Bug 2107936 - gnome-control-center freezes when D-Bus services are not responding
Summary: gnome-control-center freezes when D-Bus services are not responding
Keywords:
Status: CLOSED DUPLICATE of bug 2109145
Alias: None
Product: Fedora
Classification: Fedora
Component: gnome-control-center
Version: 37
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: GNOME SIG Unassigned
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-07-17 20:00 UTC by Josh Berkus
Modified: 2022-09-02 02:36 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2022-08-22 00:23:06 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
backtrace (130.04 KB, text/plain)
2022-08-14 15:19 UTC, Lyes Saadi
no flags Details

Description Josh Berkus 2022-07-17 20:00:09 UTC
Description of problem:

Malcontent prevents launch of flatpak applications even when not enabled, and cannot be removed.  Attempts to configure malcontent via UI crash Gnome Control Center

Version-Release number of selected component (if applicable):

* Flatpak 1.13
* Fedora Linux Rawhide.20220715.n.0 (Silverblue Prerelease)
* Gnome 42.2

How reproducible:

100%

Steps to Reproduce:

1. Try to launch an older Flatpak or any Flatpak not configured to support Malcontent on current rawhide, such as Thunderbird.
2. Get: "error: Not allowed to query parental controls data for user 1000"
3. Look into configuring parental controls by going to Gnome Control Panel --User
   OR: launch malcontent-control
4. Control panel UI locks up and crashes

Currently, I have no way to use thunderbird or several other flatpaks on Fedora.

Expected results:

A. Malcontent should not be blocking flatpaks if it's not configured
B. Attempts to configure malcontent shouldn't crash

OR: given the number of terrible bugs in malcontent, maybe we should take it out of Fedora?  It doesn't seem to work for actual parental control, and it does seem to break a lot of things.

Comment 1 Josh Berkus 2022-07-17 20:00:41 UTC
(filed against gnome-shell because I've been told that malcontent is now part of gnome-shell)

Comment 2 Michael Catanzaro 2022-07-17 22:38:51 UTC
(In reply to Josh Berkus from comment #0)
> 4. Control panel UI locks up and crashes

Let's start with the crash. Please provide a backtrace using 'coredumpctl gdb'.

Comment 3 Josh Berkus 2022-07-18 16:08:42 UTC
And, now, not crashing.  Instead I get some actual error output:


(gnome-control-center:134682): user-accounts-cc-panel-WARNING **: 09:01:49.509: Error retrieving app filter for user (null): User 4294967295 does not exist

(gnome-control-center:134682): user-accounts-cc-panel-CRITICAL **: 09:02:01.361: cc_avatar_chooser_set_user: assertion 'self != NULL' failed


I would attach a screenshot, but the screenshot tool also is not launching.

Previously, control panel was freezing and crashing when I did this.  Now it seems to be operating ... just inaccessible.

Comment 4 Josh Berkus 2022-07-18 16:17:55 UTC
More info:

I rebased to Fedora 36 release, and all of this worked fine.  So the problems are due to some change introduced since 36.0.

Comment 5 Michael Catanzaro 2022-07-18 21:38:06 UTC
(In reply to Josh Berkus from comment #3)
> And, now, not crashing.  Instead I get some actual error output:
> 
> 
> (gnome-control-center:134682): user-accounts-cc-panel-WARNING **:
> 09:01:49.509: Error retrieving app filter for user (null): User 4294967295
> does not exist
> 
> (gnome-control-center:134682): user-accounts-cc-panel-CRITICAL **:
> 09:02:01.361: cc_avatar_chooser_set_user: assertion 'self != NULL' failed

You can still get backtraces. Use G_DEBUG=fatal-warnings to catch the first one, which looks relevant here.

You can also use G_DEBUG=fatal-criticals to report the second one in a separate bug report.

Comment 6 Josh Berkus 2022-07-19 22:08:04 UTC
Will do.  This will be a little slow, though, because this is my work machine and I need to reboot it into the unusable configuration in order to test things.

In the meantime, I'm going to split this bug and file the "Not allowed to query parental controls" as a new bug, since it looks like they're not related after all.

