Description of problem: Running sealert -b from terminal on a fullt updated lxde f13 spin ( 20100307 ) results in this.. Mar 9 12:26:30 localhost dbus: Rejected send message, 2 matched rules; type="method_call", sender=":1.51" (uid=500 pid=1920 comm="/usr/bin/python) interface="org.freedesktop.DBus.Introspectable" member="Introspect" error name="(unset)" requested_reply=0 destination=":1.52" (uid=0 pid=1922 comm="/usr/bin/python)) Mar 9 12:26:30 localhost setroubleshoot: [dbus.proxies.ERROR] Introspect error on :1.52:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 2 matched rules; type="method_call", sender=":1.51" (uid=500 pid=1920 comm="/usr/bin/python) interface="org.freedesktop.DBus.Introspectable" member="Introspect" error name="(unset)" requested_reply=0 destination=":1.52" (uid=0 pid=1922 comm="/usr/bin/python)) Mar 9 12:26:30 localhost dbus: Rejected send message, 2 matched rules; type="method_call", sender=":1.51" (uid=500 pid=1920 comm="/usr/bin/python) interface="org.fedoraproject.SetroubleshootdIface" member="start" error name="(unset)" requested_reply=0 destination=":1.52" (uid=0 pid=1922 comm="/usr/bin/python)) Mar 9 12:26:30 localhost setroubleshoot: [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 2 matched rules; type="method_call", sender=":1.51" (uid=500 pid=1920 comm="/usr/bin/python) interface="org.fedoraproject.SetroubleshootdIface" member="start" error name="(unset)" requested_reply=0 destination=":1.52" (uid=0 pid=1922 comm="/usr/bin/python)) Mar 9 12:26:30 localhost dbus: Rejected send message, 2 matched rules; type="method_call", sender=":1.51" (uid=500 pid=1920 comm="/usr/bin/python) interface="org.fedoraproject.SetroubleshootdIface" member="finish" error name="(unset)" requested_reply=0 destination=":1.52" (uid=0 pid=1922 comm="/usr/bin/python)) Mar 9 12:26:30 localhost setroubleshoot: [dbus.proxies.ERROR] Introspect error on :1.19:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus) Mar 9 12:26:30 localhost setroubleshoot: [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.19 was not provided by any .service files abrt-gui also fails with "Error while loading the dumplist org.freedesktop.DBus.error.NOreply How reproducible: Always Steps to Reproduce: 1. Start application that require dbus? 2. 3. Actual results: Fail Expected results: Working application and a pony Additional info: F13 fully updated LXDE Spin
Looks like a problem with setroubleshoot to me.
David, do you have any idea what is wrong with setroublshoot then?
(In reply to comment #2) > David, do you have any idea what is wrong with setroublshoot then? It looks like you are not allowing access to the D-Bus interface org.freedesktop.DBus.Introspectable. Previously this access was granted by default but IIRC someone decided that behavior was too promiscuous. So you need to explicitly grant access now, see e.g. /etc/dbus-1/system.d/org.freedesktop.UDisks.conf for details.
Created attachment 399091 [details] Replacement dbus confi. Johann Could you copy the attached file to /etc/dbus-1/system.d/org.fedoraproject.Setroubleshootd.conf And see if this fixes the problem.
Did not change anything and actually after a fresh reboot test the filed caused dbus to fail ( and everything that depends on it ) with all kinds of weirdness so I cat >> your file into the original one and even removed the deny entry's still nothing :/ I also allowed for org.fedoraproject.SetroubleshootdIface and even added those entry's also to "at_console" still nothing. I'm wondering if we are adding this to the right file? Looking at several files that have the Introspectable entry it should not be more pain in the ass other than adding <policy context="default"> <allow send_destination="org.fedoraproject.Setroubleshootd> send_interface="org.freedesktop.DBus.Introspectable"/> </policy> This stuff should just automatically deny all so you only have to add allow entry's in the conf files and it's also a bit wierd that you cant define send_interfaces that go to the same send_destination like.. <policy context="pony"/> <allow send_destination="bla" send_interface="bla-one" send_interface="bla-two" send_interface="bla-three"/> </policy> Unless you actually can and everyone got it wrong but then again there must be some good reason for doing this, this way..
Did adding <policy context="default"> <allow send_destination="org.fedoraproject.Setroubleshootd> send_interface="org.freedesktop.DBus.Introspectable"/> </policy> And removing the deny work? I am not seeing the problem here
Nope. See attached file for full dbus selinux issues.
Created attachment 399400 [details] Selinux dbus errors
Is this caused because consolekit does not say you are at the console.
What version of setroubleshoot are you using?
Installed version is 2.2.64-1 Perhaps this is something related to the F13 LXDE spin only. What spin are you using that this does not happen on?
ConsoleKit-0.4.1-5 is installed setools-console was not installed. Installed it to no prevail ( dbus errors still present ) sealert -l <alert> works if you execute the command from cli on tty2 however it does not work if you run it from LXDE terminal. Note that as of F13 LXDE uses it's own login manager now instead of gdm or kdm
Does /var/run/console have any files in it? It should have a file with your username.
