Bug 517528
Summary: | Policy required for cups-pk-helper | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tim Waugh <twaugh> | ||||||
Component: | cups-pk-helper | Assignee: | Marek Kašík <mkasik> | ||||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | rawhide | CC: | dwalsh, jkubin, mclasen, mgrepl, mkasik | ||||||
Target Milestone: | --- | Keywords: | Reopened | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2009-08-24 10:30:29 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 509829 | ||||||||
Attachments: |
|
Description
Tim Waugh
2009-08-14 13:32:36 UTC
Created attachment 357540 [details]
selinux-policy-cups-pk-helper.patch
I *think* this policy is required, in that I no longer get AVC messages -- but in my testing I get this in /var/log/messages:
Aug 15 14:24:33 worm kernel: cups-pk-helper-[9340]: segfault at 18 ip 000000322c4156a0 sp 00007fff8af444f8 error 4 in libpolkit-gobject-1.so.0.0.0[322c400000+1e000]
Possibly we should 'dontaudit' the getsched call instead of 'allow'ing it. I'll try that next. No, that doesn't work. :-( Changing component back to cups-pk-helper until that's resolved. Created attachment 357549 [details]
selinux-policy-cups-pk-helper.patch
I've tested this patch and it works.
OK, patch ready for selinux-policy inclusion. It would be really useful to have a package in koji as soon as possible so that it can be included in the Live CD for the printing fit-and-finish session on Tuesday. Thanks! Grr, changing back to cups-pk-helper again. It only works when SELinux is in permissive mode. Marek, this is the backtrace from cups-pk-helper-mechanism when running with selinux-policy patched as in comment #4. Can you take a look at it please? #0 0x000000322c4156a0 in polkit_authorization_result_get_is_authorized () from /usr/lib64/libpolkit-gobject-1.so.0 #1 0x00000000004083f8 in _check_polkit_for_action_internal ( mechanism=0x13a3400, context=0x13c72a0, action_method=0x40b91a "server-settings", error=0x7fff4244b8e8) at cups-pk-helper-mechanism.c:281 #2 0x000000000040857e in _check_polkit_for_action_v (mechanism=0x13a3400, context=0x13c72a0, first_action_method=0x40b91a "server-settings") at cups-pk-helper-mechanism.c:325 #3 0x0000000000408691 in _check_polkit_for_action (mechanism=0x13a3400, context=0x13c72a0, action_method=0x40b91a "server-settings") at cups-pk-helper-mechanism.c:357 #4 0x00000000004096d6 in cph_mechanism_server_get_settings ( mechanism=0x13a3400, context=0x13c72a0) at cups-pk-helper-mechanism.c:952 #5 0x000000322600c76f in ?? () from /usr/lib64/libdbus-glib-1.so.2 #6 0x000000322600cc3c in ?? () from /usr/lib64/libdbus-glib-1.so.2 #7 0x000000322001cbee in ?? () from /lib64/libdbus-1.so.3 #8 0x0000003220010a1c in dbus_connection_dispatch () from /lib64/libdbus-1.so.3 #9 0x00000032260098e5 in ?? () from /usr/lib64/libdbus-glib-1.so.2 #10 0x000000321d4391be in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #11 0x000000321d43cba8 in ?? () from /lib64/libglib-2.0.so.0 #12 0x000000321d43cff5 in g_main_loop_run () from /lib64/libglib-2.0.so.0 #13 0x0000000000409e26 in main (argc=1, argv=0x7fff4244c298) at main.c:142 Also: #1 0x00000000004083f8 in _check_polkit_for_action_internal ( mechanism=0x13a3400, context=0x13c72a0, action_method=0x40b91a "server-settings", error=0x7fff4244b8e8) at cups-pk-helper-mechanism.c:281 