Comment 7 Lyes Saadi 2022-08-09 09:33:45 UTC
Hey!

Hitting the same bug on rawhide, it is still present, and quite concerning since branching is well... today. Also, maybe related, but I am unable to unlock any setting in gnome-control-center.

Comment 8 Ben Cotton 2022-08-09 13:22:25 UTC
This bug appears to have been reported against 'rawhide' during the Fedora Linux 37 development cycle.
Changing version to 37.

Comment 9 Lyes Saadi 2022-08-09 18:56:39 UTC
Huh, a restart solved this for me.

Comment 10 Josh Berkus 2022-08-09 20:06:20 UTC
The blocking, or the control panel part?

Comment 11 Michael Catanzaro 2022-08-10 14:36:48 UTC
Still need to see a backtrace for that first warning.

Comment 12 Lyes Saadi 2022-08-14 14:09:42 UTC
I hit it again, was able to "crash it", and I am now reporting it through ABRT. Although, my internet is painfully slow where I am right now, so you'll have to wait for a bit.

Comment 13 Lyes Saadi 2022-08-14 14:11:07 UTC
Shouldn't this be reported to malcontent instead, btw? It seems for me more like malcontent failing at some point, and blocking everything by default.

Comment 14 Lyes Saadi 2022-08-14 15:19:42 UTC
Created attachment 1905467 [details]
backtrace

So, I wasn't able to generate an ABRT ticket, but, here's the report : https://retrace.fedoraproject.org/faf/reports/494617/

Also, I attached the backtrace.

Comment 15 Michael Catanzaro 2022-08-14 16:20:18 UTC
(In reply to Lyes Saadi from comment #13)
> Shouldn't this be reported to malcontent instead, btw? It seems for me more
> like malcontent failing at some point, and blocking everything by default.

I'm not sure what's wrong yet, but I don't see evidence of a problem with malcontent. Instead, it looks like gnome-control-center is going a bit crazy. It's trying to look up the malcontent app filter for uid 2^32 - 1, i.e. UINT_MAX. Surely it shouldn't be doing that.

The backtrace you attached gives us enough for an upstream bug report. Would you mind reporting this to https://gitlab.gnome.org/GNOME/gnome-control-center/issues?

Comment 16 Lyes Saadi 2022-08-14 16:23:11 UTC
Ok! Will report this upstream! But, since flatpak has the same issue, I guess it's either some shared code or malcontent? Should we file for the flatpak bug a separate issue?

Comment 17 Michael Catanzaro 2022-08-14 16:29:01 UTC
This does not look like code that would be shared.

Is flatpak printing warnings or criticals? If so, can you post another backtrace?

Comment 18 Lyes Saadi 2022-08-14 16:41:18 UTC
Yeah, I guess before submitting anything, I should recapitulate what happens in this bug report since it goes a bit everywhere.

What happens is that, at some point when normally using Fedora, a lot of things stop working at once, and they all point to malcontent somehow. And the only fix is to reboot.

1. It becomes impossible to run _any_ flatpak app (the most urgent IMO, and maybe a blocker bug):

```
error: Not allowed to query parental controls data for user 1000
```

That's the only error.

