Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 230155

Summary: Sleep fails with permission denied
Product: [Fedora] Fedora Reporter: Karl MacMillan <kmacmill>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: davidz, dwalsh, florin, richard
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-01 16:48:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 150226    

Description Karl MacMillan 2007-02-26 21:52:08 UTC
Description of problem:

Laptop will no longer sleep from gnome-power-manager. An error pops up over the
power manager icon in the panel and the following error appears in the log:

Feb 26 16:45:21 localhost gnome-power-manager: (kmacmill) Suspending computer
because the suspend button has been pressed
Feb 26 16:45:21 localhost gnome-power-manager: (kmacmill) Permission denied: Not
in active session code='30' quark='g-exec-error-quark'

Sleep (suspend to memory) has worked perfectly on this laptop for a while (ibm
t43p). This does not seem to be an selinux problem (no denials that I saw).

Version-Release number of selected component (if applicable):

gnome-power-manager-2.17.91-1.fc7

How reproducible:

Sleep laptop using function key on keyboard. Error happens every time.

Comment 1 David Zeuthen 2007-02-26 22:16:48 UTC
Are you logging in via gdm? If no, please close as dupe of bug 228110.

Comment 2 Karl MacMillan 2007-02-26 22:25:40 UTC
Yes, I'm logged in via gdm.

Comment 3 David Zeuthen 2007-02-26 22:47:38 UTC
Please try this in permissive mode. I was just going through the same thing with
dwalsh... Thanks.

Comment 4 Karl MacMillan 2007-02-26 23:00:37 UTC
Permissive doesn't help.

Comment 5 Daniel Walsh 2007-02-27 16:56:43 UTC
I have been working on this today and now have $XDG_SESSION_COOKIE showing up,
with an updated policy.  But still getting error on sleep.

Feb 27 11:54:41 redsox gnome-power-manager: (dwalsh) Suspending computer because
the lid has been closed, and the ac adapter removed (and gconf is okay)
Feb 27 11:54:41 redsox gnome-power-manager: (dwalsh) Permission denied: Not in
active session code='30' quark='g-exec-error-quark'
Feb 27 11:54:41 redsox gnome-power-manager: (dwalsh) Resuming computer
Feb 27 11:54:41 redsox gnome-power-manager: (dwalsh) suspend failed

No avc messages

Comment 6 David Zeuthen 2007-02-27 17:06:04 UTC
Mmm.. can you run hald with 

 # hald --daemon=no --verbose=yes

There's a ton of debug output. Then kill g-p-m and start g-p-m again. I'm
interested in the output after you make g-p-m call Suspend() on HAL. What
happens is this

 1. g-p-m connects to the system bus
 2. when it calls into HAL we get the pid/uid from D-Bus
 3. given the pid, HAL asks ConsoleKit, via GetSessionFromUnixProcess() (see
http://fedoraproject.org/wiki/Desktop/FastUserSwitching for details) about the
desktop session
 4. HAL caches the pid/uid/session and tracks whether that session is active
 5. when g-p-m calls Suspend() we look up the cached information

Because of the caching going on, I need g-p-m to be restarted. Thanks.



Comment 7 David Zeuthen 2007-02-27 18:23:56 UTC
*** Bug 230240 has been marked as a duplicate of this bug. ***

Comment 8 Will Woods 2007-02-27 18:40:09 UTC
I've got the same problem on a T43; here's the hald output you requested.

