Discussion:
polkit-gnome-authentication-agent-1 fails to start after F17->F18 update
Corinna Vinschen
2013-06-22 14:28:44 UTC
Permalink
Hi,

I just updated a server machine from F17 to F18. This server is
running a local VNC session which I connect to via SSH. It's using
an XFCE4 desktop environment.

The machine is running a lot of virtual machines and so far there
was a virt-manager instance running in the VNC desktop.

After the upgrade to F18, virt-manager no longer starts:

Unable to connect to libvirt.

authentication failed: polkit: Authorization requires authentication
but no agent is available.

So I checked and, yes, there's actually no agent running, there's no
polkit-gnome-authentication-agent-1 process, as usual.

In the XFCE4 Session settings, starting the PolicyKit Authentication
Agent is activated. But polkit-gnome-authentication-agent-1 simply
doesn't start. When I try to start it from the command line, I only
get an error message:

$ /usr/libexec/polkit-gnome-authentication-agent-1

(polkit-gnome-authentication-agent-1:5772): polkit-gnome-1-WARNING **:
Unable to determine the session we are in: No session for pid 5772

I know next to nothing about polkit. To get virt-manager working I added
a rule once:

$ cat /etc/polkit-1/rules.d/80-libvirt-manage.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage"
&& subject.active
&& subject.isInGroup("libvirt")) {
return polkit.Result.YES;
}
})

but that is taken from information on the net, and it obviously can't
help when there's no agent running.

So, how can I fix this? How can I make polkit-gnome-authentication-agent-1
start in my VNC XFCE4 session again?


Thanks for any help,
Corinna
Corinna Vinschen
2013-06-22 14:57:57 UTC
Permalink
Post by Corinna Vinschen
Hi,
I just updated a server machine from F17 to F18. This server is
running a local VNC session which I connect to via SSH. It's using
an XFCE4 desktop environment.
The machine is running a lot of virtual machines and so far there
was a virt-manager instance running in the VNC desktop.
Unable to connect to libvirt.
authentication failed: polkit: Authorization requires authentication
but no agent is available.
So I checked and, yes, there's actually no agent running, there's no
polkit-gnome-authentication-agent-1 process, as usual.
In the XFCE4 Session settings, starting the PolicyKit Authentication
Agent is activated. But polkit-gnome-authentication-agent-1 simply
doesn't start. When I try to start it from the command line, I only
$ /usr/libexec/polkit-gnome-authentication-agent-1
Unable to determine the session we are in: No session for pid 5772
The same message is in the vncserver log file, btw. I'm starting the
XFCE4 desktop via `exec startxfce4 --with-ck-launch' and ck-launch-session
starts and runs. What else can I do?!?


Thanks for any help,
Corinna
poma
2013-06-23 11:23:52 UTC
Permalink
Post by Corinna Vinschen
The same message is in the vncserver log file, btw. I'm starting the
XFCE4 desktop via `exec startxfce4 --with-ck-launch' and ck-launch-session
starts and runs. What else can I do?!?
Thanks for any help,
Corinna
- yum erase ConsoleKit*
- rpmrebuild xfce4-session-4.10.1-1.fc18.src.rpm
with *systemd-logind.diff
- $HOME/.vnc/xstartup
#!/bin/sh
startxfce4


poma



-------------- next part --------------
A non-text attachment was scrubbed...
Name: xfce4-session.spec-systemd-logind.diff
Type: text/x-patch
Size: 618 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130623/8e6f63a9/attachment.bin>
Corinna Vinschen
2013-06-24 09:48:08 UTC
Permalink
Post by poma
Post by Corinna Vinschen
The same message is in the vncserver log file, btw. I'm starting the
XFCE4 desktop via `exec startxfce4 --with-ck-launch' and ck-launch-session
starts and runs. What else can I do?!?
Thanks for any help,
Corinna
- yum erase ConsoleKit*
- rpmrebuild xfce4-session-4.10.1-1.fc18.src.rpm
with *systemd-logind.diff
- $HOME/.vnc/xstartup
#!/bin/sh
startxfce4
poma
diff --git a/xfce4-session.spec b/xfce4-session.spec
index 66e3650..520e881 100644
--- a/xfce4-session.spec
+++ b/xfce4-session.spec
@@ -2,7 +2,7 @@
Name: xfce4-session
Version: 4.10.1
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Xfce session manager
Group: User Interface/Desktops
@@ -73,8 +73,9 @@ Additional splash screen engines for the Xfce Session Manager.
%build
%configure \
-%if 0%{?rhel} > 6 || 0%{?fedora} > 18
+%if 0%{?rhel} > 6 || 0%{?fedora} >= 18
--enable-systemd \
+ --disable-legacy-sm \
%else
--disable-systemd \
%endif
This appear to work nicely, btw.


