On Tue, 2022-05-17 at 06:51 +0000, Fr�d�ric Martinsons via
networkmanager-list wrote:
> Hello,
> I used NM 1.32.12 in an embedded environment, I have another daemon
> which is responsible for creating and monitoring connection profiles
> via libnm. I recently experienced errors I cannot understand, I
> received an error "Unable to determine UID of the request" in the
> completion callback of nm_client_add_connection_async.
> Looking at the code , it leads to this function
> (https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/
> 1.32.12/src/core/nm-dbus-manager.c#L1580) that return NULL.

NetworkManager usually will authenticate the request using PolicyKit.
-- unless, you set [main].auth-polkit in `man NetworkManager.conf` or
make the request as root user.

You say you don't use PolicyKit, so you set `[main].auth-polkit=false`?

NetworkManager needs to find out information about the calling process,
which usually means that the process needs to stick around long enoug
(you cannot just make the D-Bus request and quit before waiting for the
response). This is especially the case with PolicyKit enabled, but it
probably is also the case for other reasons. Well, it seems your client
tool is waiting for the D-Bus reply, so that isn't the problem.

Are you using `hidepid` mount option for procfs? It should also work
with that, but it could cause problems.

The UID NetworkManager gets from dbus-daemon. It's not clear why that
would fail. I presume, this is dbus-daemon, not dbus-broker?

I don't know what would cause it. If you don't see sufficient
information with full `level=TRACE` logs (see [1]), then maybe you
could build NM from source, and add additional print messages?


Or maybe you could run it under strace? However, that might be and 
overwhelming amount of information. I'd try patching the source and do
some printf debugging.

good luck,

> src/core/nm-dbus-manager.c · 1.32.12 · NetworkManager /
> NetworkManager
> NetworkManager — network management daemon
> gitlab.freedesktop.org
> The problem is there are no error/warning logs in NM which could help
> me to understand (so I guess the various g_return_val_if_fail used in
> the function are not reached). The only difference I see (beside the
> error of course) is the completion time between the async request and
> its response in my daemon (roughly 4 seconds in case of error instead
> of practically instant).
> From what I understand, it is related to authorization check but
> before this error, my daemon managed to create a NMClient and perform
> various getter on it.
> Several things that I can add for information:
>   - The system does not use polkit.
>   - NM runs as root and the client runs as a limited user.
>   - The problem is pretty hard to reproduce (see this two times on
> several thousand of the same sequence).
> Can you please give advice on how I can investigate more on that ?
> Maybe some particular traces to activate ?
> Thank you very much in advance for all the help you can bring.

networkmanager-list mailing list

Reply via email to