2. In Settings, a lot of things stop working, the user is unable to unlock settings in multiple panels, like the user panel, the printer panel, the date and time panels, unable to fetch apps for the applications panel. Here are all the workings I got travelling through the Settings app:

```
bluetooth-cc-panel-Message: 17:33:38.750: BluetoothHardwareAirplaneMode: 0

(gnome-control-center:119039): cc-applications-panel-WARNING **: 17:33:43.342: Error retrieving app filter: Not allowed to query parental controls data for user 1000

(gnome-control-center:119039): GLib-CRITICAL **: 17:33:47.287: g_atomic_ref_count_dec: assertion 'old_value > 0' failed

(gnome-control-center:119039): microphone-cc-panel-WARNING **: 17:33:48.190: Failed fetch permissions from flatpak permission store: GDBus.Error:org.freedesktop.portal.Error.NotFound: No entry for microphone
GLib-GIO: _g_io_module_get_default: Found default implementation dconf (DConfSettingsBackend) for ?gsettings-backend?GoaBackend: Loading all providers: GoaBackend:  - googleGoaBackend:  - owncloudGoaBackend:  - windows_liveGoaBackend:  - exchangeGoaBackend:  - fedoraGoaBackend: activated Fedora providerGoaBackend:  - imap_smtpGoaBackend:  - kerberosGoaBackend: activated kerberos provider
(gnome-control-center:119039): user-accounts-cc-panel-CRITICAL **: 17:34:11.734: cc_avatar_chooser_set_user: assertion 'self != NULL' failed

(gnome-control-center:119039): user-accounts-cc-panel-WARNING **: 17:34:11.925: Impossible to update fingerprint manager state: GDBus.Error:net.reactivated.Fprint.Error.PermissionDenied: Not Authorized: net.reactivated.fprint.device.verify

(gnome-control-center:119039): datetime-cc-panel-WARNING **: 17:34:13.622: Could not set system time: GDBus.Error:org.freedesktop.timedate1.AutomaticTimeSyncEnabled: AutomaticTimeSyncEnabled: Automatic time synchronization is enabled
```

Some are unrelated, but most are permission issues. Other panels do not work but do not print a warning either, like the printer panel, where I am unable to unlock settings.

And, both things happen at the same time, and both seem related to malcontent or permissions.

I could try and force remove malcontent through RPM (but breaking my system). Want me to try?

Comment 19 Michael Catanzaro 2022-08-14 17:10:55 UTC
(In reply to Lyes Saadi from comment #18)
> Yeah, I guess before submitting anything, I should recapitulate what happens
> in this bug report since it goes a bit everywhere.
> 
> What happens is that, at some point when normally using Fedora, a lot of
> things stop working at once, and they all point to malcontent somehow. And
> the only fix is to reboot.
> 
> 1. It becomes impossible to run _any_ flatpak app (the most urgent IMO, and
> maybe a blocker bug):
> 
> ```
> error: Not allowed to query parental controls data for user 1000
> ```
> 
> That's the only error.

Can you provide a backtrace for this error, please?

> 2. In Settings, a lot of things stop working, the user is unable to unlock
> settings in multiple panels, like the user panel, the printer panel, the
> date and time panels, unable to fetch apps for the applications panel. Here
> are all the workings I got travelling through the Settings app:
> 
> ```
> bluetooth-cc-panel-Message: 17:33:38.750: BluetoothHardwareAirplaneMode: 0
> 
> (gnome-control-center:119039): cc-applications-panel-WARNING **:
> 17:33:43.342: Error retrieving app filter: Not allowed to query parental
> controls data for user 1000

Let's focus on the first errors. This one is *almost* the same as what you posted a backtrace for, except this time it shows a failure for user 1000 rather than user 4294967295. So that's very different. The other errors look like all D-Bus services have become unresponsive. And you're saying this happens not just for the gnome-control-center process, but also for the flatpak process too?

It kinda seems like your entire session bus is nonresponsive, which probably has nothing to do with malcontent?

Does this happen randomly, or are you able to consistently reproduce it?

Comment 20 Lyes Saadi 2022-08-14 17:31:02 UTC
> Can you provide a backtrace for this error, please?

Well, how?

> It kinda seems like your entire session bus is nonresponsive, which probably has nothing to do with malcontent?

How could I check that?

Honestly, this bug just reminded me of another one, but I am unable to find it... Mainly a bug with nvidia-powerd spamming dbus. I had removed it, but, rebasing to rawhide seems to have brought it back? Would it be the same bug by any chance? John Berkus, do you have the xorg-x11-drv-nvidia-power package by any chance?

> Does this happen randomly, or are you able to consistently reproduce it?

Randomly, but consistently after some time. By that I mean it activates at a random time, but always activate after some time.

Comment 21 Lyes Saadi 2022-08-14 17:39:26 UTC
> Honestly, this bug just reminded me of another one, but I am unable to find it... Mainly a bug with nvidia-powerd spamming dbus. I had removed it, but, rebasing to rawhide seems to have brought it back? Would it be the same bug by any chance? John Berkus, do you have the xorg-x11-drv-nvidia-power package by any chance?

