex: 1)
<info> (eth0): new Ethernet device (carrier: OFF, driver: 'cpsw', ifindex: 2)
<info> (eth0): device state change: unmanaged -> unavailable (reason 'managed') [10 20 2]
<info> ModemManager available in the bus
<info> (eth0): link connected
<info> (eth0): device state change: unavailable -> disconnected (reason 'carrier-changed') [20 30 40]
<info> Auto-activating connection 'eth0'.
<info> (eth0): Activation: starting connection 'eth0' (5769be4a-ee83-4674-890a-f19e96b6c31e)
<info> (eth0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
<info> NetworkManager state is now CONNECTING
<info> (eth0): device state change: prepare -> config (reason 'none') [40 50 0]
<info> (eth0): device state change: config -> ip-config (reason 'none') [50 70 0]
<info> Activation (eth0) Beginning DHCPv4 transaction (timeout in 45 seconds)
<info>    address 192.168.3.1
<info>    plen 22
<info>    expires in 600 seconds
<info>    gateway 192.168.1.2
<info>    nameserver '192.168.1.2'
<info>    domain name 'sitecno.fi'
<info> (eth0): DHCPv4 state changed unknown -> bound
<info> (eth0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
<info> (eth0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
<info> (eth0): device state change: secondaries -> activated (reason 'none') [90 100 0]
<info> NetworkManager state is now CONNECTED_LOCAL
<info> NetworkManager state is now CONNECTED_GLOBAL
<info> Policy set 'eth0' (eth0) as default for IPv4 routing and DNS.
<info> (eth0): Activation: successful, device activated.
<warn> (2) failed to call dispatcher scripts: (dbus-glib-error-quark:2) The name org.freedesktop.nm_dispatcher was not provided by any .service files[[0m
Nov 24 14:36:04 cpr3 systemd[1]: Started Network Manager.
<info> startup complete
<info> (tun0): new Tun device (carrier: OFF, driver: 'tun', ifindex: 3)
<info> (tun0): link connected
<info> (ttyUSB2): modem state changed, 'disabled' --> 'enabling' (reason: user preference)
<info> (ttyUSB2): new Broadband device (carrier: UNKNOWN, driver: 'huawei_cdc_ncm, option1', ifindex: 0)
<info> (ttyUSB2): device state change: unmanaged -> unavailable (reason 'managed') [10 20 2]
<info> (ttyUSB2): modem state 'enabling'
<warn> (ttyUSB2) failed to enable modem: GDBus.Error:org.freedesktop.ModemManager1.Error.Core.Failed: PolicyKit authorization failed: 'GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.PolicyK
it1 was not provided by any .service files'[[0m
<info> (ttyUSB2): modem state changed, 'enabling' --> 'disabled' (reason: enable failed)
<info> (ttyUSB2): device state change: unavailable -> disconnected (reason 'modem-available') [20 30 58]

References:
- How to avoid using policy kit with openvpn
  - From: matti kaasinen
- Re: How to avoid using policy kit with openvpn
  - From: matti kaasinen
- Re: How to avoid using policy kit with openvpn
  - From: Dan Williams
- Re: How to avoid using policy kit with openvpn
  - From: matti kaasinen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]