Bug 1227406 - libnm-glib-WARNING **: (nm-object.c:159):constructor: code should not be reached
Summary: libnm-glib-WARNING **: (nm-object.c:159):constructor: code should not be reached
Keywords:
Status: CLOSED DUPLICATE of bug 1227239
Alias: None
Product: Fedora
Classification: Fedora
Component: dnssec-trigger
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Paul Wouters
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: Default_Local_DNS_Resolver
TreeView+ depends on / blocked
 
Reported: 2015-06-02 15:26 UTC by Tomáš Hozza
Modified: 2015-06-09 15:32 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-06-09 15:32:51 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
SELinux AVC messages for running dnssec-triggerd systemd unit (4.74 KB, text/plain)
2015-06-09 13:30 UTC, Jirka Klimes 		no flags Details
View All

Description Tomáš Hozza 2015-06-02 15:26:08 UTC 
Description of problem:
When using dnssec-trigger with NetworkManager on Fedora 22 Workstation, the following warnings appear in the journal. dnssec-trigger uses a NM dispatcher script to get notifications on network configuration change. The dnssec-trigger-script is then run, which is using libnm-glib Python bindings.

Version-Release number of selected component (if applicable):
NetworkManager-1.0.2-1.fc22.x86_64
dnssec-trigger-0.12-20.fc22.x86_64

How reproducible:
always

Steps to Reproduce:
1. just boot system with dnssec-trigger enabled
OR
1. restart dnssec-triggerd

Actual results:
[root@localhost ~]# journalctl -u dnssec-triggerd -b
-- Logs begin at Tue 2015-06-02 11:37:15 CEST, end at Tue 2015-06-02 17:17:41 CEST. --
Jun 02 16:24:33 localhost.localdomain systemd[1]: Starting Reconfigure local DNSSEC resolver on connectivity changes...
Jun 02 16:24:34 localhost.localdomain dnssec-trigger-script[1056]: (process:1056): libnm-glib-WARNING **: (nm-object.c:159):constructor: code should not be reached
Jun 02 16:24:34 localhost.localdomain dnssec-triggerd[1154]: [1154] info: dnssec-trigger 0.12 start
Jun 02 16:24:35 localhost.localdomain dnssec-trigger-script[1157]: (process:1157): libnm-glib-WARNING **: (nm-object.c:159):constructor: code should not be reached
Jun 02 16:24:35 localhost.localdomain dnssec-triggerd[1154]: (process:1161): libnm-glib-WARNING **: (nm-object.c:159):constructor: code should not be reached
Jun 02 16:24:35 localhost.localdomain systemd[1]: Started Reconfigure local DNSSEC resolver on connectivity changes.

Expected results:
No warnings from libnm-glib

Additional info:
Maybe related to bug #1202197
Comment 1 Pavel Šimerda (pavlix) 2015-06-05 11:20:54 UTC 
Looks like a regression in NetworkManager's library, as this used to work.
Comment 2 Jirka Klimes 2015-06-09 13:28:52 UTC 
I was debugging it a bit and found out that running dnssec-trigger-script from the command line works fine.
However, when dnssec-triggerd systemd unit is run (which executes dnssec-trigger-script), the error appears. In the end, it showed up that the problem was caused by SELinux. The script runs fine out of systemd unit with 'getenforce 0'.

The issue seems to be that access is denied for D-BUS system bus:
type=AVC msg=audit(1433820820.962:7636): avc:  denied  { write } for  pid=18620 comm="dnssec-trigger-" name="system_bus_socket" dev="tmpfs" ino=25341 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=sock_file permissive=0

However, there are a few more AVCs too. I will include them as an attachment.
Comment 3 Jirka Klimes 2015-06-09 13:30:50 UTC 
Created attachment 1036809 [details]
SELinux AVC messages for running dnssec-triggerd systemd unit
Comment 4 Tomáš Hozza 2015-06-09 15:32:51 UTC 

*** This bug has been marked as a duplicate of bug 1227239 ***
Note You need to log in before you can comment on or make changes to this bug.