Red Hat Bugzilla – Bug 1284907
No session for cookie
Last modified: 2017-07-26 10:06:54 EDT
Description of problem:
Consider the following policy:
# cat /usr/share/polkit-1/actions/org.freedesktop.policykit.cctest.policy
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
When testuser is logged to the system (either via console or ssh) and executes /bin/whoami via pkexec, operation is not authorized:
$ pkexec /bin/whoami
==== AUTHENTICATING FOR org.freedesktop.policykit.cctest.auth_self ===
Authenticating as: testuser
polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized
This incident has been reported.
The following can be seen in /var/log/secure:
Nov 24 13:05:32 cc-toe5 polkitd: Registered Authentication Agent for unix-process:43521:8659824 (system bus name :1.204 [pkexec /bin/whoami], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Nov 24 13:05:40 cc-toe5 polkitd: Operator of unix-process:43521:8659824 FAILED to authenticate to gain authorization for action org.freedesktop.policykit.cctest.auth_self for unix-process:43521:8659824 [-bash] (owned by unix-user:testuser)
Nov 24 13:05:40 cc-toe5 pkexec: testuser: Error executing command as another user: Not authorized [USER=root] [TTY=/dev/pts/14] [CWD=/home/testuser] [COMMAND=/bin/whoami]
Nov 24 13:05:40 cc-toe5 polkitd: Unregistered Authentication Agent for unix-process:43521:8659824 (system bus name :1.204, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create aforementioned policy.
2. Log-in as testuser.
3. Exeucte "pkexec /bin/whoami" (with testuser password).
Thanks for your report. This is https://bugs.freedesktop.org/show_bug.cgi?id=90837#c20 , isn’t it?
(In reply to Miloslav Trmač from comment #1)
> Thanks for your report. This is
> https://bugs.freedesktop.org/show_bug.cgi?id=90837#c20 , isn’t it?
Yes, looks like we are hitting this upstream bug! Thanks for the reference. Hopefully we will have a fix soon :)
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle.
Changing version to '24'.
More information and reason for this action is here:
This message is a reminder that Fedora 24 is nearing its end of life.
Approximately 2 (two) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 24. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora 'version'
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.
Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 24 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.