I doesn't seem to be like this. I do not have the same circumstances of the bug, and dbus seems to still be working (at least I see activity with dbus-monitor)?

Comment 22 Lyes Saadi 2022-08-14 18:38:03 UTC
Ok, so, I had to restart the session, and I noticed that actually it was GNOME entirely which was breaking down. Restarting the session resulted in an entirely non-functional gnome-shell. I rebooted and removed nvidia-power just in case, I will see if I still hit this bug or not.

Comment 23 Lyes Saadi 2022-08-15 09:06:58 UTC
Ok! It's back, so, it's not nvidia! (and the nvidia-powerd bug seems to have been fixed anyway). Ready to do any other test needed.

Comment 24 Lyes Saadi 2022-08-15 10:01:25 UTC
Another bug I've discovered : the inability to reboot/shutdown properly from the user session directly. On the power button, there's no restart/shutdown button, and if I try through the command line, I have this message :

```
Failed to reboot system via logind: Access denied
```

The only way to reboot is to use sudo.

Comment 25 Michael Catanzaro 2022-08-15 14:39:34 UTC
I think your entire session and/or system bus is hosed.

I guess you can try running dbus-monitor to maybe see what is going on? That is going to be a *huge* amount of spam, though... but maybe you'll spot something suspicious?

If nothing is obviously wrong, we might need to attach gdb to dbus-broker.

Comment 26 Lyes Saadi 2022-08-15 14:44:25 UTC
I rebooted, but when I tried running dbus-monitor, it wasn't spamming. There were new messages every second or so. So, to be expected for a system bus.

Comment 27 Michael Catanzaro 2022-08-15 15:34:29 UTC
Anyway, even though we have not found the underlying cause of what's going wrong for you, there are still multiple gnome-control-center bugs here. gnome-control-center shouldn't freeze. gnome-control-center shouldn't emit criticals. Criticals are always programmer error: a D-Bus service being down should not be enough to cause them.

Comment 28 Matthias Clasen 2022-08-15 15:54:44 UTC
I think it would be useful to see a full journal from around the time that this breakage happens.

Comment 29 Lyes Saadi 2022-08-15 16:18:55 UTC
The issue is that it is hard to know exactly when the breakage happens. But, I could send the entire file of my last boot, which is quite "short" (only ~26 000 lines). The issue is that it is kinda revealing a huge chunk of home folder content due to some tracker-miner-fs logs (which represents 11 000 of the lines of the file, btw). Should we make this bug report private or create a new private one for the sake of this bug report?

Comment 31 Michael Catanzaro 2022-08-15 16:35:44 UTC
Comment on attachment 1905615 [details]
journald logs

I'll make the attachment private so that it's only visible to Red Hat. If any other Fedora contributor wants to see it, just ask.

I don't think there's any reason to restrict access to the rest of this bug.

Comment 32 Michael Catanzaro 2022-08-15 17:55:18 UTC
Matthias noticed:

août 15 11:01:31 lyes-pc polkitd[1296]: Error evaluating authorization rules
août 15 11:01:31 lyes-pc polkitd[1296]: Error evaluating authorization rules

which is bad. Can you please show us what files you have in /etc/polkit-1/rules.d and /usr/share/polkit-1/rules.d? Maybe something suspicious will be there? Also 'rpm -qi polkit' to show what version and release you have installed.

Comment 33 Lyes Saadi 2022-08-15 18:02:59 UTC
> I'll make the attachment private so that it's only visible to Red Hat. If any other Fedora contributor wants to see it, just ask.

Thanks, didn't know that was possible.