I am not using LXDE. I am using gnome/gdm. I am questioning whether the system thinks you are not logged into the console. That is why it will not allow sealert to send messages to setroubleshoot. Since the dbus rules say you must be on the console to do this.
What does ck-list-sessions return when you are logged into LXDE?
/var/run/console does not have any files in it after login.... [root@localhost ~]#ls -alhZ /var/run/console drwxr-xr-x. root root system_u:object_r:pam_var_console_t:s0 . drwxr-xr-x. root root system_u:object_r:var_run_t:s0 .. Output from ck-list-sessions [root@localhost ~]#ck-list-sessions Session1: unix-user = '500' realname = 'Jóhann B. Guðmundsson' seat = 'Seat1' session-type = '' active = FALSE x11-display = ':0' x11-display-device = '/dev/tty1' display-device = '/dev/tty1' remote-host-name = '' is-local = TRUE on-since = '2010-03-12T08:49:33.157980Z' login-session-id = '' Session2: unix-user = '0' realname = 'root' seat = 'Seat1' session-type = '' active = TRUE x11-display = '' x11-display-device = '' display-device = '/dev/tty2' remote-host-name = '' is-local = TRUE on-since = '2010-03-12T08:49:47.662879Z' login-session-id = '1'
Which I believe means consolekit thinks you are not logged into the console.
(In reply to comment #16) > [root@localhost ~]#ck-list-sessions I asked for the output of ck-list-sessions when *you* are logget *into LXDE*, but you are running the command as root in a vt. Logged into LXDE as user it should look like this: Session2: unix-user = '500' realname = 'Christoph Wickert' seat = 'Seat1' session-type = '' active = TRUE x11-display = ':0' x11-display-device = '/dev/tty1' display-device = '' remote-host-name = '' is-local = TRUE on-since = '2010-03-15T15:00:50.138251Z' login-session-id = '1' (In reply to comment #17) > Which I believe means consolekit thinks you are not logged into the console. What makes you think so? Looks similar to me (except of the active/inactive thins but this is because Jóhann was working as root on the console) and I don't have any problems.
@Christoph Not sure how that's relevant but definitely my bad and here is the output from within lxde [johannbg@valhalla ~]$ck-list-sessions Session1: unix-user = '500' realname = 'Jóhann B. Guðmundsson' seat = 'Seat1' session-type = '' active = TRUE x11-display = ':0' x11-display-device = '/dev/tty1' display-device = '/dev/tty1' remote-host-name = '' is-local = TRUE on-since = '2010-03-15T17:06:34.109563Z' login-session-id = ''
Thanks a lot. Except of login-session-id this is just what I see but I don't have any problems here on F12.
Can you boot with enforcing=0 to see if this is a selinux issue?
Did not change anything. Dbus is still complaining. I also did a fresh LXDE ( lxde-x86_64-20100322.18.iso ) install on a VM to rule out any potential fuckup I could have made and the error is present there as well. Daniel mentioned in comment 13 that there should be a file with the user username in /var/run/console which is missing so it looks like LXDM does not create it @ login ( That is if it is LXDM that's supposed to create it ). According to http://www.freedesktop.org/software/ConsoleKit/doc/ConsoleKit.html Graphical Login Manager In addition to the requirements for the Text Graphical Login Manager, this pattern is typically used to show information about currently open sessions. It needs: 1. To determine which Seat it is running on. 2. To know if the current seat supports session switching. 3. A list of all sessions on the current Seat. 4. To know which session is active for the current Seat. 5. To know when the session active state changes. 6. To know when sessions are added or removed. 7. Access to the metadata for any open Session. You might wanna ping "dgod" to see if LXDM supports the dbus stuff..
And by dbus I mean consolekit/dbus..
Should be fine in the latest version, please test.
lxdm-0.2.0-0.1.20100405gitd65ce94.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/lxdm-0.2.0-0.1.20100405gitd65ce94.fc13
lxdm-0.2.0-0.1.20100405gitd65ce94.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/lxdm-0.2.0-0.1.20100405gitd65ce94.fc12
Confirmed that lxdm-0.2.0-0.1.20100405gitd65ce94.fc13 fixes this and a whole bunch of other stuff ( opening terminal then running su does not take forever abrt has started working.. etc ) Note that selinux-policy might needed to be updated for this update.. ( had to setenforce 0 to be able to login ) and login out and back in does not work.
The SELinux problems are suppose to be fixed at least twice now, at least I was promised. However I see two alerts left. See bug 564320 for more info. Please add your alerts there.
lxdm-0.2.0-0.2.20100405gitd65ce94.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update lxdm'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/lxdm-0.2.0-0.2.20100405gitd65ce94.fc13
lxdm-0.2.0-0.2.20100405gitd65ce94.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update lxdm'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/lxdm-0.2.0-0.2.20100405gitd65ce94.fc12
lxdm-0.2.0-0.3.20100405gitd65ce94.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
lxdm-0.2.0-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.