Bug 378648

My NetworkManager was simply not working, wrt. Wireless.

The logs said:

Apr  8 15:24:42 t60p NetworkManager: <info>  Deactivating device wlan0.
Apr  8 15:24:42 t60p NetworkManager: <info>  (wlan0): exported as /org/freedesktop/Hal/devices/net_00_13_02_3a_ba_ad
Apr  8 15:24:42 t60p NetworkManager: <info>  Trying to start the supplicant...
Apr  8 15:24:42 t60p NetworkManager: <info>  Trying to start the system settings daemon...
Apr  8 15:26:42 t60p NetworkManager: <info>  Trying to start the supplicant...
Apr  8 15:26:42 t60p NetworkManager: <info>  Trying to start the system settings daemon...
Apr  8 15:28:42 t60p NetworkManager: <info>  Trying to start the supplicant...

Which looked like the cause:

The strace of dbus showed:

7179  1207741931.507213 execve("/lib/dbus-1/dbus-daemon-launch-helper", ["/lib/dbus-1/dbus-daemon-launch-helper", "fi.epitest.hostap.WPASupplicant"], [/* 25 vars */] <unfinished ...>
7179  1207741931.512115 <... execve resumed> ) = 0
7179  1207741931.512163 brk(0)          = 0x8083000
7179  1207741931.512223 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
7179  1207741931.512288 open("/etc/ld.so.cache", O_RDONLY) = 3
7179  1207741931.512335 fstat64(3, {st_mode=S_IFREG|0644, st_size=129163, ...}) = 0
7179  1207741931.512403 mmap2(NULL, 129163, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb808e000
7179  1207741931.512441 close(3)        = 0
7179  1207741931.512489 open("/lib/libexpat.so.1", O_RDONLY) = 3
7179  1207741931.512541 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\"\0\0004\0\0\0\30R\2\0\0\0\0\0004\0 \0\6\0(\0\34\0\33\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\3004\2\0\3004\2\0\5\0\0\0\0\20\0\0\1\0\0\0\0248\2\0\24H\2\0\24H\2\0@\30\0\0H\30\0\0\6\0\0\0\0\20\0\0\2\0\0\0\340N\2\0\340^\2\0\340^\2\0\320\0\0\0\320\0\0\0\6\0\0\0\4\0\0\0P\345tdt\33\2\0t\33\2\0t\33\2\0004\5\0\0004\5\0\0\4\0\0\0\4\0\0\0Q\345td\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\4\0\0\0R\345td\0248\2\0\24H\2\0\24H\2\0\354\27\0\0\354\27\0\0\4\0\0\0\1\0\0\0C\0\0\0a\0\0\0\0\0\0\0:\0\0\0002\0\0\0\n\0\0\0E\0\0\0\30\0\0\0\0\0\0\0*\0\0\0007\0\0\0`\0\0\0N\0\0\0W\0\0\0\31\0\0\0\34\0\0\0D\0\0\0\0\0\0\0\32\0\0\0\0\0\0\0J\0\0\0004\0\0\0009\0\0\0)\0\0\0M\0\0\0\0\0\0\0=\0\0\0\21\0\0\0000\0\0\0\r\0\0\0\0\0\0\0;\0\0\0\0\0\0\0\0\0\0\0^\0\0\0\27\0\0\0F\0\0\0>\0\0\0\v\0\0\0<\0\0\0\22\0\0\0H\0\0\0\\\0\0\0V\0\0\0\37\0\0\0\0\0\0\0O\0\0\0\0\0\0\0$\0\0\0001\0\0\0\33\0\0\0_\0\0\0\0\0\0\0?\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0Z\0\0\0\"\0\0\0@\0\0\0\0\0\0\0!\0\0\0\10\0\0\0,\0\0\0\t\0\0\0", 512) = 512
7179  1207741931.512864 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb808d000
7179  1207741931.512905 fstat64(3, {st_mode=S_IFREG|0755, st_size=153208, ...}) = 0
7179  1207741931.512972 mmap2(NULL, 155740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb8066000
7179  1207741931.513010 fadvise64(3, 0, 155740, POSIX_FADV_WILLNEED) = 0
7179  1207741931.513046 mmap2(0xb808a000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x23) = 0xb808a000
7179  1207741931.513100 close(3)        = 0
7179  1207741931.513139 open("/lib/libc.so.6", O_RDONLY) = 3