281 if (!polkit_authorization_result_get_is_authorized (pk_result)) { (gdb) p pk_result $2 = (PolkitAuthorizationResult *) 0x0 So the problems are: 1. For some reason polkit_authority_check_authorization_sync() is returning NULL 2. In addition, we aren't checking for that error (To get this backtrace I just added a 'sleep(20);' at the beginning of main()...) Note that you only get this segfault when running in enforcing mode. I found this while digging into the polkit_authority_check_authorization_sync() call: (gdb) step _polkit_authority_check_authorization_finish (instance=0xdb8940, _out_result=0x7fff4c0de2e8, res=0xdb4800, error=0x7fff4c0de2e0) at _polkitauthority.c:774 774 { (gdb) n 775 GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res); (gdb) 779 g_return_val_if_fail (_POLKIT_IS_AUTHORITY (instance) && EGG_DBUS_IS_INTERFACE_PROXY (instance), FALSE); (gdb) 781 g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == _polkit_authority_check_authorization); (gdb) 786 if (g_simple_async_result_propagate_error (simple, error)) (gdb) 806 } (gdb) p error $7 = (GError **) 0x7fff4c0de2e0 (gdb) p *error $8 = (GError *) 0xd88d70 (gdb) p **error $9 = {domain = 139, code = 12, message = 0xdc0010 "Remote Exception invoking org.freedesktop.PolicyKit1.Authority.CheckAuthorization() on /org/freedesktop/PolicyKit1/Authority at name org.freedesktop.PolicyKit1: org.freedesktop.DBus.Error.AccessDenied"...} Hi Tim, I can not reproduce the problem, but I prepared a scratch build with a patch checking the result of polkit_authority_check_authorization_sync(). Its here http://koji.fedoraproject.org/koji/taskinfo?taskID=1609175. Could you try whether it solves the problem for you? Thank you Marek With this package, and with SELinux policy modified like this: -- serefpolicy-3.6.26/policy/modules/system/init.te.cups-pk-helper 2009-08-16 11:12:55.196914451 +0100 +++ serefpolicy-3.6.26/policy/modules/system/init.te 2009-08-16 11:13:28.905914087 +0100 @@ -439,6 +439,11 @@ userdom_read_user_home_content_files(ini # TTYs to any process in the initrc_t domain. Therefore, daemons and such # started from init should be placed in their own domain. userdom_use_user_terminals(initrc_t) +optional_policy(` + # Allow interaction with cupsd + cups_stream_connect(initrc_t) + cups_tcp_connect(initrc_t) +') ifdef(`distro_debian',` dev_setattr_generic_dirs(initrc_t) the mechanism no longer segfaults, but I still don't get a PolicyKit authorization dialog. Here's 'strace -s1000 -p ...' output from the cups-pk-helper-mechanism process when trying to fetch server settings: Process 8494 attached - interrupt to quit restart_syscall(<... resuming interrupted call ...>) = 1 read(3, "l\4\1\1\35\0\0\0\16\0\0\0\211\0\0\0\1\1o\0\25\0\0\0/org/freedesktop/DBus\0\0\0\2\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\3\1s\0\20\0\0\0NameOwnerChanged\0\0\0\0\0\0\0\0\7\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\10\1g\0\3sss\0\0\0\0\0\0\0\0\6\0\0\0:1.118\0\0\6\0\0\0:1.118\0\0\0\0\0\0\0"..., 2048) = 189 read(3, 0x1ea93f0, 2048) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 15308) = 1 ([{fd=3, revents=POLLIN}]) read(3, "l\4\1\1\37\0\0\0\17\0\0\0\211\0\0\0\1\1o\0\25\0\0\0/org/freedesktop/DBus\0\0\0\2\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\3\1s\0\20\0\0\0NameOwnerChanged\0\0\0\0\0\0\0\0\7\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\10\1g\0\3sss\0\0\0\0\0\0\0\0\6\0\0\0:1.120\0\0\0\0\0\0\0\0\0\0\6\0\0\0:1.120\0"..., 