FS#76504 : [iwd] dbus policy causes unnecessary logspam

FS#76504 - [iwd] dbus policy causes unnecessary logspam

Attached to Project: Community Packages
Opened by Ronan Pigott (Brocellous) - Wednesday, 09 November 2022, 19:37 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:10 GMT

Task Type	General Gripe
Category	Packages
Status	Closed
Assigned To	Andreas Radke (AndyRTR) Christian Rebischke (Shibumi) Levente Polyak (anthraxx)
Architecture	All
Severity	Very Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Luca Dorigo (gloomy) (2023-02-16)
Private	No

Details

Description: iwd has some unnecessary logspam for group netdev

iwd ships /usr/share/dbus-1/system.d/iwd-dbus.conf, with policy

<policy group="netdev">
<allow send_destination="net.connman.iwd"/>
</policy>

Arch linux doesn't use this device group name, so this creates some unnecessary logspam:

$ journalctl --no-hostname -b -p4 -g netdev
Nov 09 11:05:57 dbus-daemon[661]: Unknown group "netdev" in message bus configuration file
Nov 09 11:05:57 dbus-daemon[661]: Unknown group "netdev" in message bus configuration file
Nov 09 11:05:57 dbus-daemon[661]: Unknown group "netdev" in message bus configuration file
Nov 09 11:05:57 dbus-daemon[661]: Unknown group "netdev" in message bus configuration file
Nov 09 11:05:57 dbus-daemon[661]: Unknown group "netdev" in message bus configuration file
Nov 09 11:05:57 dbus-daemon[661]: Unknown group "netdev" in message bus configuration file
Nov 09 11:06:02 dbus-daemon[661]: Unknown group "netdev" in message bus configuration file
Nov 09 11:06:02 dbus-daemon[661]: Unknown group "netdev" in message bus configuration file

I think we should either remove this clause or introduce a sysusers.d entry to create this system group.

This task depends upon

Closed by Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:10 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/iwd/issues/2

Comment by Ronan Pigott (Brocellous) - Wednesday, 09 November 2022, 19:39 GMT

Oops, I don't think I can edit the title, but it should prolly be something like "iwd dbus policy causes unnecessary logspam".

Comment by Andreas Radke (AndyRTR) - Thursday, 10 November 2022, 07:05 GMT

The wiki note about netdev group tells you something different:

https://wiki.archlinux.org/title/Iwd#Usage

Comment by Ronan Pigott (Brocellous) - Thursday, 10 November 2022, 16:02 GMT

If this is an intended system group, it should be created with a sysusers definition like these others: https://wiki.archlinux.org/title/Users_and_groups#Unused_groups.

I certainly wouldn't mind if the clause was just removed, but if we want to keep it I think the group should exist.

Comment by Toolybird (Toolybird) - Thursday, 10 November 2022, 20:59 GMT

Related ~~FS#74646~~ (it says "this group is created by conman" but I don't see that anywhere unless I'm missing something...)

Do you still get the log spam if you're part of the wheel group?

Comment by Ronan Pigott (Brocellous) - Thursday, 10 November 2022, 21:37 GMT

Yes, my user belongs to the wheel group.

The messages occur whenever the rules are re-parsed. Most commonly this is when polkitd reloads the rules as it automatically watches those directories for changes. I just did an upgrade and got another dozen lines of this as systemd upgraded.

Comment by Toolybird (Toolybird) - Monday, 14 November 2022, 03:46 GMT

Ok, so creating a group just to get rid of log spam doesn't seem wise. log spam is kinda annoying but no biggie. This "netdev" group appears to be a Debianism [1] so I'd vote for just getting rid of the clause, but of course it's a PM's decision.

[1] https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/src/iwd-dbus.conf?id=010b0e27

Comment by Ronan Pigott (Brocellous) - Monday, 14 November 2022, 07:22 GMT

Seems like polkit is the intended replacement for at_console: https://bugs.freedesktop.org/show_bug.cgi?id=39611#c0, but iwd never adopted polkit, so it loses support for this feature and they went with the group policy config instead.

Other projects seem to provide console users access either with TAG+="uaccess" for devices or polkit actions with allow_active=yes policy. A "netdev" system group for this purpose is an anachronism imo, so I agree it should be removed.

Arch users that don't wish to belong to the wheel group for some reason but still want unprivileged access to iwd's functions can either

1. Get most the benefit from NetworkManager on iwd backend, as it has its own polkit layer. Or
2. Add the netdev group back into the policy in /usr/local/share

which doesn't seem like too much of a burden.

Comment by Andreas Radke (AndyRTR) - Wednesday, 23 November 2022, 21:37 GMT

@shibumi: allow_group_network.diff in connman uses "network" group it seems. Also our Network Manager expects wheel or network group according to the wiki.

Maybe we should change iwd following this and fix the Debian specific group here to network as well?

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#76504 - [iwd] dbus policy causes unnecessary logspam

Details

Loading...