Application Profiler does not report missing fapolicyd service #530
Comments
|
Is this symptom observed in a production or development environment? I believe that on a production system, the System object won't be instantiated and the user will get the start-up error dlg. If that API interaction has changed over time then we/I need to revisit the code that handles that failure, i.e. If this is on a production system then it is a bug. The Profiler can "run" in the development environment but only as a convenience for developers. fapd control (start/stop) is not attempted for non-root users, although the AAC will invoke the target executable. Things like chown'ing of stdout/stderr and changing the euid will fail due to inadequate permissions. |
jw3
changed the title
|
This is on a machine that does not have fapolicyd installed. |
|
Understood, but in a normal i.e. rpm install, and when invoked via /usr/sbin/fapolicy-analyzer, there are other checks that occur wrt fapolicyd being installed and run at least once to create and populate the /var/lib/fapolicyd/* otherwise the start-up error dlg is displayed. There is no option to continue; it exits on OK. Fwiw, I see the same dlg in a development env too when fapolicyd is not installed. Also fwiw I installed fapolicyd via the pkg manager as a data point. The production box was RHEL8.6 and the dev box was FC34.
The dlg is displayed on a failure to create the System object. This has been in place for a while. I'm guessing 6-9 months? |
|
The user should never get to the MainWindow and the associated Tool menu items. |
|
One way to recreate this is to remove the fapolicyd unit file from a working installation. At a minimum the exception should be caught and the GUI should make it obvious that something went wrong. Toaster message? |
|
That is how I generated the above dialogs, i.e. dnf remove fapolicyd. It doesn't get more obvious than that. |
|
Clarified w/ @jw3 via voice comms. This is about failing gracefully when systemd control is not functioning correctly e.g. service file disabled, syntax errors, missing or renamed unit file for whatever reason, etc. |
|
Looks like the core concerns here were addressed during milestone 7, the UI now remains responsive. |
In the case where the fapolicyd service is not found the only indication of failure is a stack trace.
The close button becomes unresponsive, the dialog must be closed out with the X
The text was updated successfully, but these errors were encountered: