Policykit issue when launching fapolicy-analyzer a second time

[jw3]

From fc34 vm

1. Run fapolicy-analyzer
2. Close and run again

[vagrant@fedora ~]$ fapolicy-analyzer 
Error executing command as another user: No authentication agent found.
Terminating pkttyagent.

[scholarsmate]

Possibly related, but I'm now seeing many Connection refused errors when starting up in RHEL8.

[vagrant@rhel8 fapolicy-analyzer]$ pipenv run python -m fapolicy_analyzer.ui
libGL error: No matching fbConfigs or visuals found
libGL error: failed to load driver: swrast
loaded system in 10 seconds
loaded system in 5 seconds

(__main__.py:42922): dconf-WARNING **: 14:46:51.989: failed to commit changes to dconf: Could not connect: Connection refused

(__main__.py:42922): dconf-WARNING **: 14:46:52.043: failed to commit changes to dconf: Could not connect: Connection refused

(__main__.py:42922): dconf-WARNING **: 14:46:52.056: failed to commit changes to dconf: Could not connect: Connection refused
...

[tparchambault]

It appears that pkttyagent started because that output text Terminating pkttyagent. is conditional and will only run if pkttyagent started and has a pid. Whether it then immediately failed/terminated or did not fully complete it's initialization needs to be determined.

[tparchambault]

Re: Scholarsmate's comment:

[vagrant@rhel8 fapolicy-analyzer]$ pipenv run python -m fapolicy_analyzer.ui
libGL error: No matching fbConfigs or visuals found
libGL error: failed to load driver: swrast
loaded system in 10 seconds
loaded system in 5 seconds

Since the app was started directly and not through the wrapper script this is not pkexec/polkit related. It could be permission related but since the system was loaded w/o complaint, I don't think that's the issue either.

I have seen these WARNING messages previously during general dev work but unfortunately don't remember the underlying issues.

[tparchambault]

I have duplicated the OP's symptom. It is inconsistent but on my system occurs ~50% of the time.

I also see the following complaints:
dbind-WARNING **: 18:39:28.001: Couldn't connect to accessibility bus: ...

[tparchambault]

The above warning messages do not occur when pkexec is not the authenticating parent invoking "python -m fapolicy_analyzer.ui."

[tparchambault]

The pkttyagent appears to be not consistently starting and/or does not stay up when the issue occurs. Next step is to enable verbosity in the polkitd daemon to determine what end of the client/server connection is not playing nice. I believe it's available via an env var. Will also look at client code to see if enabling verbosity is available.

[tparchambault]

pkttyagent authorization agent does not complete its registration on the dbus prior to the pkexec call that execs the fapolicy-analyzer.

Next step: Leverage the pkttyagent's fd callback mechanism to signal the fapolicy-analyzer wrapper script that it can proceed to the pkexec.

[tparchambault]

Let's leave this open a bit longer, while this PR is being banged on by the limited user base, since it only get exercised on rpm installations. The following PR has been mergeed into master, tested on the release 0.3.0 branch, and as of the merge into master, dev work has been effectively completed.
Restore PolicyKit integration #308