buster – elogind and policykit-1

[Forum Admin dolphin_oracle]

I’ve been playing around with a antiX 17 install upgraded to testing/buster. When another user here posted about install network-manager, I went ahead and installed on my testing usb to see how it would work.

and it didn’t. I originally thought the problem was network manager, but now I think the problem is mis-match between the current elogind and policykit-1 provided by the buster/testing nosystemd repo.

there appears to have been some change in policykit and a new patch may be required. I looked in the source packages provided in the antiX repo and didn’t see this particular one, so maybe this is the right one, and maybe its not.

https://github.com/elogind/elogind/issues/54

this kind of stuff really isn’t my bally-wick, but I know some other users here know a bit about this stuff so I thought I would post.

side note:

I was able to get pkexec functions to work in antiX-testing by installing and manually running lxpolkit at startup. For instance, to launch synaptic-pkexec and gparted-pkexec, but I think this is not an optimal solution and at any rate doesn’t help packages that might be using policykit internally.

• This topic was modified 4 years, 2 months ago by dolphin_oracle.

[Anonymous]

Helpful

Up

0

::

/var/log/daemon.log

[Anonymous]

Helpful

Up

0

::

configuration file?
package “network-manager” installs a file here:
/var/lib/polkit-1/10-vendor.d/org.freedesktop.NetworkManager.pkla

I would have expected that file belongs here:
/etc/polkit-1/localauthority/50-local.d/org.freedesktop.NetworkManager.pkla
but that dir is empty

[Forum Admin dolphin_oracle]

Helpful

Up

0

::

good idea.

that file location in stretch is

/var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla

I need to double check the buster version.

***edit*** I think you just misseed the localauthority when you typed out the path. the pkla file is in the same location on stretch and buster.

However

I can tell you that NetworkManager does launch and stay working under systemd, so that brings me back to policykit-1 and the elogind session manager.

• This reply was modified 4 years, 2 months ago by dolphin_oracle.

[Forum Admin Dave]

Helpful

Up

0

::

I am wondering if the user needs to be in a network manager authorized group and is not.

I would check the user’s groups and see if there is a network manager related on tha the user should be added to. If that does not work try and read the configuration file the error refers to to see why the user may be denied by the configuration. /etc/NetworkManager/NetworkManager.conf. Maybe this path for the dbus allow file is not proper without systemd?
/etc/dbus-1/system.d/NetworkManager.conf
Which Iiuc is what actually sets the allowances to the dbus policies written in the other files.

Edit: to kind of kill off the idea of a policykit / elogind problems. Perhaps try installing another programs that requires these functions and see if it has the same issues?

• This reply was modified 4 years, 2 months ago by Dave.

Computers are like air conditioners. They work fine until you start opening Windows. ~Author Unknown

[Forum Admin dolphin_oracle]

Helpful

Up

0

::

Dave wrote:

I am wondering if the user needs to be in a network manager authorized group and is not.

I would check the user’s groups and see if there is a network manager related on tha the user should be added to. If that does not work try and read the configuration file the error refers to to see why the user may be denied by the configuration. /etc/NetworkManager/NetworkManager.conf. Maybe this path for the dbus allow file is not proper without systemd?
/etc/dbus-1/system.d/NetworkManager.conf
Which Iiuc is what actually sets the allowances to the dbus policies written in the other files.

Edit: to kind of kill off the idea of a policykit / elogind problems. Perhaps try installing another programs that requires these functions and see if it has the same issues?

network-manager (the daemon, not the applet) runs during init before a user logs in. The problem is that it immediately exits, despite the init messages reporting success.

as for other applications, open up synaptic-pkexec on an antiX/testing and you’ll see more problems.

[Moderator caprea]

Helpful

Up

0

::

Regarding to the error logs in /var/log/daemon.log posted by skidoo
bus-manager: fatal failure to acquire D-Bus service "org.freedesktop.NetworkManager: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Connection ":1.20" is not allowed to own the service "org.freedesktop.NetworkManager" due to security policies in the configuration file

On the stable antiX, where NM runs without problems, this is in /etc/dbus-1/system.d

$ ls /etc/dbus-1/system.d/
avahi-dbus.conf                          gufw.Daemon.conf
bluetooth.conf                           nm-dispatcher.conf
com.hp.hplip.conf                        org.freedesktop.NetworkManager.conf
com.redhat.NewPrinterNotification.conf   org.freedesktop.PolicyKit1.conf
com.redhat.PrinterDriversInstaller.conf  org.freedesktop.UDisks2.conf
ConsoleKit.conf                          wicd.conf
fskbsetting.Daemon.conf                  wpa_supplicant.conf

and this is on antiX-testing-repos installation. NM doesn’t work.