13:37:23.834 [W] hald_dbus.c:1078: Error doing GetSessionForUnixProcess on
ConsoleKit: org.freedesktop.DBus.GLib.UnmappedError.CkManagerError.Code0: Unable
to lookup session information for process '4138'
13:37:23.834 [I] hald_dbus.c:4073: Caller :1.32 (uid 500, pid 4138) for
interface org.freedesktop.Hal.Device.CPUFreq on add-on method SetCPUFreqGovernor
for /org/freedesktop/Hal/devices/computer is not in any session; refusing service
13:37:23.834 [W] hald_dbus.c:96: Permission denied: Not in active session
13:37:23.835 [I] hald_dbus.c:4073: Caller :1.32 (uid 500, pid 4138) for
interface org.freedesktop.Hal.Device.CPUFreq on add-on method GetCPUFreqGovernor
for /org/freedesktop/Hal/devices/computer is not in any session; refusing service
13:37:23.836 [W] hald_dbus.c:96: Permission denied: Not in active session
13:37:23.837 [I] hald_dbus.c:4073: Caller :1.32 (uid 500, pid 4138) for
interface org.freedesktop.Hal.Device.CPUFreq on add-on method GetCPUFreqGovernor
for /org/freedesktop/Hal/devices/computer is not in any session; refusing service
13:37:23.837 [W] hald_dbus.c:96: Permission denied: Not in active session
13:37:23.838 [I] hald_dbus.c:4073: Caller :1.32 (uid 500, pid 4138) for
interface org.freedesktop.Hal.Device.CPUFreq on add-on method
SetCPUFreqPerformance for /org/freedesktop/Hal/devices/computer is not in any
session; refusing service
13:37:23.838 [W] hald_dbus.c:96: Permission denied: Not in active session
13:37:24.050 [I] hald_dbus.c:4151: OK for method 'SetPowerSave' with signature
'b' on interface 'org.freedesktop.Hal.Device.SystemPowerManagement' for UDI
'/org/freedesktop/Hal/devices/computer' and execpath
'hal-system-power-set-power-save'
13:37:24.050 [I] hald_dbus.c:3310: Caller :1.32 (uid 500, pid 4138) for
interface org.freedesktop.Hal.Device.SystemPowerManagement on exec'ed method
SetPowerSave for /org/freedesktop/Hal/devices/computer is not in any session;
refusing service
13:37:24.050 [W] hald_dbus.c:96: Permission denied: Not in active session
13:37:24.377 [W] hald_dbus.c:96: No property battery.remaining_time on device
with id /org/freedesktop/Hal/devices/acpi_BAT0
13:37:24.383 [W] hald_dbus.c:96: No property info.vendor on device with id
/org/freedesktop/Hal/devices/acpi_BAT0
13:37:24.397 [W] hald_dbus.c:96: No property info.is_recalled on device with id
/org/freedesktop/Hal/devices/acpi_BAT0


Comment 9 David Zeuthen 2007-02-27 18:58:18 UTC
Probably the problem is that you need to allow ConsoleKit to look in
/proc/<pic>/environ for the pid that HAL is passing. That's what
XDG_SESSION_COOKIE is just for...

Comment 10 Will Woods 2007-02-27 19:32:43 UTC
Ah, I think I confused part of the problem.

My /proc/$(pidof gnome-power-manager)/environ did not contain
XDG_SESSION_COOKIE, until I turned SELinux to Permissive and logged back in.
Then suspend worked OK.

With SELinux set to enforcing, I get the following message in audit.log *at
login* (not at sleep time):

type=USER_AVC msg=audit(1172603954.457:157): user pid=1846 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  {
send_msg } for msgtype=
method_call interface=org.freedesktop.ConsoleKit.Manager
member=OpenSessionWithParameters dest=org.freedesktop.ConsoleKit spid=2492
tpid=2068 scontext=system_u:system_
r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=dbus :
exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'

So that's probably the SELinux problem that dwalsh has apparently solved above.
It didn't show up in dmesg or setroubleshoot so I assumed this was a different
problem. Sorry for any confusion.

Comment 11 Matthias Clasen 2007-04-01 15:45:49 UTC
David, whats the status of this ?

Comment 12 David Zeuthen 2007-04-01 16:47:44 UTC
It's a SELinux bug (which I think is fixed as it works for me on fresh
installs), so reassigning.. 

Comment 13 David Zeuthen 2007-04-01 16:48:59 UTC
... and also closing! (since it's working for me on a fresh T3 install). Feel
free to reopen if this still doesn't work.