Thanks,
Corinna
Post by poma
--
users mailing list
users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
poma
2013-06-23 13:12:58 UTC
Permalink
On 22.06.2013 16:28, Corinna Vinschen wrote:


Post by Corinna Vinschen
I know next to nothing about polkit. To get virt-manager working I added
$ cat /etc/polkit-1/rules.d/80-libvirt-manage.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage"
&& subject.active
&& subject.isInGroup("libvirt")) {
return polkit.Result.YES;
}
})



https://lists.fedoraproject.org/pipermail/users/2013-March/433561.html


poma
Corinna Vinschen
2013-06-23 15:01:30 UTC
Permalink
Post by poma


Post by Corinna Vinschen
I know next to nothing about polkit. To get virt-manager working I added
$ cat /etc/polkit-1/rules.d/80-libvirt-manage.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage"
&& subject.active
&& subject.isInGroup("libvirt")) {
return polkit.Result.YES;
}
})


https://lists.fedoraproject.org/pipermail/users/2013-March/433561.html
Oh, wow, it was that simple? Just removing the subject.active did it?

Thank you very much for this simple solution!

Btw., just for the records, I had found an ugly workaround in the
meantime, but it did the trick:

I started startxfce4 from ~/.Xclients via `ssh localhost'. This
enforced a valid session, which made polkit-gnome-authentication-agent-1
start up normally.

But this is much better. I'll now go and build xfce4-session with the
patch you provided in the other mail and play with that a bit.


Thanks again,
Corinna
poma
2013-06-23 16:21:58 UTC
Permalink
On 23.06.2013 17:01, Corinna Vinschen wrote:


Post by Corinna Vinschen
Btw., just for the records, I had found an ugly workaround in the
I started startxfce4 from ~/.Xclients via `ssh localhost'. This
enforced a valid session, which made polkit-gnome-authentication-agent-1
start up normally.



/etc/systemd/system/vncserver@\:<DISPLAY>.service
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=simple
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i -geometry
<WIDTH>x<HEIGHT> -fg"

[Install]
WantedBy=multi-user.target

- edit <DISPLAY> <USER> <WIDTH> <HEIGHT> and other vncserver parameters
appropriately
- systemctl daemon-reload
- systemctl enable/start vncserver@\:<DISPLAY>.service

Ref.
tigervnc-server,
/usr/lib/systemd/system/vncserver at .service
https://bugzilla.redhat.com/show_bug.cgi?id=896648#c15


poma
CDR
2013-06-23 16:54:25 UTC
Permalink
I only store.records.that connect.
I añ.xdiving
Post by poma


Post by Corinna Vinschen
Btw., just for the records, I had found an ugly workaround in the
I started startxfce4 from ~/.Xclients via `ssh localhost'. This
enforced a valid session, which made polkit-gnome-authentication-agent-1
start up normally.


[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=simple
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i -geometry
<WIDTH>x<HEIGHT> -fg"
[Install]
WantedBy=multi-user.target
- edit <DISPLAY> <USER> <WIDTH> <HEIGHT> and other vncserver parameters
appropriately
- systemctl daemon-reload
Ref.
tigervnc-server,
/usr/lib/systemd/system/vncserver at .service
https://bugzilla.redhat.com/show_bug.cgi?id=896648#c15
poma
--
users mailing list
users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130623/0e66edb5/attachment.html>
poma
2013-06-23 17:00:27 UTC
Permalink
Post by CDR
I only store.records.that connect.
I añ.xdiving
Skydiving or sea diving? :)


poma
Corinna Vinschen
2013-06-24 07:53:26 UTC
Permalink
Post by poma


Post by Corinna Vinschen
Btw., just for the records, I had found an ugly workaround in the
I started startxfce4 from ~/.Xclients via `ssh localhost'. This
enforced a valid session, which made polkit-gnome-authentication-agent-1
start up normally.


[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=simple
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i -geometry
<WIDTH>x<HEIGHT> -fg"
[Install]
WantedBy=multi-user.target
- edit <DISPLAY> <USER> <WIDTH> <HEIGHT> and other vncserver parameters
appropriately
- systemctl daemon-reload
Thanks, but... what are you trying to tell me? I already started
vncserver as service along the lines of the above

-Type=simple
-ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i -geometry <WIDTH>x<HEIGHT> -fg"
+Type=forking
+-ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i -geometry <WIDTH>x<HEIGHT>"

for a long time, but it did not start a valid session and thus
polkit-gnome-authentication-agent-1 didn't start. My .vnc/xstartup then
calls /etc/X11/xinit/xinitrc and my .Xclient calls startxfce4 (with
--with-ck-launch until yesterday). I don't see anything in the above
which would change that behaviour.


Corinna
poma
2013-06-24 09:58:02 UTC
Permalink
On 24.06.2013 09:53, Corinna Vinschen wrote:


Post by Corinna Vinschen
Thanks, but... what are you trying to tell me? I already started
vncserver as service along the lines of the above



With aforementioned lines I completed my working setup example.
That may be useful information for other people, too, right. ;)


poma
Corinna Vinschen
2013-06-24 10:28:26 UTC
Permalink
Post by poma


Post by Corinna Vinschen
Thanks, but... what are you trying to tell me? I already started
vncserver as service along the lines of the above


With aforementioned lines I completed my working setup example.
That may be useful information for other people, too, right. ;)
Yes, indeed.


Thanks,
Corinna

Loading...