7179  1207741931.513184 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000e\1\0004\0\0\0@Z\24\0\0\0\0\0004\0 \0\n\0(\0F\0E\0\6\0\0\0004\0\0\0004\0\0\0004\0\0\0@\1\0\0@\1\0\0\5\0\0\0\4\0\0\0\3\0\0\0\240c\22\0\240c\22\0\240c\22\0\23\0\0\0\23\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\354\246\23\0\354\246\23\0\5\0\0\0\0\20\0\0\1\0\0\0\350\261\23\0\350\261\23\0\350\261\23\0\264\'\0\0hT\0\0\6\0\0\0\0\20\0\0\2\0\0\0|\315\23\0|\315\23\0|\315\23\0\360\0\0\0\360\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0t\1\0\0t\1\0\0t\1\0\0008\0\0\0008\0\0\0\4\0\0\0\4\0\0\0\7\0\0\0\350\261\23\0\350\261\23\0\350\261\23\0\10\0\0\0@\0\0\0\4\0\0\0\4\0\0\0P\345td\264c\22\0\264c\22\0\264c\22\0\\,\0\0\\,\0\0\4\0\0\0\4\0\0\0Q\345td\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\4\0\0\0R\345td\350\261\23\0\350\261\23\0\350\261\23\0\30\36\0\0\30\36\0\0\4\0\0\0\1\0\0\0\4\0\0\0\20\0\0\0\1\0\0\0GNU\0\0\0\0\0\2\0\0\0\6\0\0\0\4\0\0\0\5\0\0\0\4\0\0\0SuSESuSE\0\0\0\0\1\0\n\2\363\3\0\0\n\0\0\0\0\2\0\0\16\0\0\0\2400\20D\200 \2\1\214\3\346\220AE\210\0\204\0\10\0A\200\0@\300\200\0\f\2\f\0\0010\0\10@\"\10\246\4\210H6l\240\0260\0&\204\200\216\4\10B$\2\f\246\244\32\6c\310\0\302 \1", 512) = 512
7179  1207741931.513482 fstat64(3, {st_mode=S_IFREG|0755, st_size=1336624, ...}) = 0
7179  1207741931.513550 mmap2(NULL, 1312336, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f25000
7179  1207741931.513587 fadvise64(3, 0, 1312336, POSIX_FADV_WILLNEED) = 0
7179  1207741931.513632 mmap2(0xb8060000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13b) = 0xb8060000
7179  1207741931.513680 mmap2(0xb8063000, 9808, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb8063000
7179  1207741931.513723 close(3)        = 0
7179  1207741931.513776 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f24000
7179  1207741931.513815 set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f246c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
7179  1207741931.513940 mprotect(0xb8060000, 8192, PROT_READ) = 0
7179  1207741931.513990 mprotect(0xb808a000, 8192, PROT_READ) = 0
7179  1207741931.514036 mprotect(0x8081000, 4096, PROT_READ) = 0
7179  1207741931.514074 mprotect(0xb80c9000, 4096, PROT_READ) = 0
7179  1207741931.514108 munmap(0xb808e000, 129163) = 0
7179  1207741931.514241 brk(0)          = 0x8083000
7179  1207741931.514273 brk(0x80a4000)  = 0x80a4000
7179  1207741931.514350 open("/etc/dbus-1/system.conf", O_RDONLY) = 3
7179  1207741931.514400 fstat64(3, {st_mode=S_IFREG|0644, st_size=2518, ...}) = 0
7179  1207741931.514484 read(3, "<!-- This configuration file controls the systemwide message bus.\n     Add a system-local.conf and edit that rather than changing this \n     file directly. -->\n\n<!-- Note that there are any number of ways you can hose yourself\n     security-wise by screwing up this file; in particular, you\n     probably don\'t want to listen on any more addresses, add any more\n     auth mechanisms, run as a different user, etc. -->\n\n<!DOCTYPE busconfig PUBLIC \"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN\"\n \"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd\">\n<busconfig>\n\n  <!-- Our well-known bus type, do not change this -->\n  <type>system</type>\n\n  <!-- Run as special user -->\n  <user>messagebus</user>\n\n  <!-- Fork into daemon mode -->\n  <fork/>\n\n  <!-- We use system service launching using a helper -->\n  <standard_system_servicedirs/>\n\n  <!-- This is a setuid helper that is used to launch system services -->\n  <servicehelper>/lib/dbus-1/dbus-daemon-launch-helper</servicehelper>\n\n  <!