2048) = 191 read(3, 0x1ea93f0, 2048) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 11707) = 1 ([{fd=3, revents=POLLIN}]) read(3, "l\1\0\1\0\0\0\0\4\0\0\0w\0\0\0\1\1o\0\1\0\0\0/\0\0\0\0\0\0\0\6\1s\0\6\0\0\0:1.116\0\0\2\1s\0#\0\0\0org.freedesktop.DBus.Introspectable\0\0\0\0\0\3\1s\0\n\0\0\0Introspect\0\0\0\0\0\0\7\1s\0\6\0\0\0:1.120\0\0"..., 2048) = 136 read(3, 0x1ea93f0, 2048) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout) writev(3, [{"l\2\1\1\17\33\0\0\22\0\0\0\37\0\0\0\6\1s\0\6\0\0\0:1.120\0\0\5\1u\0\4\0\0\0\10\1g\0\1s\0\0"..., 48}, {"\n\33\0\0<!DOCTYPE node PUBLIC \"-//freedesktop//DTD D-BUS Object Introspection 1.0//EN\"\n\"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd\">\n<node>\n <interface name=\"org.freedesktop.DBus.Introspectable\">\n <method name=\"Introspect\">\n <arg name=\"data\" direction=\"out\" type=\"s\"/>\n </method>\n </interface>\n <interface name=\"org.freedesktop.DBus.Properties\">\n <method name=\"Get\">\n <arg name=\"interface\" direction=\"in\" type=\"s\"/>\n <arg name=\"propname\" direction=\"in\" type=\"s\"/>\n <arg name=\"value\" direction=\"out\" type=\"v\"/>\n </method>\n <method name=\"Set\">\n <arg name=\"interface\" direction=\"in\" type=\"s\"/>\n <arg name=\"propname\" direction=\"in\" type=\"s\"/>\n <arg name=\"value\" direction=\"in\" type=\"v\"/>\n </method>\n <method name=\"GetAll\">\n <arg name=\"interface\" direction=\"in\" type=\"s\"/>\n <arg name=\"props\" direction=\"out\" type=\"a{sv}\"/>\n </method>\n </interface>\n <interface name=\"org.opensuse.CupsPkHelper.Mechanism\">\n <method na"..., 6927}], 2) = 6975 poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 10212) = 1 ([{fd=3, revents=POLLIN}]) read(3, "l\1\0\1\0\0\0\0\5\0\0\0\177\0\0\0\1\1o\0\1\0\0\0/\0\0\0\0\0\0\0\6\1s\0\6\0\0\0:1.116\0\0\2\1s\0#\0\0\0org.opensuse.CupsPkHelper.Mechanism\0\0\0\0\0\3\1s\0\21\0\0\0ServerGetSettings\0\0\0\0\0\0\0\7\1s\0\6\0\0\0:1.120\0\0"..., 2048) = 144 read(3, 0x1ea93f0, 2048) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout) writev(9, [{"l\1\0\1y\0\0\0\v\0\0\0\276\0\0\0\1\1o\0%\0\0\0/org/freedesktop/PolicyKit1/Authority\0\0\0\6\1s\0\32\0\0\0org.freedesktop.PolicyKit1\0\0\0\0\0\0\2\1s\0$\0\0\0org.freedesktop.PolicyKit1.Authority\0\0\0\0\3\1s\0\22\0\0\0CheckAuthorization\0\0\0\0\0\0\10\1g\0\20(sa{sv})sa{ss}us\0\0\0"..., 208}, {"\17\0\0\0system-bus-name\0\27\0\0\0\4\0\0\0name\0\1s\0\6\0\0\0:1.120\0\0003\0\0\0org.opensuse.cupspkhelper.mechanism.server-settings\0\0\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0\0"..., 121}], 2) = 329 poll([{fd=9, events=POLLIN}], 1, -1) = 1 ([{fd=9, revents=POLLIN}]) read(9, "l\3\1\1\t\1\0\0\f\0\0\0m\0\0\0\6\1s\0\6\0\0\0:1.117\0\0\4\1s\0'\0\0\0org.freedesktop.DBus.Error.AccessDenied\0\5\1u\0\v\0\0\0\10\1g\0\1s\0\0\7\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\4\1\0\0An SELinux policy prevents this sender from sending this message to this recipient (rejected message had sender \":1.117\" interface \"org.freedesktop.PolicyKit1.Authority\" member \"CheckAuthorization\" error name \"(unset)\" destination \"org.freedesktop.PolicyKit1\")\0"..., 2048) = 393 read(9, 0x1ecc710, 2048) = -1 EAGAIN (Resource temporarily