> Can you please show us what files you have in /etc/polkit-1/rules.d and /usr/share/polkit-1/rules.d?

```
[root@lyes-pc lyes]# cd /etc/polkit-1/rules.d/
[root@lyes-pc rules.d]# ls
49-polkit-pkla-compat.rules  50-default.rules
[root@lyes-pc rules.d]# cat *
polkit.addAdminRule(function(action, subject) {
	//polkit.log('Starting pkla-admin-identities\n');
	// Let exception, if any, propagate to the JS authority
	var res = polkit.spawn(['/usr/bin/pkla-admin-identities']);
	//polkit.log('Got "' + res.replace(/\n/g, '\\n') + '"\n');
	if (res == '')
		return null;
	var identities = res.split('\n');
	//polkit.log('Identities: ' + identities.join(',') + '\n');
	if (identities[identities.length - 1] == '')
		identities.pop()
	//polkit.log('Returning: ' + identities.join(',') + '\n');
	return identities;
});

polkit.addRule(function(action, subject) {
	var params = ['/usr/bin/pkla-check-authorization',
		      subject.user, subject.local ? 'true' : 'false',
		      subject.active ? 'true' : 'false', action.id];
	//polkit.log('Starting ' + params.join(' ') + '\n');
	var res = polkit.spawn(params);
	//polkit.log('Got "' + res.replace(/\n/g, '\\n') + '"\n');
	if (res == '')
		return null;
	return res.replace(/\n$/, '');
});
/* -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- */

// DO NOT EDIT THIS FILE, it will be overwritten on update
//
// Default rules for polkit
//
// See the polkit(8) man page for more information
// about configuring polkit.

polkit.addAdminRule(function(action, subject) {
    return ["unix-group:wheel"];
});
[root@lyes-pc rules.d]# cd /usr/share/polkit-1/rules.d/
[root@lyes-pc rules.d]# ls
20-gnome-initial-setup.rules
50-libvirt.rules
com.endlessm.ParentalControls.rules
gnome-control-center.rules
org.a11y.brlapi.rules
org.fedoraproject.FirewallD1.desktop.rules.choice
org.fedoraproject.FirewallD1.rules
org.fedoraproject.thirdparty.rules
org.freedesktop.bolt.rules
org.freedesktop.Flatpak.rules
org.freedesktop.fwupd.rules
org.freedesktop.GeoClue2.rules
org.freedesktop.packagekit.rules
org.gtk.vfs.file-operations.rules
systemd-networkd.rules
[root@lyes-pc rules.d]# cat *
// -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-
//
// DO NOT EDIT THIS FILE, it will be overwritten on update.
//
// Allow the gnome-initial-setup user to do certain actions without
// being interrupted by password dialogs

polkit.addRule(function(action, subject) {
    if (subject.user !== 'gnome-initial-setup')
        return undefined;

    var actionMatches = (action.id.indexOf('org.freedesktop.hostname1.') === 0 ||
                         action.id.indexOf('org.freedesktop.NetworkManager.') === 0 ||
                         action.id.indexOf('org.freedesktop.locale1.') === 0 ||
                         action.id.indexOf('org.freedesktop.accounts.') === 0 ||
                         action.id.indexOf('org.freedesktop.timedate1.') === 0 ||
                         action.id.indexOf('org.freedesktop.realmd.') === 0 ||
                         action.id.indexOf('com.endlessm.ParentalControls.') === 0 ||
                         action.id.indexOf('org.fedoraproject.thirdparty.') === 0);

    if (actionMatches) {
        if (subject.local)
            return 'yes';
        else
            return 'auth_admin';
    }

    return undefined;
});
// Allow any user in the 'libvirt' group to connect to system libvirtd
// without entering a password.

polkit.addRule(function(action, subject) {
    if (action.id == "org.libvirt.unix.manage" &&
        subject.isInGroup("libvirt")) {
        return polkit.Result.YES;
    }
});
/*
 * Copyright © 2019 Endless Mobile, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 *
 * Authors:
 *  - Philip Withnall <withnall>
 */

polkit.addRule(function(action, subject) {
    /* Allow administrators to read parental controls (for any account) without
     * needing an additional polkit authorisation dialogue. */
    if ((action.id == "com.endlessm.ParentalControls.AppFilter.ReadOwn" ||
         action.id == "com.endlessm.ParentalControls.AppFilter.ReadAny" ||
         action.id == "com.endlessm.ParentalControls.SessionLimits.ReadOwn" ||
         action.id == "com.endlessm.ParentalControls.SessionLimits.ReadAny") &&
        subject.active && subject.local &&
        subject.isInGroup("wheel")) {
            return polkit.Result.YES;
    }

    return polkit.Result.NOT_HANDLED;
});
polkit.addRule(function(action, subject) {
	if ((action.id == "org.freedesktop.locale1.set-locale" ||
	     action.id == "org.freedesktop.locale1.set-keyboard" ||
	     action.id == "org.freedesktop.ModemManager1.Device.Control" ||
	     action.id == "org.freedesktop.hostname1.set-static-hostname" ||
	     action.id == "org.freedesktop.hostname1.set-hostname" ||
	     action.id == "org.gnome.controlcenter.datetime.configure") &&
	    subject.local &&
	    subject.active &&
	    subject.isInGroup ("wheel")) {
		    return polkit.Result.YES;
	    }
});
polkit.addRule(function(action, subject) {
