Re: Unable to determine UID of the request whan adding a connection.

From: Thomas Haller <thaller redhat com>
To: Fr�d�ric Martinsons <frederic martinsons sigfox com>, "networkmanager-list gnome org" <networkmanager-list gnome org>
Subject: Re: Unable to determine UID of the request whan adding a connection.
Date: Tue, 17 May 2022 09:36:16 +0200

On Tue, 2022-05-17 at 06:51 +0000, Fr�d�ric Martinsons via
networkmanager-list wrote:

Hello,
I used NM 1.32.12 in an embedded environment, I have another daemon
which is responsible for creating and monitoring connection profiles
via libnm. I recently experienced errors I cannot understand, I
received an error "Unable to determine UID of the request" in the
completion callback of nm_client_add_connection_async.

Looking at the code , it leads to this function
(https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/
1.32.12/src/core/nm-dbus-manager.c#L1580) that return NULL.


NetworkManager usually will authenticate the request using PolicyKit.
-- unless, you set [main].auth-polkit in `man NetworkManager.conf` or
make the request as root user.

You say you don't use PolicyKit, so you set `[main].auth-polkit=false`?

NetworkManager needs to find out information about the calling process,
which usually means that the process needs to stick around long enoug
(you cannot just make the D-Bus request and quit before waiting for the
response). This is especially the case with PolicyKit enabled, but it
probably is also the case for other reasons. Well, it seems your client
tool is waiting for the D-Bus reply, so that isn't the problem.

Are you using `hidepid` mount option for procfs? It should also work
with that, but it could cause problems.

The UID NetworkManager gets from dbus-daemon. It's not clear why that
would fail. I presume, this is dbus-daemon, not dbus-broker?

I don't know what would cause it. If you don't see sufficient
information with full `level=TRACE` logs (see [1]), then maybe you
could build NM from source, and add additional print messages?

[1] 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/contrib/fedora/rpm/NetworkManager.conf#L27

Or maybe you could run it under strace? However, that might be and 
overwhelming amount of information. I'd try patching the source and do
some printf debugging.


good luck,
Thomas


src/core/nm-dbus-manager.c · 1.32.12 · NetworkManager /
NetworkManager
NetworkManager — network management daemon
gitlab.freedesktop.org

The problem is there are no error/warning logs in NM which could help
me to understand (so I guess the various g_return_val_if_fail used in
the function are not reached). The only difference I see (beside the
error of course) is the completion time between the async request and
its response in my daemon (roughly 4 seconds in case of error instead
of practically instant).

From what I understand, it is related to authorization check but
before this error, my daemon managed to create a NMClient and perform
various getter on it.
Several things that I can add for information:
  - The system does not use polkit.
  - NM runs as root and the client runs as a limited user.
  - The problem is pretty hard to reproduce (see this two times on
several thousand of the same sequence).

Can you please give advice on how I can investigate more on that ?
Maybe some particular traces to activate ?

Thank you very much in advance for all the help you can bring.

Follow-Ups:
- Re: Unable to determine UID of the request whan adding a connection.
  - From: Fr�d�ric Martinsons

References:
- Unable to determine UID of the request whan adding a connection.
  - From: Fr�d�ric Martinsons

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]