$ ls /etc/dbus-1/system.d
avahi-dbus.conf                          ConsoleKit.conf
bluetooth.conf                           fskbsetting.Daemon.conf
com.hp.hplip.conf                        gufw.Daemon.conf
com.redhat.NewPrinterNotification.conf   wicd.conf
com.redhat.PrinterDriversInstaller.conf  wpa_supplicant.conf

No org.freedesktop.NetworkManager.conf and no nm.dispatcher.conf at all has been created on antiX-testing-system.

Then I installed the network-manager from stable 1.6.2-3+deb9u2.0nosystemd1 on an antiX-installation with testing-repos, it wasn’t so hard to do, I had to remove ppp and wvdial. then it was possible.
And voila

$ sudo service network-manager status
[ ok ] NetworkManager is running.

So maybe it’s indeed a problem of the NM-version in testing.

@d_o, the problems you mentioned with synaptic-pkexec are also visible on stable.

[Forum Admin dolphin_oracle]

Helpful

Up

0

::

caprea wrote:

Regarding to the error logs in /var/log/daemon.log posted by skidoo
bus-manager: fatal failure to acquire D-Bus service "org.freedesktop.NetworkManager: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Connection ":1.20" is not allowed to own the service "org.freedesktop.NetworkManager" due to security policies in the configuration file

On the stable antiX, where NM runs without problems, this is in /etc/dbus-1/system.d

$ ls /etc/dbus-1/system.d/
avahi-dbus.conf                          gufw.Daemon.conf
bluetooth.conf                           nm-dispatcher.conf
com.hp.hplip.conf                        org.freedesktop.NetworkManager.conf
com.redhat.NewPrinterNotification.conf   org.freedesktop.PolicyKit1.conf
com.redhat.PrinterDriversInstaller.conf  org.freedesktop.UDisks2.conf
ConsoleKit.conf                          wicd.conf
fskbsetting.Daemon.conf                  wpa_supplicant.conf

and this is on antiX-testing-repos installation. NM doesn’t work.

$ ls /etc/dbus-1/system.d
avahi-dbus.conf                          ConsoleKit.conf
bluetooth.conf                           fskbsetting.Daemon.conf
com.hp.hplip.conf                        gufw.Daemon.conf
com.redhat.NewPrinterNotification.conf   wicd.conf
com.redhat.PrinterDriversInstaller.conf  wpa_supplicant.conf

No org.freedesktop.NetworkManager.conf and no nm.dispatcher.conf at all has been created on antiX-testing-system.

Then I installed the network-manager from stable 1.6.2-3+deb9u2.0nosystemd1 on an antiX-installation with testing-repos, it wasn’t so hard to do, I had to remove ppp and wvdial. then it was possible.
And voila

$ sudo service network-manager status
[ ok ] NetworkManager is running.

So maybe it’s indeed a problem of the NM-version in testing.

@d_o, the problems you mentioned with synaptic-pkexec are also visible on stable.

good research caprea!

the only thing that bugs me is that policykit is shown in your stable antiX example, but not in testing example. So I’m thinking some stuff has moved around. I’ll try moving some of those files into /etc/dbus-1/system.d and see what happens.

[Forum Admin anticapitalista]

Helpful

Up

0

::

Running antiX testing.

I did the same as caprea, saved these 2 files that got installed to /etc/dbus-1/system.d (nm-dispatcher.conf and org.freedesktop.NetworkManager.conf).
It works and on reboot (running frugal).

Then I did apt-get dist-upgrade to get the network-manager version in testing and copied those 2 files back into /etc/dbus-1/system.d (they re not in testing/network-manager), ran nmtui and connected. Reboot and nm is running!
No changes made to policykit so the error is in network-manager.

I’ll get a fix asap.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Forum Admin anticapitalista]

Helpful

Up

0

::

