Re: Unable to determine UID of the request whan adding a connection.

From: Fr�d�ric Martinsons <frederic martinsons sigfox com>
To: Thomas Haller <thaller redhat com>, "networkmanager-list gnome org" <networkmanager-list gnome org>
Subject: Re: Unable to determine UID of the request whan adding a connection.
Date: Tue, 17 May 2022 09:17:09 +0000

Ok I see and these dbus call can fail silently (no error propagation), the timeout hypothesis seems to match my cases.

Changing to dbus-broker is indeed a big step for our system for such a low frequency issue we have.

Thanks for all the info Thomas.

From: Thomas Haller <thaller redhat com>
Sent: Tuesday, May 17, 2022 10:49 AM
To: Fr�d�ric Martinsons <frederic martinsons sigfox com>; networkmanager-list gnome org <networkmanager-list gnome org>
Subject: Re: Unable to determine UID of the request whan adding a connection.

CAUTION: EXTERNAL EMAIL. Do not click links or open unless you recognize the sender and know the content is safe.

On Tue, 2022-05-17 at 08:34 +0000, Fr�d�ric Martinsons wrote:
> Thank you for your quick response.
>
> > NetworkManager usually will authenticate the request using
> > PolicyKit.
> > -- unless, you set [main].auth-polkit in `man NetworkManager.conf`
> > or
> > make the request as root user.
> >
> > You say you don't use PolicyKit, so you set `[main].auth-
> > polkit=false`?
> >
>
> I compile NM with --disable-polkit configure option but I used a
> custom NetworkManager.conf with didn't have [main].auth-polkit =
> false. I'll add it to be sure it is not used.

That merely changes the compile time default to set `[main].auth-
polkit=false` implicitly. The PolicyKit code is always build, because
it has no additional dependency (just talking D-Bus). But this is fine.

>
>
> > The UID NetworkManager gets from dbus-daemon. It's not clear why
> > that
> > would fail. I presume, this is dbus-daemon, not dbus-broker?
>
> Yes, this is dbus-daemon.

ACK.

>
> > Are you using `hidepid` mount option for procfs? It should also
> > work
> > with that, but it could cause problems.
>
> Nope, just rw, relatime

ACK. Fine.

>
> > Or maybe you could run it under strace? However, that might be and
> > overwhelming amount of information. I'd try patching the source and
> > do
> > some printf debugging.
>
> Yes, I already patch nm-dbus-manager.c to know exactly where it fails
> but since then, I didn't manage to reproduce the issue after
> countless attempts.
>
> The fact that the completion took 4s on error case is not of any help
> to pinpoint where it fails ?

We get the caller info (UID and PID) via D-Bus calls
GetConnectionUnixUser and GetConnectionUnixProcessID (see
_get_caller_info_ensure()). Both blockingly, with a timeout of 2
seconds (which would add up to 4 seconds).

Maybe dbus-daemon does not reply in time? It's ugly that these calls in
NetworkManager are done blockingly, but even so, we heavily rely on
basic IPC to work, and if it's not working it's not clear how to
proceed there.

If that's the case, I don't know a solution. Trying dbus-broker is
probably too much of an invasive change?

Thomas

Your privacy is important to us. Please see our Privacy Notice for further details. The information contained in this Message is confidential. If you are not the addressee, you may not copy, forward, disclose or use any part of it. If you have received this Message in error, please delete it and all copies from your system and notify the sender immediately by return message. Any use of information contained in this Message not in accordance with its intended purpose, any dissemination or disclosure (either whole or partial), is prohibited unless expressly authorized. Email communication cannot be guaranteed to be timely secure, error or virus-free. The sender cannot be held responsible for any alteration, errors or omissions, which arise as a result.

..................................................................................................................

La protection de vos données personnelles est primordiale pour notre établissement. Merci de consulter notre notice sur la protection des données personnelles pour plus d’informations. Ce message et toutes les pièces jointes (ci-après le 'Message') sont établis à l'intention exclusive des destinataires. Les informations qui y figurent sont confidentielles. Si vous n'êtes pas le destinataire de ce Message, il vous est interdit de le copier, de le faire suivre, de le divulguer ou d'en utiliser tout ou partie. Si vous avez reçu ce Message par erreur, merci de le supprimer de votre système, ainsi que toutes ses copies, et de n'en garder aucune trace sur quelque support que ce soit. Veuillez également en avertir immédiatement l'expéditeur par retour du Message. Toute utilisation de ce Message non conforme à sa destination, toute diffusion ou toute publication totale ou partielle, est interdite sauf autorisation expresse. Il est impossible de garantir que les communications par messagerie électronique arrivent en temps utile, soient sécurisées ou dénuées de toute erreur ou virus. L'expéditeur ne peut être tenu responsable des modifications, erreurs ou omissions qui pourraient en résulter.

References:
- Unable to determine UID of the request whan adding a connection.
  - From: Fr�d�ric Martinsons
- Re: Unable to determine UID of the request whan adding a connection.
  - From: Thomas Haller
- Re: Unable to determine UID of the request whan adding a connection.
  - From: Fr�d�ric Martinsons
- Re: Unable to determine UID of the request whan adding a connection.
  - From: Thomas Haller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]