1134553 – [abrt] rolekit: connection.py:584:call_async:ValueError: Unable to guess signature from an empty dict

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1134553 - [abrt] rolekit: connection.py:584:call_async:ValueError: Unable to guess signature from an empty dict

Summary: [abrt] rolekit: connection.py:584:call_async:ValueError: Unable to guess sign...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rolekit
Sub Component:
Version:	21
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://retrace.fedoraproject.org/faf...
Whiteboard:	abrt_hash:1276e3d8c413730eab40128170a...
Depends On:
Blocks:	1134558
TreeView+	depends on / blocked

Reported:	2014-08-27 18:47 UTC by Stephen Gallagher
Modified:	2015-10-19 21:09 UTC (History)
CC List:	5 users (show)
Fixed In Version:	rolekit-0.4.0.1-2.fc23
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1134558 (view as bug list)
Environment:
Last Closed:	2015-10-19 21:09:46 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
File: backtrace (1.62 KB, text/plain) 2014-08-27 18:47 UTC, Stephen Gallagher	no flags	Details
File: environ (86 bytes, text/plain) 2014-08-27 18:47 UTC, Stephen Gallagher	no flags	Details
View All

Description Stephen Gallagher 2014-08-27 18:47:16 UTC

Description of problem:
Attempted to run 'rolectl list instances'

The issue appears to be an incorrectly-handled SELinux denial which crashes roled and fails to return an error to the rolectl client, which waits forever.

Version-Release number of selected component:
rolekit-0.0.3-1.fc21

Additional info:
reporter:       libreport-2.2.3
cmdline:        /usr/bin/python -Es /usr/sbin/roled --nofork --nopid
dso_list:       dbus-python-1.2.0-6.fc21.x86_64
executable:     /usr/sbin/roled
kernel:         3.16.1-300.fc21.x86_64
runlevel:       N 3
type:           Python
uid:            0

Truncated backtrace:
connection.py:584:call_async:ValueError: Unable to guess signature from an empty dict

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 607, in msg_reply_handler
    *message.get_args_list()))
  File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 416, in _introspect_error_handler
    self._introspect_execute_queue()
  File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 387, in _introspect_execute_queue
    proxy_method(*args, **keywords)
  File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 137, in __call__
    **keywords)
  File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 584, in call_async
    message.append(signature=signature, *args)
ValueError: Unable to guess signature from an empty dict

Local variables in innermost frame:
bus_name: dbus.UTF8String(':1.5')
byte_arrays: False
self: <dbus._dbus.SystemBus (system) at 0x7f7b99aa9590>
args: (('system-bus-name', {'name': ':1.29'}), 'org.fedoraproject.rolekit1.all', {}, 1, '')
require_main_loop: True
object_path: '/org/freedesktop/PolicyKit1/Authority'
signature: None
reply_handler: <function reply_cb at 0x7f7b9749b2a8>
error_handler: <function error_handler at 0x7f7b9749b1b8>
dbus_interface: 'org.freedesktop.PolicyKit1.Authority'
timeout: 2147483.647
kwargs: {}
e: ValueError('Unable to guess signature from an empty dict',)
message: <dbus.lowlevel.MethodCallMessage path: /org/freedesktop/PolicyKit1/Authority, iface: org.freedesktop.PolicyKit1.Authority, member: CheckAuthorization dest: :1.5>
get_args_opts: {'byte_arrays': False, 'utf8_strings': False}
method: 'CheckAuthorization'

Comment 1 Stephen Gallagher 2014-08-27 18:47:17 UTC

Created attachment 931652 [details]
File: backtrace

Comment 2 Stephen Gallagher 2014-08-27 18:47:18 UTC

Created attachment 931653 [details]
File: environ

Comment 3 Stephen Gallagher 2014-08-27 19:00:23 UTC

I say that it's related to SELinux because it doesn't hang in permissive mode.

There are two bugs here: one in SELinux to properly allow the behavior and another in cockpit itself to properly handle permission denied errors.

audit2why:

type=USER_AVC msg=audit(1409164980.789:721): pid=608 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.30 spid=748 tpid=22117 scontext=system_u:system_r:policykit_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
	Was caused by:
		Missing type enforcement (TE) allow rule.

		You can use audit2allow to generate a loadable module to allow this access.

Comment 4 Stephen Gallagher 2014-08-28 17:33:34 UTC

After further investigation, this appears to be crashing in dbus-python, not rolekit. Reassigning the component.

Comment 5 Fedora Admin XMLRPC Client 2015-06-17 22:01:55 UTC

This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 6 leigh scott 2015-06-18 11:49:03 UTC

Patches welcomed to fix this issue as it's at the bottom of my todo list (may never happen).

Comment 7 leigh scott 2015-06-18 16:31:35 UTC

I agree with upstream and have no intention to support the unsupported patch and the rolekit package!

https://bugs.freedesktop.org/show_bug.cgi?id=26903#c14

Comment 8 Fedora Update System 2015-09-28 15:31:35 UTC

rolekit-0.4.0-5.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-40a4d314f3

Comment 9 Fedora Update System 2015-09-29 06:21:59 UTC

rolekit-0.4.0-5.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update rolekit'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-40a4d314f3

Comment 10 Fedora Update System 2015-10-07 17:30:33 UTC

rolekit-0.4.0.1-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-40a4d314f3

Comment 11 Fedora Update System 2015-10-08 10:31:07 UTC

rolekit-0.4.0.1-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update rolekit'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-40a4d314f3

Comment 12 Fedora Update System 2015-10-14 18:29:41 UTC

rolekit-0.4.0.1-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-40a4d314f3

Comment 13 Fedora Update System 2015-10-14 22:53:28 UTC

rolekit-0.4.0.1-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update rolekit'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-40a4d314f3

Comment 14 Fedora Update System 2015-10-19 21:09:38 UTC

rolekit-0.4.0.1-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.