Bug 1112387 - [abrt] initial-setup: connection.py:651:call_blocking:DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, ...
Summary: [abrt] initial-setup: connection.py:651:call_blocking:DBusException: org.free...
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 21
Hardware: armv7l
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:0b59b9ff6889ecc663cf7206ca4...
Keywords:
Depends On:
Blocks: ARMTracker F21AlphaBlocker
TreeView+ depends on / blocked
 
Reported: 2014-06-23 19:59 UTC by Paul Whalen
Modified: 2014-09-10 02:45 UTC (History)
11 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2014-09-10 02:45:38 UTC


Attachments (Terms of Use)
File: backtrace (2.58 KB, text/plain)
2014-06-23 19:59 UTC, Paul Whalen
no flags Details
File: dso_list (139 bytes, text/plain)
2014-06-23 19:59 UTC, Paul Whalen
no flags Details
File: environ (128 bytes, text/plain)
2014-06-23 19:59 UTC, Paul Whalen
no flags Details

Description Paul Whalen 2014-06-23 19:59:49 UTC
Description of problem:
When booting graphical images on ARM initial-setup-graphical fails to run in enforcing. 

Version-Release number of selected component:
initial-setup-0.3.21-3.fc21

Additional info:
reporter:       libreport-2.2.2
cmdline:        python -m initial_setup
executable:     /usr/lib/python2.7/site-packages/initial_setup/__main__.py
kernel:         3.16.0-0.rc1.git4.1.fc21.armv7hl
runlevel:       unknown
type:           Python
uid:            0

Truncated backtrace:
connection.py:651:call_blocking:DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

Traceback (most recent call last):
  File "/usr/lib/python2.7/runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/usr/lib/python2.7/site-packages/initial_setup/__main__.py", line 104, in <module>
    ret = ui.run()
  File "/usr/lib/python2.7/site-packages/pyanaconda/ui/gui/__init__.py", line 408, in run
    self._currentAction.refresh()
  File "/usr/lib/python2.7/site-packages/pyanaconda/ui/gui/hubs/__init__.py", line 359, in refresh
    self._createBox()
  File "/usr/lib/python2.7/site-packages/initial_setup/gui/hubs/initial_setup_hub.py", line 24, in _createBox
    Hub._createBox(self)
  File "/usr/lib/python2.7/site-packages/pyanaconda/ui/gui/hubs/__init__.py", line 188, in _createBox
    spoke.initialize()
  File "/usr/lib/python2.7/site-packages/pyanaconda/ui/gui/spokes/network.py", line 1339, in initialize
    register_secret_agent(self)
  File "/usr/lib/python2.7/site-packages/pyanaconda/ui/gui/spokes/network.py", line 1288, in register_secret_agent
    proxy.Register("anaconda", dbus_interface=AGENT_MANAGER_IFACE)
  File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 70, in __call__
    return self._proxy_method(*args, **keywords)
  File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
    **keywords)
  File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
    message, timeout)
DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

Local variables in innermost frame:
byte_arrays: False
self: <dbus._dbus.SystemBus (system) at 0xb2cfc570>
args: ('anaconda',)
object_path: '/org/freedesktop/NetworkManager/AgentManager'
signature: None
bus_name: dbus.UTF8String(':1.12')
get_args_opts: {'byte_arrays': False, 'utf8_strings': False}
timeout: -1.0
kwargs: {}
dbus_interface: 'org.freedesktop.NetworkManager.AgentManager'
message: <dbus.lowlevel.MethodCallMessage path: /org/freedesktop/NetworkManager/AgentManager, iface: org.freedesktop.NetworkManager.AgentManager, member: Register dest: :1.12>
method: 'Register'

Comment 1 Paul Whalen 2014-06-23 19:59:53 UTC
Created attachment 911573 [details]
File: backtrace

Comment 2 Paul Whalen 2014-06-23 19:59:55 UTC
Created attachment 911574 [details]
File: dso_list

Comment 3 Paul Whalen 2014-06-23 19:59:57 UTC
Created attachment 911575 [details]
File: environ

Comment 4 Vratislav Podzimek 2014-06-24 07:10:24 UTC
Looks like another bug/missing piece in selinux-policy. Reassigning.

Comment 5 Daniel Walsh 2014-08-06 22:28:28 UTC
Did you get any AVC messages?

Comment 6 Paul Whalen 2014-08-26 16:47:53 UTC
Sorry for the delay, below are avc's seen when attempting to restart initial-setup-graphical

type=USER_AVC msg=audit(1409071225.085:414): pid=523 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=error error_name=org.freedesktop.login1.NoSessionForPID dest=:1.23 spid=521 tpid=1163 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

type=USER_AVC msg=audit(1409071247.896:415): pid=523 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.24 spid=624 tpid=1184 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

type=USER_AVC msg=audit(1409071272.926:416): pid=523 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.24 spid=624 tpid=1184 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

type=SERVICE_START msg=audit(1409071301.472:417): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

type=SERVICE_STOP msg=audit(1409071301.472:418): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Comment 7 Miroslav Grepl 2014-08-27 07:52:56 UTC
What does

