Re: Unable to determine UID of the request whan adding a connection.

From: Thomas Haller <thaller redhat com>
To: Fr�d�ric Martinsons <frederic martinsons sigfox com>, "networkmanager-list gnome org" <networkmanager-list gnome org>
Subject: Re: Unable to determine UID of the request whan adding a connection.
Date: Tue, 17 May 2022 10:49:37 +0200

On Tue, 2022-05-17 at 08:34 +0000, Fr�d�ric Martinsons wrote:

Thank you for your quick response.

NetworkManager usually will authenticate the request using
PolicyKit.
-- unless, you set [main].auth-polkit in `man NetworkManager.conf`
or
make the request as root user.
 
You say you don't use PolicyKit, so you set `[main].auth-
polkit=false`?


I compile NM with --disable-polkit configure option but I used a
custom NetworkManager.conf with didn't have [main].auth-polkit =
false. I'll add it to be sure it is not used.


That merely changes the compile time default to set `[main].auth-
polkit=false` implicitly. The PolicyKit code is always build, because
it has no additional dependency (just talking D-Bus). But this is fine.

The UID NetworkManager gets from dbus-daemon. It's not clear why
that
would fail. I presume, this is dbus-daemon, not dbus-broker?


Yes, this is dbus-daemon.


ACK.

Are you using `hidepid` mount option for procfs? It should also
work
with that, but it could cause problems.


Nope, just rw, relatime


ACK. Fine.

Or maybe you could run it under strace? However, that might be and
overwhelming amount of information. I'd try patching the source and
do
some printf debugging.


Yes, I already patch nm-dbus-manager.c to know exactly where it fails
but since then, I didn't manage to reproduce the issue after
countless attempts.

The fact that the completion took 4s on error case is not of any help
to pinpoint where it fails ?


We get the caller info (UID and PID) via D-Bus calls
GetConnectionUnixUser and GetConnectionUnixProcessID (see
_get_caller_info_ensure()). Both blockingly, with a timeout of 2
seconds (which would add up to 4 seconds).

Maybe dbus-daemon does not reply in time? It's ugly that these calls in
NetworkManager are done blockingly, but even so, we heavily rely on
basic IPC to work, and if it's not working it's not clear how to
proceed there.

If that's the case, I don't know a solution. Trying dbus-broker is
probably too much of an invasive change?


Thomas

Follow-Ups:
- Re: Unable to determine UID of the request whan adding a connection.
  - From: Fr�d�ric Martinsons

References:
- Unable to determine UID of the request whan adding a connection.
  - From: Fr�d�ric Martinsons
- Re: Unable to determine UID of the request whan adding a connection.
  - From: Thomas Haller
- Re: Unable to determine UID of the request whan adding a connection.
  - From: Fr�d�ric Martinsons

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]