unavailable) writev(3, [{"l\3\1\1H\0\0\0\23\0\0\0_\0\0\0\6\1s\0\6\0\0\0:1.120\0\0\4\1s\0001\0\0\0org.opensuse.CupsPkHelper.Mechanism.NotPrivileged\0\0\0\0\0\0\0\5\1u\0\5\0\0\0\10\1g\0\1s\0\0"..., 112}, {"C\0\0\0Not Authorized: org.opensuse.cupspkhelper.mechanism.server-settings\0"..., 72}], 2) = 184 poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 30000) = 1 ([{fd=3, revents=POLLIN}]) read(3, "l\4\1\1\37\0\0\0\20\0\0\0\211\0\0\0\1\1o\0\25\0\0\0/org/freedesktop/DBus\0\0\0\2\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\3\1s\0\20\0\0\0NameOwnerChanged\0\0\0\0\0\0\0\0\7\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\10\1g\0\3sss\0\0\0\0\0\0\0\0\6\0\0\0:1.121\0\0\0\0\0\0\0\0\0\0\6\0\0\0:1.121\0"..., 2048) = 191 read(3, 0x1ea93f0, 2048) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 30000) = 1 ([{fd=3, revents=POLLIN}]) read(3, "l\1\0\1\0\0\0\0\7\0\0\0w\0\0\0\1\1o\0\1\0\0\0/\0\0\0\0\0\0\0\6\1s\0\6\0\0\0:1.116\0\0\2\1s\0#\0\0\0org.freedesktop.DBus.Introspectable\0\0\0\0\0\3\1s\0\n\0\0\0Introspect\0\0\0\0\0\0\7\1s\0\6\0\0\0:1.120\0\0"..., 2048) = 136 read(3, 0x1ea93f0, 2048) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout) writev(3, [{"l\2\1\1\17\33\0\0\24\0\0\0\37\0\0\0\6\1s\0\6\0\0\0:1.120\0\0\5\1u\0\7\0\0\0\10\1g\0\1s\0\0"..., 48}, {"\n\33\0\0<!DOCTYPE node PUBLIC \"-//freedesktop//DTD D-BUS Object Introspection 1.0//EN\"\n\"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd\">\n<node>\n <interface name=\"org.freedesktop.DBus.Introspectable\">\n <method name=\"Introspect\">\n <arg name=\"data\" direction=\"out\" type=\"s\"/>\n </method>\n </interface>\n <interface name=\"org.freedesktop.DBus.Properties\">\n <method name=\"Get\">\n <arg name=\"interface\" direction=\"in\" type=\"s\"/>\n <arg name=\"propname\" direction=\"in\" type=\"s\"/>\n <arg name=\"value\" direction=\"out\" type=\"v\"/>\n </method>\n <method name=\"Set\">\n <arg name=\"interface\" direction=\"in\" type=\"s\"/>\n <arg name=\"propname\" direction=\"in\" type=\"s\"/>\n <arg name=\"value\" direction=\"in\" type=\"v\"/>\n </method>\n <method name=\"GetAll\">\n <arg name=\"interface\" direction=\"in\" type=\"s\"/>\n <arg name=\"props\" direction=\"out\" type=\"a{sv}\"/>\n </method>\n </interface>\n <interface name=\"org.opensuse.CupsPkHelper.Mechanism\">\n <method na"..., 6927}], 2) = 6975 poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 30000) = 1 ([{fd=3, revents=POLLIN}]) read(3, "l\1\0\1\0\0\0\0\10\0\0\0\177\0\0\0\1\1o\0\1\0\0\0/\0\0\0\0\0\0\0\6\1s\0\6\0\0\0:1.116\0\0\2\1s\0#\0\0\0org.opensuse.CupsPkHelper.Mechanism\0\0\0\0\0\3\1s\0\21\0\0\0ServerGetSettings\0\0\0\0\0\0\0\7\1s\0\6\0\0\0:1.120\0\0"..., 2048) = 144 read(3, 0x1ea93f0, 2048) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout) writev(9, [{"l\1\0\1y\0\0\0\f\0\0\0\276\0\0\0\1\1o\0%\0\0\0/org/freedesktop/PolicyKit1/Authority\0\0\0\6\1s\0\32\0\0\0org.freedesktop.PolicyKit1\0\0\0\0\0\0\2\1s\0$\0\0\0org.freedesktop.PolicyKit1.Authority\0\0\0\0\3\1s\0\22\0\0\0CheckAuthorization\0\0\0\0\0\0\10\1g\0\20(sa{sv})sa{ss}us\0\0\0"..., 208}, {"\17\0\0\0system-bus-name\0\27\0\0\0\4\0\0\0name\0\1s\0\6\0\0\0:1.120\0\0003\0\0\0org.opensuse.cupspkhelper.mechanism.server-settings\0\0\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0\0"..., 121}], 2) = 329 poll([{fd=9, events=POLLIN}], 1, -1) = 1 ([{fd=9, revents=POLLIN}]) read(9, "l\3\1\1\t\1\0\0\r\0\0\0m\0\0\0\6\1s\0\6\0\0\0:1.117\0\0\4\1s\0'\0\0\0org.freedesktop.DBus.Error.AccessDenied\0\5\1u\0\f\0\0\0\10\1g\0\1s\0\0\7\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\4\1\0\0An SELinux policy prevents this sender from sending this message to this recipient (rejected message had sender \":1.117\" interface \"org.freedesktop.PolicyKit1.Authority\" member \"CheckAuthorization\" error name \"(unset)\" destination \"org.freedesktop.PolicyKit1\")\0"..., 2048) = 393 read(9, 0x1ecc710, 2048) = -1 EAGAIN (Resource temporarily unavailable) writev(3, [{"l\3\1\1H\0\0\0\25\0\0\0_\0\0\0\6\1s\0\6\0\0\0:1.120\0\0\4\1s\0001\0\0\0org.opensuse.CupsPkHelper.Mechanism.NotPrivileged\0\0\0\0\0\0\0\5\1u\0\10\0\0\0\10\1g\0\1s\0\0"..., 112}, {"C\0\0\0Not Authorized: org.opensuse.cupspkhelper.mechanism.server-settings\0"..., 72}], 2) = 184 poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 30000) = 1 ([{fd=3, revents=POLLIN}]) read(3, "l\1\0\1\0\0\0\0\n\0\0\0w\0\0\0\1\1o\0\1\0\0\0/\0\0\0\0\0\0\0\6\1s\0\6\0\0\0:1.116\0\0\2\1s\0#\0\0\0org.freedesktop.DBus.Introspectable\0\0\0\0\0\3\1s\0\n\0\0\0Introspect\0\0\0\0\0\0\7\1s\0\6\0\0\0:1.120\0\0"..., 2048) = 136 read(3, 0x1ea93f0, 2048) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout) writev(3, [{"l\2\1\1\17\33\0\0\26\0\0\0\37\0\0\0\6\1s\0\6\0\0\0:1.120\0\0\5\1u\0\n\0\0\0\10\1g\0\1s\0\0"..., 48}, {"\n\33\0\0<!DOCTYPE node PUBLIC \"-//freedesktop//DTD D-BUS Object Introspection 1.0//EN\"\n\"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd\">\n<node>\n <interface name=\"org.freedesktop.DBus.Introspectable\">\n <method name=\"Introspect\">\n <arg name=\"data\" direction=\"out\" type=\"s\"/>\n </method>\n </interface>\n <interface name=\"org.freedesktop.DBus.Properties\">\n <method name=\"Get\">\n <arg name=\"interface\" direction=\"in\" type=\"s\"/>\n <arg name=\"propname\" direction=\"in\" type=\"s\"/>\n <arg name=\"value\" direction=\"out\" type=\"v\"/>\n </method>\n <method name=\"Set\">\n <arg name=\"interface\" direction=\"in\" type=\"s\"/>\n <arg name=\"propname\" direction=\"in\" type=\"s\"/>\n <arg name=\"value\" direction=\"in\" type=\"v\"/>\n </method>\n <method name=\"GetAll\">\n <arg name=\"interface\" direction=\"in\" type=\"s\"/>\n <arg name=\"props\" direction=\"out\" type=\"a{sv}\"/>\n </method>\n </interface>\n <interface name=\"org.opensuse.CupsPkHelper.Mechanism\">\n <method na"..., 6927}], 2) = 6975 poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 20908) = 1 ([{fd=3, revents=POLLIN}]) read(3, "l\1\0\1\0\0\0\0\v\0\0\0\177\0\0\0\1\1o\0\1\0\0\0/\0\0\0\0\0\0\0\6\1s\0\6\0\0\0:1.116\0\0\2\1s\0#\0\0\0org.opensuse.CupsPkHelper.Mechanism\0\0\0\0\0\3\1s\0\21\0\0\0ServerGetSettings\0\0\0\0\0\0\0\7\1s\0\6\0\0\0:1.120\0\0"..., 2048) = 144 read(3, 0x1ea93f0, 2048) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout) writev(9, [{"l\1\0\1y\0\0\0\r\0\0\0\276\0\0\0\1\1o\0%\0\0\0/org/freedesktop/PolicyKit1/Authority\0\0\0\6\1s\0\32\0\0\0org.freedesktop.PolicyKit1\0\0\0\0\0\0\2\1s\0$\0\0\0org.freedesktop.PolicyKit1.Authority\0\0\0\0\3\1s\0\22\0\0\0CheckAuthorization\0\0\0\0\0\0\10\1g\0\20(sa{sv})sa{ss}us\0\0\0"..., 208}, {"\17\0\0\0system-bus-name\0\27\0\0\0\4\0\0\0name\0\1s\0\6\0\0\0:1.120\0\0003\0\0\0org.opensuse.cupspkhelper.mechanism.server-settings\0\0\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0\0"..., 