[Bug 220265] New: resmgr not functional after restarting PolicyKit
https://bugzilla.novell.com/show_bug.cgi?id=220265 Summary: resmgr not functional after restarting PolicyKit Product: openSUSE 10.2 Version: Beta 2 Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: lnussel@novell.com ReportedBy: hmacht@novell.com QAContact: qa@suse.de CC: thoenig@novell.com When restarting the PolicyKit daemon (rcpolkit restart), it somehow loses it's permissions. After restarting resmgr (rcresmgr restart), everything works as again as expected. The same happens when restarting dbus. So it seems that resmgr is not able to successfully reconnect to the D-Bus daemon. root@homac2:~ # polkit-is-privileged -v -u hmacht -p hal-power-cpufreq user = 'hmacht' privilege = 'hal-power-cpufreq' resource = '(null)' result 0 is_allowed 1 root@homac2:~ # rcpolicykitd restart Shutting down PolicyKit done Starting PolicyKit daemon done root@homac2:~ # polkit-is-privileged -v -u hmacht -p hal-power-cpufreq user = 'hmacht' privilege = 'hal-power-cpufreq' resource = '(null)' result 0 is_allowed 0 root@homac2:~ # rcresmgr restart Shutting down resource manager done Starting resource manager done root@homac2:~ # polkit-is-privileged -v -u hmacht -p hal-power-cpufreq user = 'hmacht' privilege = 'hal-power-cpufreq' resource = '(null)' result 0 is_allowed 1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Comment #1 from lnussel@novell.com 2006-11-13 03:30 MST ------- resmgr is not connected to dbus but thats unrelated anyways. PolicyKit does not save state between restarts per upstream decision. Restarting resmgr results in re-registering the desktop-console privilege in PolicyKit that's why it fixes the problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 hmacht@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | ------- Comment #2 from hmacht@novell.com 2006-11-13 03:42 MST ------- Where can I find the discussion regarding this decision? Maybe resmgr would have to listen on the message bus to get notified when PolicyKit terminates and then has to reregister the desktop-console privilege with it. Otherwise we are unable to do security updates for PolicyKit without rebooting the system. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED ------- Comment #3 from lnussel@novell.com 2006-11-13 03:51 MST ------- http://lists.freedesktop.org/archives/hal/2006-July/005665.html Looks like it does preserve desktop-console when using it's own pam module by accident though. resmgr will not listen on dbus however we could add a call to the PolicyKit init-script that re-registers logged in users. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED Summary|resmgr not functional after |PolicyKit loses state after restart |restarting PolicyKit | ------- Comment #4 from lnussel@novell.com 2006-11-14 07:27 MST ------- most simple solution is to also restart resmgr when PolicyKit gets restarted -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 hmacht@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Comment #5 from hmacht@novell.com 2006-11-17 08:55 MST ------- So you also need to restart resmgr when D-Bus gets restarted. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lnussel@novell.com AssignedTo|lnussel@novell.com |thoenig@novell.com Status|REOPENED |NEW ------- Comment #6 from lnussel@novell.com 2006-11-20 07:51 MST ------- Hmm, Timo wrote the dbus reconect patch for PolicyKit. It destroys and recreates the manager object. It could probably just replace the dbus pointers inside it. Timo? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 thoenig@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |lnussel@novell.com ------- Comment #7 from thoenig@novell.com 2006-11-20 11:38 MST ------- I'm afraid that is not possible(In reply to comment #6)
It destroys and recreates the manager object. It could probably just replace the dbus pointers inside it. Timo?
That is not entirely correct. It just connects the signal "destroy" on the manager object to detect that D-Bus went down. It is actually the GLib bindings for D-Bus which are destroying the object. Doesn't resmgr have an interface we could use? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 thoenig@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|thoenig@novell.com |lnussel@novell.com Status|NEEDINFO |NEW Info Provider|lnussel@novell.com | Summary|PolicyKit loses state after |resmgr not functional after restarting PolicyKit |restart | ------- Comment #8 from thoenig@novell.com 2006-11-20 11:46 MST ------- Ludwig, the many issue is that resmgr is not able to handle a restart of PolicyKit itself. Just think of security updates. Restoring the original summary, please open a new bug if reconnecting to the D-Bus system bus is still a problem after this issue got fixed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 ------- Comment #9 from thoenig@novell.com 2006-11-20 11:47 MST ------- s/many/main -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #10 from lnussel@novell.com 2006-11-21 01:34 MST ------- The subject was correct. resmgr continues to work just fine after policykit or dbus restarts, it doesn't need to care. The events (one-shot) triggered by resmgr cause state in policykit not the other way around. That state is lost when policykit reconnects to dbus. 28 +static void 29 +manager_destroy_cb (DBusGProxy *bus_proxy, 30 + PolicyKitManager *manager) 31 +{ 32 + g_object_unref ((GObject*) manager); 107 + g_signal_connect (G_OBJECT (bus_proxy), "destroy", 108 + G_CALLBACK (manager_destroy_cb), manager); I'll make sure we set the rebootneeded flag in dbus patchinfos for security updates. problem solved. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 ------- Comment #12 from thoenig@novell.com 2006-11-21 02:50 MST ------- We have a common rule that asks applications to take care that they survive restarts of the D-Bus system bus. -> REOPEN. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=220265 ------- Comment #14 from behlert@novell.com 2006-11-21 08:29 MST ------- I disagree with rebooting when D-Bus is updated. We should avoid rebooting as much as possible. I can accept a reboot when the kernel gets replaced, but not with applications. Even important ones like D-BUS. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com