RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Description of problem:
DBus daemon is by default listening on unix socket placed in /run/dbus/system_bus_socket. Since /run is mount.bind into chroot environment it is possible to connect to DBus but this connection is handled by DBus daemon running outside chroot enviroment.
The outside running DBus daemon is not aware of configuration in chroot environment and therefore does not permit actions that should be allowed according to configuration in chroot environment.
The preferred solution would be to start separate instance of DBus daemon inside chroot environment

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Install RHEL 7.2 with attached kickstart file

Actual results:
Certmonger fails to connect to D-Bus and is therefore unreachable.

Expected results:
Certmonger connects to D-Bus and can be reached over D-Bus by (not only) getcert utility.


Additional info:
This is general Anaconda issue (not RHEL 7.2 specific). I hit it on Fedora 22 too and believe it's present on other versions as well.

Created attachment 1082761 [details]
Reproducing kickstart file.

You cannot run things that expect to talk to DBus from %post. The chroot is not a running system until it has been rebooted, and trying to treat it as such is going to end up causing no end of problems.

Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.

Ok. Then why is DBus available in chroot? Is there a chance /run will be not mount.bind? The problem is DBus is available but behaves other than expected.

That's just a side-effect of how the chroot needs to be setup for other things.

Bind-mounting /run (together with /sys) to /mnt/sysimage (the installed system) was added because of dracut and creation of hostonly initrd.img as documented in the bug #922988. I'm not sure what we could do here. We could probably bind-mount only some things from /run to /mnt/sysimage/run, but it'd be quite hard to identify which ones are needed/useful.