121}], 2) = 329 poll([{fd=9, events=POLLIN}], 1, -1) = 1 ([{fd=9, revents=POLLIN}]) read(9, "l\3\1\1\t\1\0\0\16\0\0\0m\0\0\0\6\1s\0\6\0\0\0:1.117\0\0\4\1s\0'\0\0\0org.freedesktop.DBus.Error.AccessDenied\0\5\1u\0\r\0\0\0\10\1g\0\1s\0\0\7\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\4\1\0\0An SELinux policy prevents this sender from sending this message to this recipient (rejected message had sender \":1.117\" interface \"org.freedesktop.PolicyKit1.Authority\" member \"CheckAuthorization\" error name \"(unset)\" destination \"org.freedesktop.PolicyKit1\")\0"..., 2048) = 393 read(9, 0x1ecc710, 2048) = -1 EAGAIN (Resource temporarily unavailable) writev(3, [{"l\3\1\1H\0\0\0\27\0\0\0_\0\0\0\6\1s\0\6\0\0\0:1.120\0\0\4\1s\0001\0\0\0org.opensuse.CupsPkHelper.Mechanism.NotPrivileged\0\0\0\0\0\0\0\5\1u\0\v\0\0\0\10\1g\0\1s\0\0"..., 112}, {"C\0\0\0Not Authorized: org.opensuse.cupspkhelper.mechanism.server-settings\0"..., 72}], 2) = 184 poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 29903) = 1 ([{fd=3, revents=POLLIN}]) read(3, "l\4\1\1\35\0\0\0\21\0\0\0\211\0\0\0\1\1o\0\25\0\0\0/org/freedesktop/DBus\0\0\0\2\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\3\1s\0\20\0\0\0NameOwnerChanged\0\0\0\0\0\0\0\0\7\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\10\1g\0\3sss\0\0\0\0\0\0\0\0\6\0\0\0:1.120\0\0\6\0\0\0:1.120\0\0\0\0\0\0\0"..., 2048) = 189 read(3, 0x1ea93f0, 2048) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 29097^C <unfinished ...> Process 8494 detached One other thing of note: I don't see any of the cupspkhelper methods in the list at System->Preferences->Authorizations. > One other thing of note: I don't see any of the cupspkhelper methods in the
> list at System->Preferences->Authorizations.
You don't see it there because polkit-gnome-authorization is from PolicyKit (old style) and not from polkit (new style).
Which versions of these packages do you have?
Marek
You can try 'pkaction' (polkit) to see cups-pk-helper's methods (vs. 'polkit-action' - PolicyKit). OK, pkaction shows them. I have polkit-0.93-3.fc12.x86_64. Is cups-pk-helper working correctly for you in rawhide? It worked for me, but now it doesn't. It shows me old authentication dialog instead of the polkit's one. If I run /usr/libexec/cups-pk-helper-mechanism manually as root then it works. Marek Fixed in selinux-policy-3.6.27-2.fc12.noarch Re-opening for cups-pk-helper crash noted in comment #1. Fixed in cups-pk-helper-0.0.4-6.fc12. It still doesn't work. Marek Hi, I tried this (in Permissive mode): yum erase selinux-policy-targeted mv /etc/selinux/targeted/modules /etc/selinux/targeted/modules.old yum install selinux-policy-targeted turn on Enforcing mode mark system to relabel on reboot reboot and it shows polkit's dialog correctly. tested with: cups-pk-helper-0.0.4-7 system-config-printer-1.1.10-8 selinux-policy-3.6.26-8 selinux-policy-targeted-3.6.26-8 the rawhide is an update of F11 and runs in qemu Tim, could you confirm whether this works for you? Thanks Marek Bizarrely, this works. (I tried on a machine that was freshly installed from rawhide on the 12th of August...) I tried system-config-printer in fresh install of F12-alpha-RC2 now and it works without any problem (in Enforcing mode). Marek OK, let's mark this as fixed then. |