|
Bugzilla – Full Text Bug Listing |
| Summary: | Root authorisation required after TW update | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Axel Schwank <axel> |
| Component: | Security | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED INVALID | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Major | ||
| Priority: | P5 - None | CC: | matthias.gerstner |
| Version: | Current | ||
| Target Milestone: | --- | ||
| Hardware: | x86-64 | ||
| OS: | openSUSE Tumbleweed | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
Authorisation prompt for NetworkManager
Authorisation prompt for mount Journal extract after shutdown request journal.log from comment #3 polkit.log from comment #3 |
||
Created attachment 872784 [details]
Authorisation prompt for mount
Created attachment 872785 [details]
Journal extract after shutdown request
Hello and thanks for reporting this to us.
Regarding the authorisation issues security team can help to investigate. It
sounds like some kind of global setting is wrong.
Regarding the system shutdown I suppose this is a separate issue and we should
create a separate bug and find another group of people to investigate. From
the log you shared it looks like this could be a KDE issue also, since it is a
KDE specific shutdown action that is called. Otherwise the log shows no
interesting info on first sight.
I couldn't find any recent discussions on the Factory mailing list about bugs
in this direction so it might something specific to your installation.
For debugging the authorisation issues let's look into the udisks mounting.
Please perform the following steps:
1) log into the graphical session, don't provide the password for mounting
storage, if asked for.
2) open a root shell and run
G_MESSAGES_DEBUG=all /usr/libexec/polkit-1/polkitd --replace |& tee /root/polkit.log
and keep it running.
3) open another root shell and run
journalctl -f >/root/journal.log
and keep it running.
4) try to mount the storage device using udisks on the command line. This
needs to be done in a regular user shell in the graphical session:
# find out the block device you want to mount e.g. DEVICE sdb
udisksctl status
# now try to mount it
udisksctl mount -b /dev/sdb1
Step 4) should show a password dialog if the bug persists. You can enter the
password or cancel, it doesn't matter.
After this please attach the logs from /root/polkit.log and /root/journal.log
in this bug. Thanks!
Hi Matthias, thanks for your prompt reply. I didn't find anything on the Factory mailing list either, so it's reasonable to assume that the problem is installation specific. I did as requested and attached the two log files. Kind regards Axel Created attachment 872809 [details] journal.log from comment #3 Created attachment 872810 [details] polkit.log from comment #3 Thank you for providing the logs. The good news is that in general Polkit
stills seems to be sane and working. But it looks like your system has ended
up using the 'restrictive' polkit-default-privs policy. This requires a lot of
`auth_admin` compared to the 'standard' or 'easy' policy.
You can find detailed information about the configuration of Polkit here:
https://en.opensuse.org/openSUSE:Security_Documentation#Configuration_of_Polkit_Settings
You should check your settings in /etc/sysconfig/security, particularly the
setting for POLKIT_DEFAULT_PRIVS. See also the documentation found in there
about what other factors might influence the policy selected there.
Any change to the policy settings only becomes effective after running the
`set_polkit_default_privs` utility as root.
Matthias, thank you very much for your analysis. In fact, I seem to have made an indirect change to the security settings that I was not aware of, so I confused it with the impact of an update. I am very sorry for filing this bug reasonless and wasting your time. The shutdown issue is solved as well. Best regards Axel |
Created attachment 872783 [details] Authorisation prompt for NetworkManager After a Tumbleweed update a bit more than a week ago, I face the following issues: * Certain operations require authorisation as root such as control of network operations by NetworkManager or mounting devices (added screenshots) * After initiating a system shutdown, I end up with a blank screen (with mouse pointer), but the system does not shutdown. I need to login into a virtual console as root and shutdown the computer manually. I attached an extract of the system journal after the shutdown request, which does not show anything unusual, as far as I can tell. Conclusion: System is no longer usable without root access.