  if (action.id == "org.a11y.brlapi.write-display") {
    if (subject.isInGroup("brlapi")) {
      return polkit.Result.YES;
    }
  }
});
// firewalld authorizations/policy for the wheel group.
//
// DO NOT EDIT THIS FILE, it will be overwritten on update.
//
// Allow users in the wheel group to use firewalld without being 
// interrupted by a password dialog

polkit.addRule(function(action, subject) {
    if ((action.id == "org.fedoraproject.FirewallD1.config" ||
	 action.id == "org.fedoraproject.FirewallD1.direct" ||
         action.id == "org.fedoraproject.FirewallD1.ipset" ||
         action.id == "org.fedoraproject.FirewallD1.policy" ||
         action.id == "org.fedoraproject.FirewallD1.zone") &&
	 subject.active == true && subject.local == true &&
         subject.isInGroup("wheel")) {
         return polkit.Result.YES;
    }
});
// firewalld authorizations/policy for the wheel group.
//
// DO NOT EDIT THIS FILE, it will be overwritten on update.
//
// Allow users in the wheel group to use firewalld without being 
// interrupted by a password dialog

polkit.addRule(function(action, subject) {
    if ((action.id == "org.fedoraproject.FirewallD1.config" ||
	 action.id == "org.fedoraproject.FirewallD1.direct" ||
         action.id == "org.fedoraproject.FirewallD1.ipset" ||
         action.id == "org.fedoraproject.FirewallD1.policy" ||
         action.id == "org.fedoraproject.FirewallD1.zone") &&
	 subject.active == true && subject.local == true &&
         subject.isInGroup("wheel")) {
         return polkit.Result.YES;
    }
});
// Allow the initial opt-out from the "unset" state to happen without an
// authentication dialog.
polkit.addRule(function(action, subject) {
    if (action.id == "org.fedoraproject.thirdparty.opt-out" &&
        subject.active == true && subject.local == true &&
        subject.isInGroup("wheel")) {
            return polkit.Result.YES;
    }

    return polkit.Result.NOT_HANDLED;
});
// -*- mode: js2 -*-
polkit.addRule(function(action, subject) {
    if ((action.id === "org.freedesktop.bolt.enroll" ||
	 action.id === "org.freedesktop.bolt.authorize" ||
	 action.id === "org.freedesktop.bolt.manage") &&
        subject.active === true && subject.local === true &&
        subject.isInGroup("wheel")) {
            return polkit.Result.YES;
    }
});
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.Flatpak.app-install" ||
         action.id == "org.freedesktop.Flatpak.runtime-install"||
         action.id == "org.freedesktop.Flatpak.app-uninstall" ||
         action.id == "org.freedesktop.Flatpak.runtime-uninstall" ||
         action.id == "org.freedesktop.Flatpak.modify-repo") &&
        subject.active == true && subject.local == true &&
        subject.isInGroup("wheel")) {
            return polkit.Result.YES;
    }

    return polkit.Result.NOT_HANDLED;
});

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.Flatpak.override-parental-controls") {
            return polkit.Result.AUTH_ADMIN;
    }

    return polkit.Result.NOT_HANDLED;
});
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.fwupd.update-internal" &&
        subject.active == true && subject.local == true &&
        subject.isInGroup("wheel")) {
            return polkit.Result.YES;
    }
});
polkit.addRule(function(action, subject) {
        if ((action.id == "org.freedesktop.ModemManager1.Device.Control" ||
             action.id == "org.freedesktop.ModemManager1.Location") &&
            subject.user == "geoclue") {
                return polkit.Result.YES;
        }
});
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.packagekit.package-install" ||
         action.id == "org.freedesktop.packagekit.package-remove") &&
        subject.active == true && subject.local == true &&
        subject.isInGroup("wheel")) {
            return polkit.Result.YES;
    }
});
// Allows users belonging to privileged group to start gvfsd-admin without
// authorization. This prevents redundant password prompt when starting
// gvfsd-admin. The gvfsd-admin causes another password prompt to be shown
// for each client process using the different action id and for the subject
// based on the client process.
polkit.addRule(function(action, subject) {
        if ((action.id == "org.gtk.vfs.file-operations-helper") &&
            subject.local &&
            subject.active &&
            subject.isInGroup ("wheel")) {
            return polkit.Result.YES;
        }
});
// This file is part of systemd.
// See systemd-networkd.service(8) and polkit(8) for more information.

// Allow systemd-networkd to set timezone, get product UUID,
// and transient hostname
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.hostname1.set-hostname" ||
         action.id == "org.freedesktop.hostname1.get-product-uuid" ||
         action.id == "org.freedesktop.timedate1.set-timezone") &&
        subject.user == "systemd-network") {
        return polkit.Result.YES;
    }
});
```

