| Summary: | openscap-daemon initial usability issues (tracker 7.3.0) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Marek Haicman <mhaicman> |
| Component: | openscap-daemon | Assignee: | Martin Preisler <mpreisle> |
| Status: | CLOSED ERRATA | QA Contact: | Matus Marhefka <mmarhefk> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | ebenes, matyc, mhaicman, mpreisle, mthacker |
| Target Milestone: | rc | Keywords: | Extras |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openscap_daemon-0.1.10-1.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-04-11 00:06:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Marek Haicman
2016-09-24 18:28:13 UTC
This should all be fixed as part of https://bugzilla.redhat.com/show_bug.cgi?id=1367125 Issue 1) is not fixed:
========= OLD
[0 root@qeos-177 ~]# su - testuser
[0 testuser@qeos-177 ~]$ oscapd
INFO:OpenSCAP Daemon 0.1.5
Traceback (most recent call last):
File "/bin/oscapd", line 76, in <module>
main()
File "/bin/oscapd", line 64, in main
name = dbus.service.BusName(dbus_utils.BUS_NAME, bus)
File "/usr/lib64/python2.7/site-packages/dbus/service.py", line 131, in __new__
retval = bus.request_name(name, name_flags)
File "/usr/lib64/python2.7/site-packages/dbus/bus.py", line 303, in request_name
'su', (name, flags))
File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Connection ":1.28" is not allowed to own the service "org.OpenSCAP.daemon" due to security policies in the configuration file
========= NEW
[0 root@qeos-159 ~]# su - testuser
[0 testuser@qeos-159 ~]$ oscapd
INFO:OpenSCAP Daemon 0.1.6
Traceback (most recent call last):
File "/bin/oscapd", line 76, in <module>
main()
File "/bin/oscapd", line 64, in main
name = dbus.service.BusName(dbus_utils.BUS_NAME, bus)
File "/usr/lib64/python2.7/site-packages/dbus/service.py", line 131, in __new__
retval = bus.request_name(name, name_flags)
File "/usr/lib64/python2.7/site-packages/dbus/bus.py", line 303, in request_name
'su', (name, flags))
File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Connection ":1.34" is not allowed to own the service "org.OpenSCAP.daemon" due to security policies in the configuration file
Issue 2) is fixed
========= OLD
[0 testuser@qeos-177 ~]$ oscapd-cli status
ERROR:dbus.proxies:Introspect error on :1.30:/OpenSCAP/daemon: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 2 matched rules; type="method_call", sender=":1.32" (uid=1000 pid=1377 comm="/usr/bin/python /bin/oscapd-cli status ") interface="org.freedesktop.DBus.Introspectable" member="Introspect" error name="(unset)" requested_reply="0" destination=":1.30" (uid=0 pid=1348 comm="/usr/bin/python /usr/bin/oscapd ")
Traceback (most recent call last):
File "/bin/oscapd-cli", line 787, in <module>
main()
File "/bin/oscapd-cli", line 752, in main
dbus_iface.GetVersion()
File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 70, in __call__
return self._proxy_method(*args, **keywords)
File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 2 matched rules; type="method_call", sender=":1.32" (uid=1000 pid=1377 comm="/usr/bin/python /bin/oscapd-cli status ") interface="org.OpenSCAP.daemon.Interface" member="GetVersion" error name="(unset)" requested_reply="0" destination=":1.30" (uid=0 pid=1348 comm="/usr/bin/python /usr/bin/oscapd ")
========= NEW
[0 testuser@qeos-159 ~]$ oscapd-cli status
ERROR:dbus.proxies:Introspect error on :1.36:/OpenSCAP/daemon: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 2 matched rules; type="method_call", sender=":1.38" (uid=1000 pid=1523 comm="/usr/bin/python /bin/oscapd-cli status ") interface="org.freedesktop.DBus.Introspectable" member="Introspect" error name="(unset)" requested_reply="0" destination=":1.36" (uid=0 pid=1494 comm="/usr/bin/python /usr/bin/oscapd ")
Error: Access denied on the DBus interface. Do you have required permissions?
Issue 1) fixed upstream in https://github.com/OpenSCAP/openscap-daemon/commit/3adfa9fae427667b4d760bebeb75e54edd922346 Fixed In Version: openscap-daemon-0.1.9-1
Issue 2 is fixed but Issue 1 is still ocuring in openscap-daemon-0.1.9-1.el7.noarch (there should be no tracebacks):
# su - testuser
$ $ oscapd-cli status
ERROR:dbus.proxies:Introspect error on :1.26:/OpenSCAP/daemon: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 2 matched rules; type="method_call", sender=":1.32" (uid=1000 pid=9837 comm="/usr/bin/python /bin/oscapd-cli status ") interface="org.freedesktop.DBus.Introspectable" member="Introspect" error name="(unset)" requested_reply="0" destination=":1.26" (uid=0 pid=9805 comm="/usr/bin/python /usr/bin/oscapd ")
Error: Access denied on the DBus interface. Do you have the necessary permissions?
$ $ oscapd
INFO:OpenSCAP Daemon 0.1.9
Error: DBus denied access to own 'org.OpenSCAP.daemon'. Do you have the necessary permissions?
Traceback (most recent call last):
File "/bin/oscapd", line 86, in <module>
main()
File "/bin/oscapd", line 65, in main
name = dbus.service.BusName(dbus_utils.BUS_NAME, bus)
File "/usr/lib64/python2.7/site-packages/dbus/service.py", line 131, in __new__
retval = bus.request_name(name, name_flags)
File "/usr/lib64/python2.7/site-packages/dbus/bus.py", line 303, in request_name
'su', (name, flags))
File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Connection ":1.33" is not allowed to own the service "org.OpenSCAP.daemon" due to security policies in the configuration file
We have agreed that the part 1 of the issue is actually fixed. There is a human-readable message and the displayed traceback enables user to find help more easily. The part 2 has been widely agree as fixed, so I am moving the issue status to POST. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1093 |