[Pkg-utopia-maintainers] Bug#608301: Bug#608301: dbus calls for letting network-manager sleep and wake do no longer work

Martin Steigerwald Martin at lichtvoll.de
Thu Dec 30 09:48:32 UTC 2010


Am Wednesday 29 December 2010 schrieben Sie:
> On 29.12.2010 20:15, Martin Steigerwald wrote:
> > Package: network-manager
> > Version: 0.8.2-3
> > Severity: important
> > 
> > shambhala:~> dbus-send --print-reply --system                       
> > \
> > 
> >         --dest=org.freedesktop.NetworkManager \
> >         /org/freedesktop/NetworkManager       \
> >         org.freedesktop.NetworkManager.wake
> > 
> > Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message,
> > 9 matched rules; type="method_call", sender=":1.369" (uid=0 pid=1467
> > comm="dbus-send) interface="org.freedesktop.NetworkManager"
> > member="wake" error name="(unset)" requested_reply=0
> > destination="org.freedesktop.NetworkManager" (uid=0 pid=1360
> > comm="/usr/sbin/NetworkManager))
> > 
> > versus:
> > 
> > shambhala:~#1> dbus-send --print-reply --system                      
> >  \
> > 
> >         --dest=org.freedesktop.NetworkManager \
> >         /org/freedesktop/NetworkManager       \
> >         org.freedesktop.NetworkManager.sleep
> > 
> > method return sender=:1.352 -> dest=:1.358 reply_serial=2
> > shambhala:~> dbus-send --print-reply --system                       

This is a root prompt. It doesn't contain a username such as in:

martin at shambhala:~>

which is a user prompt.

> > \
> > 
> >         --dest=org.freedesktop.NetworkManager \
> >         /org/freedesktop/NetworkManager       \
> >         org.freedesktop.NetworkManager.wake
> > 
> > method return sender=:1.352 -> dest=:1.360 reply_serial=2
> 
> This seems to be intentional:
> http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=NM_
> 0_8&id=878f6c4074acfdee42c320680f5529e01b909ba2
> 
> running as root works fine here.
> 
> If you want to change this configuration, see
> 
> /etc/dbus-1/system.d/NetworkManager.conf.

But I am running as root!

Only thing I can think of is that dbus doesn't understand su - and still 
thinks that I am the user. But then I think it is pretty dumb and that 
deserves a bug report as well, cause even without the "-" for su I get 
$USER set to "root" and of course the UID of the newly spawned shell is 
"root":

shambhala:~> pstree -p | grep su
        |-konsole(3114)-+-zsh(3122)---su(9947)---zsh(9955)-+-grep(9970)
        `-wpa_supplicant(2129)

shambhala:~> ps aux | grep 9955 | grep -v grep
root      9955  0.2  0.1   7576  2620 pts/0    S    10:43   0:00 zsh

I am even using --print-reply, but as far as I understand the commit 
message that doesn't matter.

I am attaching /etc/dbus-1/system.d/NetworkManager.conf.

I think it would be good to reopen the bug until its clear whether it lies 
in dbus or network manager DBUS configuration but I leave that decision to 
you cause I might not understanding correctly, how the authorization 
system of DBUS works. From my current understanding its not working as 
described in the commit message while with Network Manager 0.8.1-6 it 
works tough.

Ciao,
-- 
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA  B82F 991B EAAC A599 84C7
-------------- next part --------------
<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
        <policy user="root">
                <allow own="org.freedesktop.NetworkManager"/>
                <allow own="org.freedesktop.NetworkManagerSystemSettings"/>

                <allow send_destination="org.freedesktop.NetworkManager"/>
                <allow send_destination="org.freedesktop.NetworkManagerSystemSettings"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.PPP"/>
        </policy>
        <policy group="netdev">
                <allow send_destination="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Introspectable"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Properties"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.AccessPoint"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Connection.Active"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Cdma"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Wired"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Gsm"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Serial"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.IP4Config"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="SetLogging"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="Sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="wake"/>
        </policy>
        <policy at_console="true">
                <allow send_destination="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Introspectable"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.DBus.Properties"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.AccessPoint"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Connection.Active"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Cdma"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Wired"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Gsm"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Serial"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.Device"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.IP4Config"/>

                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="SetLogging"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="Sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="wake"/>
        </policy>
        <policy context="default">
                <deny own="org.freedesktop.NetworkManager"/>
                <deny own="org.freedesktop.NetworkManagerSystemSettings"/>

                <deny send_destination="org.freedesktop.NetworkManager"/>
                <allow send_destination="org.freedesktop.NetworkManagerSystemSettings"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="SetLogging"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="Sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="sleep"/>

                <deny send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="wake"/>

                <!-- The org.freedesktop.NetworkManagerSettings.Connection.Secrets
                     interface is secured via PolicyKit.
                  -->
        </policy>

        <limit name="max_replies_per_connection">512</limit>
</busconfig>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20101230/d1bf8ca1/attachment-0001.pgp>


More information about the Pkg-utopia-maintainers mailing list