> Also 'rpm -qi polkit' to show what version and release you have installed.

```
❯ rpm -qi polkit
Name        : polkit
Version     : 121
Release     : 3.fc37
Architecture: x86_64
Install Date: lun. 08 août 2022 19:37:55
Group       : Unspecified
Size        : 463123
License     : LGPLv2+
Signature   : RSA/SHA256, mar. 02 août 2022 16:25:01, Key ID f55ad3fb5323552a
Source RPM  : polkit-121-3.fc37.src.rpm
Build Date  : mar. 02 août 2022 16:22:32
Build Host  : buildvm-x86-17.iad2.fedoraproject.org
Packager    : Fedora Project
```

Comment 34 Matthias Clasen 2022-08-15 18:18:48 UTC
I've also noticed: polkitd[1296]: Terminating runaway script

and that seems to be the cause for the subsequent polkit errors.

I have no idea how this could happen though. Unless polkit gets confused about timestamps, because of: chronyd[1455]: Forward time jump detected!

Comment 35 Michael Catanzaro 2022-08-15 18:26:48 UTC
At first I suspected mozjs -> duktape, but 121-3.fc37 actually has the duktape backend disabled. It's not reenabled until 121-4.fc37. Also, this bug was reported one day before Fedora switched to duktape.

I wonder if it's a red herring. :/ If polkit needs to perform any D-Bus calls when executing JavaScript, then those will time out and it would look just like runaway JS. Hard to know if this is the actual problem or just another symptom.

Comment 36 Matthias Clasen 2022-08-15 18:43:57 UTC
> polkit needs to perform any D-Bus calls when executing JavaScript

I don't think there is anything in polkit rules that makes dbus calls though.

Comment 37 Kalev Lember 2022-08-15 18:50:25 UTC
I suspect this may be caused by the same fd leak as https://bugzilla.redhat.com/show_bug.cgi?id=2109145 . Could you test the fixed glib2 build, and see if it helps with this issue? https://koji.fedoraproject.org/koji/buildinfo?buildID=2046028

Comment 38 Lyes Saadi 2022-08-16 00:25:33 UTC
Hello Kalev!

That description is indeed very similar to what's happening. My guess is that they just didn't test Flatpaks and gnome-control-center xD!

Comment 39 Lyes Saadi 2022-08-22 00:01:27 UTC
Never hit that bug since. I'd say it's safe to close this :)!

Comment 40 Michael Catanzaro 2022-08-22 00:23:06 UTC
Heh, that was a tricky one....

*** This bug has been marked as a duplicate of bug 2109145 ***

Comment 41 Josh Berkus 2022-09-02 02:36:21 UTC
I can no longer reproduce this bug either, just to confirm.


Note You need to log in before you can comment on or make changes to this bug.