1588456 – dbus-send --system does not work without --print-reply

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1588456 - dbus-send --system does not work without --print-reply

Summary: dbus-send --system does not work without --print-reply

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	dbus
Sub Component:
Version:	7.5
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	David King
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1497759 1586284
TreeView+	depends on / blocked

Reported:	2018-06-07 11:48 UTC by David Kaspar // Dee'Kej
Modified:	2020-07-13 15:20 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-07-13 15:20:38 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description David Kaspar // Dee'Kej 2018-06-07 11:48:23 UTC

Description of problem:
In BZ #1497759 we have replaced the firewall-cmd with dbus-send calls in network-scripts, for a speed improvement.

It has been now discovered though, that the 'dbus-send' calls we have there actually does not work if we do *not* use ẗhe --print-reply option as well.

Version-Release number of selected component (if applicable):
dbus-1.10.24-7.el7.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Install fresh RHEL-7.5 server version in VM.
2. Start the RHEL-7.5, log in as root.
3. Disable NetworkManager:
  $ systemctl disable NetworkManager
  $ systemctl status NetworkManager
4. Enable firewalld:
  $ systemctl enable firewalld
  $ systemctl status firewalld
5. Check that the ZONE option is *NOT* set in the ifcfg-eth0 file:
  $ cat /etc/sysconfig/network-scripts/ifcfg-eth0 | grep ZONE
6. Reboot the machine, log in again.
7. Check that we don't have any active firewall zones for eth0 NIC:
  $ firewall-cmd --get-active-zones
  ... The output of this command should be empty now.
8. Issue the DBus send call to set the firewall zone:
  $ dbus-send --system --dest=org.fedoraproject.FirewallD1 \
              /org/fedoraproject/FirewallD1 \
              org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \
              string:"trusted" string:"eth0"
9. Check if the eth0 NIC was assigned to "trusted" zone:
  $ $ firewall-cmd --get-active-zones

Actual results:


Expected results:


Additional info:

Comment 2 David Kaspar // Dee'Kej 2018-06-07 11:54:14 UTC

Darn it, I have miss-clicked... :-/

(In reply to David Kaspar [Dee'Kej] from comment #0)
> Actual results:
Empty output -- meaning no NIC is assigned to any firewall zone.

> Expected results (output):
trusted
  interfaces: eth0

> Additional info:
After adding the --print-reply option to the 'dbus-send' call, you will see the expected result.

This seems like some kind of a race-condition, since the --print-reply makes the 'dbus-send' call synchronous (and thus slower) AFAIK.

The slow down can negatively impact our customers experience with RHV. See:
https://bugzilla.redhat.com/show_bug.cgi?id=1497759#c3

----------------

NOTE: Please, make sure we fix this in upstream / Fedora as well. We use the same dbus-send calls there aas well.

Comment 4 Vladimir Benes 2018-06-07 12:01:26 UTC

(In reply to David Kaspar [Dee'Kej] from comment #0)
> Description of problem:
> In BZ #1497759 we have replaced the firewall-cmd with dbus-send calls in
> network-scripts, for a speed improvement.
> 
> It has been now discovered though, that the 'dbus-send' calls we have there
> actually does not work if we do *not* use ẗhe --print-reply option as well.
> 
> Version-Release number of selected component (if applicable):
> dbus-1.10.24-7.el7.x86_64
> 
> How reproducible:
> Always.
> 
> Steps to Reproduce:
> 1. Install fresh RHEL-7.5 server version in VM.
> 2. Start the RHEL-7.5, log in as root.
> 3. Disable NetworkManager:
>   $ systemctl disable NetworkManager
>   $ systemctl status NetworkManager

Just curious, why do you do this? Does it have any impact on result?

Comment 5 David Kaspar // Dee'Kej 2018-06-07 12:24:03 UTC

(In reply to Vladimir Benes from comment #4)
> Just curious, why do you do this? Does it have any impact on result?

I'm not exactly sure what NetworkManager does in case of firewalld zones, so I'm disabling it just to be sure (so it does not mix in somehow), for consistency -- the original reproducer in BZ #1586284 also has it disabled. :)

Comment 6 David King 2018-06-12 14:48:55 UTC

(In reply to David Kaspar [Dee'Kej] from comment #0)
> Description of problem:
> In BZ #1497759 we have replaced the firewall-cmd with dbus-send calls in
> network-scripts, for a speed improvement.
> 
> It has been now discovered though, that the 'dbus-send' calls we have there
> actually does not work if we do *not* use ẗhe --print-reply option as well.

What happens if you give "--type=method_call" as an argument to dbus-send?

Comment 7 David Kaspar // Dee'Kej 2018-06-13 09:28:19 UTC

(In reply to David King from comment #6)
> What happens if you give "--type=method_call" as an argument to dbus-send?

Nothing changes, unfortunately.

-------------------------------

[root@localhost ~]# firewall-cmd --get-active-zones
trusted
  interfaces: eth0

[root@localhost ~]# dbus-send --type=method_call --system \
    --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1 \
           org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \
           string:"home" string:"eth0"

[root@localhost ~]# firewall-cmd --get-active-zones
trusted
  interfaces: eth0

Note You need to log in before you can comment on or make changes to this bug.