# ps -efZ | grep unconfined_service_t

Comment 8 Paul Whalen 2014-08-27 13:40:17 UTC
[root@wandq ~]# ps -efZ | grep unconfined_service_t
system_u:system_r:unconfined_service_t:s0 root 545 1  0 09:37 ?        00:00:00 /bin/xinit /bin/firstboot-windowmanager /bin/initial-setup -- /bin/Xorg :9 -ac -nolistenp
system_u:system_r:unconfined_service_t:s0 root 558 545  1 09:37 tty2   00:00:00 /usr/libexec/Xorg.bin :9 -ac -nolisten tcp
system_u:system_r:unconfined_service_t:s0 root 581 545  0 09:37 ?      00:00:00 /bin/sh /bin/firstboot-windowmanager /bin/initial-setup
system_u:system_r:unconfined_service_t:s0 root 596 581  0 09:37 ?      00:00:00 /usr/bin/xfwm4
system_u:system_r:unconfined_service_t:s0 root 602 581  0 09:37 ?      00:00:00 /bin/sh /bin/initial-setup
system_u:system_r:unconfined_service_t:s0 root 607 602 33 09:37 ?      00:00:24 python -m initial_setup
system_u:system_r:unconfined_service_t:s0 root 654 1  0 09:37 ?        00:00:00 /bin/dbus-launch --autolaunch 117888b86b634f70846aeab356fe1690 --binary-syntax --close-sr
system_u:system_r:unconfined_service_t:s0 root 662 1  0 09:37 ?        00:00:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
system_u:system_r:unconfined_service_t:s0 root 667 1  0 09:37 ?        00:00:00 /usr/lib/xfce4/xfconf/xfconfd
system_u:system_r:unconfined_service_t:s0 root 1013 1  0 09:37 ?       00:00:00 /usr/libexec/at-spi-bus-launcher
system_u:system_r:unconfined_service_t:s0 root 1017 1013  0 09:37 ?    00:00:00 /bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3
system_u:system_r:unconfined_service_t:s0 root 1021 1  0 09:37 ?       00:00:00 /usr/libexec/at-spi2-registryd --use-gnome-session
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1063 1041  0 09:38 ttymxc0 00:00:00 grep --color=auto unconfined_service_t

Comment 9 Paul Whalen 2014-08-27 14:56:53 UTC
Release Criteria - Expected image boot behavior: Release-blocking ARM disk images must boot to the initial-setup utility.

Comment 10 Adam Williamson 2014-08-27 16:37:53 UTC
Discussed at 2014-08-27 blocker review meeting: http://meetbot.fedoraproject.org/fedora-blocker-review/2014-08-27/f21-blocker-review.2014-08-27-15.59.log.txt . Accepted as a release blocker per criterion "Expected image boot behavior ... Release-blocking ARM disk images must boot to the initial-setup utility." , https://fedoraproject.org/wiki/Fedora_21_Alpha_Release_Criteria#Expected_image_boot_behavior

Comment 11 Miroslav Grepl 2014-08-28 13:25:32 UTC
So does it talk to 

system_u:system_r:unconfined_service_t:s0 root 581 545  0 09:37 ?      00:00:00 /bin/sh /bin/firstboot-windowmanager /bin/initial-setup

I guess so.


commit 4a4e7e79d480851a212ebf5f583c95b239440cb9
Author: Miroslav Grepl <mgrepl@redhat.com>
Date:   Thu Aug 28 15:24:37 2014 +0200

    Labeli initial-setup as install_exec_t.

Comment 12 Fedora Update System 2014-08-28 14:10:39 UTC
selinux-policy-3.13.1-77.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-77.fc21

Comment 13 Fedora Update System 2014-08-28 16:42:23 UTC
Package selinux-policy-3.13.1-77.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-77.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-9873/selinux-policy-3.13.1-77.fc21
then log in and leave karma (feedback).

Comment 14 Paul Whalen 2014-08-28 18:32:25 UTC
Installed and relabeled, doesn't appear to have resolved the issue, avcs below:

type=USER_AVC msg=audit(1409249826.957:383): pid=646 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.14 spid=757 tpid=744 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1409249851.983:384): pid=646 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.14 spid=757 tpid=744 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
type=SERVICE_START msg=audit(1409249881.119:385): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1409249881.119:386): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Comment 15 Daniel Walsh 2014-08-29 10:53:09 UTC
33e4e46c9b3262601a3c1e35ab649451904d982a
20452f33ae53d0840c11bd912779a0d6a115b409

I have just added to git the ability to dbus chat with all dbus system domains.

Which will fix this issue.

Comment 16 Miroslav Grepl 2014-08-29 11:12:30 UTC
(In reply to Paul Whalen from comment #14)
> Installed and relabeled, doesn't appear to have resolved the issue, avcs
> below:
> 
> type=USER_AVC msg=audit(1409249826.957:383): pid=646 uid=81 auid=4294967295
> ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.14
> spid=757 tpid=744 scontext=system_u:system_r:NetworkManager_t:s0
> tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus 
> exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
> type=USER_AVC msg=audit(1409249851.983:384): pid=646 uid=81 auid=4294967295
> ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.14
> spid=757 tpid=744 scontext=system_u:system_r:NetworkManager_t:s0
> tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus 
> exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
> type=SERVICE_START msg=audit(1409249881.119:385): pid=1 uid=0
> auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='
> comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=?
> addr=? terminal=? res=success'
> type=SERVICE_STOP msg=audit(1409249881.119:386): pid=1 uid=0 auid=4294967295
> ses=4294967295 subj=system_u:system_r:init_t:s0 msg='
> comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=?
> addr=? terminal=? res=success'

Ok, this is with installed system. I am still interested in

# ps -efZ |grep unconfined_service

output with your upgraded system.

Comment 17 Fedora Update System 2014-09-02 19:29:23 UTC
selinux-policy-3.13.1-78.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-78.fc21

Comment 18 Paul Whalen 2014-09-03 00:48:26 UTC
selinux-policy-3.13.1-78.fc21 fixes this on TC5. 

Many Thanks!

Comment 19 Fedora Update System 2014-09-10 02:45:38 UTC
selinux-policy-3.13.1-78.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.