-- Write a pid file -->\n  <pidfile>/var/run/dbus/pid</pidfile>\n\n  <!-- Only allow socket-credentials-based authentication -->\n  <auth>EXTERNAL</auth>\n\n  <!-- Only listen on a local socket. (abstract=/path/to/socket \n       means use abstract namespace, don\'t really create filesystem \n       file; only Linux supports this. Use path=/whatever on other \n       systems.) -->\n  <listen>unix:path=/var/run/dbus/system_bus_socket</listen>\n\n  <policy context=\"default\">\n    <!-- Deny everything then punch holes -->\n    <deny send_interface=\"*\"/>\n    <deny receive_interface=\"*\"/>\n    <deny own=\"*\"/>\n    <!-- But allow all users to connect -->\n    <allow user=\"*\"/>\n    <!-- Allow anyone to talk to the message bus -->\n    <!-- FIXME I think currently these allow rules are always implicit \n         even if they aren\'t in here -->\n    <allow send_destination=\"org.freedesktop.DBus\"/>\n    <allow receive_sender=\"org.freedesktop.DBus\"/>\n    <!-- valid replies are always allowed -->\n    <allow send_requested_reply=\"true\"/>\n    <allow receive_requested_reply=\"true\"/>\n  </policy>\n\n  <!-- Config files are placed here that among other things, punch \n       holes in the above policy for specific services. -->\n  <includedir>system.d</includedir>\n\n  <!-- This is included last so local configuration can override what\'s \n       in this standard file -->\n  <include ignore_missing=\"yes\">system-local.conf</include>\n\n  <include if_selinux_enabled=\"yes\" selinux_root_relative=\"yes\">contexts/dbus_contexts</include>\n\n</busconfig>\n", 2518) = 2518
7179  1207741931.515315 close(3)        = 0
7179  1207741931.515499 socket(PF_FILE, SOCK_STREAM, 0) = 3
7179  1207741931.515547 fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
7179  1207741931.515585 connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0
7179  1207741931.515675 send(3, "\2\0\0\0\v\0\0\0\7\0\0\0passwd\0", 19, MSG_NOSIGNAL) = 19
7179  1207741931.515726 poll([{fd=3, events=POLLIN|POLLERR|POLLHUP, revents=POLLIN}], 1, 5000) = 1
7179  1207741931.515835 recvmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"passwd\0", 7}, {"\270O\3\0\0\0\0\0", 8}], msg_controllen=16, {cmsg_len=16, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, {6}}, msg_flags=0x40000000 /* MSG_??? */}, 0x40000000 /* MSG_??? */) = 15
7179  1207741931.515985 mmap2(NULL, 217016, PROT_READ, MAP_SHARED, 6, 0) = 0xb7eef000
7179  1207741931.516051 close(6)        = 0
7179  1207741931.516108 close(3)        = 0
7179  1207741931.516182 getuid32()      = 100
7179  1207741931.516209 geteuid32()     = 100
7179  1207741931.516259 exit_group(7)   = ?

ie. not launching anything.

Eventually we chased this down to:

[ /etc/sysconfig/security ]

## Type:        string
## Default:     "easy local"
#
# SuSE Linux contains two different configurations for
# chkstat. The differences can be found in /etc/permissions.secure
# and /etc/permissions.easy. If you create your own configuration
# (e.g. permissions.foo), you can enter the extension here as well.
#
# (easy/secure local foo whateveryouwant).
#
PERMISSION_SECURITY="secure local"

Apparently "secure" means - "pre-break networking" ;-)

Of course, this makes the system more secure - but, is this the intention ? ;-)