Just to show –

pmem 
 Private  +   Shared  =  RAM used	Program

148.0 KiB +  29.5 KiB = 177.5 KiB	ifplugd
204.0 KiB +  37.5 KiB = 241.5 KiB	gpm
244.0 KiB +  62.5 KiB = 306.5 KiB	init
208.0 KiB + 179.5 KiB = 387.5 KiB	icewm-session
304.0 KiB + 113.5 KiB = 417.5 KiB	dbus-launch
364.0 KiB + 218.5 KiB = 582.5 KiB	udevil
432.0 KiB + 325.5 KiB = 757.5 KiB	devmon
468.0 KiB + 342.5 KiB = 810.5 KiB	desktop-session
520.0 KiB + 395.5 KiB = 915.5 KiB	gconfd-2
512.0 KiB + 416.5 KiB = 928.5 KiB	su
704.0 KiB + 470.5 KiB =   1.1 MiB	at-spi-bus-launcher
  1.2 MiB + 105.5 KiB =   1.3 MiB	elogind-daemon
800.0 KiB + 551.0 KiB =   1.3 MiB	getty (6)
884.0 KiB + 481.5 KiB =   1.3 MiB	at-spi2-registryd
912.0 KiB + 571.5 KiB =   1.4 MiB	icewmbg
  1.1 MiB + 563.5 KiB =   1.6 MiB	dbus-daemon (3)
  1.8 MiB +  53.5 KiB =   1.9 MiB	udevd
  1.4 MiB + 491.5 KiB =   1.9 MiB	polkitd
  1.4 MiB + 516.5 KiB =   1.9 MiB	console-kit-daemon
  1.3 MiB +   1.3 MiB =   2.6 MiB	gksu
  2.0 MiB + 872.0 KiB =   2.9 MiB	bash (2)
  2.1 MiB + 890.5 KiB =   2.9 MiB	dhclient
  3.2 MiB +  30.5 KiB =   3.2 MiB	haveged
  2.5 MiB +   1.2 MiB =   3.6 MiB	slim
  3.0 MiB + 914.5 KiB =   3.9 MiB	wpa_supplicant
  2.8 MiB +   1.1 MiB =   3.9 MiB	conky
  2.0 MiB +   2.6 MiB =   4.6 MiB	volumeicon
  5.7 MiB + 978.5 KiB =   6.7 MiB	NetworkManager
  3.8 MiB +   3.5 MiB =   7.3 MiB	rox
  4.7 MiB +   3.4 MiB =   8.2 MiB	icewm
  4.9 MiB +   5.1 MiB =  10.0 MiB	roxterm
 36.3 MiB +   1.6 MiB =  38.0 MiB	Xorg
---------------------------------
                        116.9 MiB
=================================

and

pstree
init─┬─NetworkManager─┬─dhclient
     │                └─2*[{NetworkManager}]
     ├─at-spi-bus-laun─┬─dbus-daemon
     │                 └─3*[{at-spi-bus-laun}]
     ├─at-spi2-registr───2*[{at-spi2-registr}]
     ├─conky───6*[{conky}]
     ├─console-kit-dae───64*[{console-kit-dae}]
     ├─2*[dbus-daemon]
     ├─dbus-launch
     ├─devmon───udevil
     ├─elogind-daemon
     ├─gconfd-2
     ├─6*[getty]
     ├─gksu───roxterm─┬─bash───su───bash
     │                ├─bash───pstree
     │                └─{roxterm}
     ├─gksu───firefox-esr─┬─Web Content───21*[{Web Content}]
     │                    ├─Web Content───15*[{Web Content}]
     │                    └─61*[{firefox-esr}]
     ├─gpm
     ├─haveged
     ├─ifplugd
     ├─polkitd───2*[{polkitd}]
     ├─rox
     ├─slim─┬─Xorg───3*[{Xorg}]
     │      └─desktop-session───icewm-session─┬─icewm
     │                                        └─icewmbg
     ├─udevd
     ├─volumeicon
     └─wpa_supplicant

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Forum Admin anticapitalista]

Helpful

Up

0

::

d_o, does network-manager in Debian buster not work ootb on buster MX?
You only get antiX nosystemd version of network-manager and policykit-1 if the nosystemd repos are enabled.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Forum Admin anticapitalista]

Helpful

Up

0

::

New bugfix debs uploaded to testing/nosystemd, and sid/nosystemd

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Forum Admin dolphin_oracle]

Helpful

Up

0

::

Right now I do have a MX/Buster using sysVinit. its using the antiX nosystemd repo because its almost impossible to build with sysVinit any other way due to the removal of systemd-shim. just too much stuff in the debian repo relying on libpam-systemd. I haven’t messed with it much since I was already working with the antiX testing live-USB.

right now the gnome policykit authentication agent doesn’t work either (nor does the lxpolkit one that works in antiX), as well as Network Manager (although as you indicate may be fixed now).

• This reply was modified 4 years, 2 months ago by dolphin_oracle.

[Forum Admin anticapitalista]

Helpful

Up

0

::

Fixed network-manager should now be in the repos.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Forum Admin anticapitalista]

Helpful

Up

0

::

Reading the changelog of policykit-1, network-manager *should* have worked without my recent change, which was basically to add the 2 files caprea mentioned back into /etc/dbus-1/nosystemd.

This is from policykit-1 changelog

policykit-1 (0.105-22) unstable; urgency=medium

  * Move D-Bus policy file to /usr/share/dbus-1/system.d/
    To better support stateless systems with an empty /etc, the old location
    in /etc/dbus-1/system.d/ should only be used for local admin changes.
    Package provided D-Bus policy files are supposed to be installed in
    /usr/share/dbus-1/system.d/.
    This is supported since dbus 1.9.18.
  * Remove obsolete conffile
    /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades
  * Bump Standards-Version to 4.2.1
  * Remove Breaks for versions older than oldstable
  * Stop masking polkit.service during the upgrade process.
    This is no longer necessary with the D-Bus policy file being installed
    in /usr/share/dbus-1/system.d/. (Closes: #902474)
  * Use dh_installsystemd to restart polkit.service after an upgrade.
    This replaces a good deal of hand-written maintscript code.

• This reply was modified 4 years, 2 months ago by anticapitalista.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.

[Author]

Posts