You are not logged in.
I have been playing around with firewalld and firewall-config recently to try to harden up my laptop.
My regular user account is in group wheel, and I have polkit set up. So, any administrative tasks prompt me for my password. I can configure networks with NetworkManager (and even set a firewall zone from within NetworkManager). And with a password, I can modify firewalld rules.
However, if I attempt to change the firewall zone of a network connection (either under Options > Change Zones of Connections... or by left-clicking on firewall-applet), I get the following stackdump:
Traceback (most recent call last):
File "/usr/bin/firewall-config", line 1007, in change_zone_connection_editor
editor.run()
File "/usr/bin/firewall-config", line 5301, in run
settings = connection_obj.GetSettings()
File "/usr/lib/python3.4/site-packages/dbus/proxies.py", line 70, in __call__
return self._proxy_method(*args, **keywords)
File "/usr/lib/python3.4/site-packages/slip/dbus/proxies.py", line 51, in __call__
return dbus.proxies._ProxyMethod.__call__(self, *args, **kwargs)
File "/usr/lib/python3.4/site-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib/python3.4/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 8 matched rules; type="method_call", sender=":1.78" (uid=2290 pid=4997 comm="/usr/bin/python -Es /usr/bin/firewall-config ") interface="(unset)" member="GetSettings" error name="(unset)" requested_reply="0" destination=":1.6" (uid=0 pid=1461 comm="/usr/bin/NetworkManager --no-daemon ")
So, it is some permission problem. If I run firewall-config as root and try again, everything works as intended. So, I think this is DBUS or Polkit configuration problem. Is there some way to determine why access is denied or what DBUS call is being attempted? I have tried dbus-monitor and d-feet, but I still can't find the call the fails. (I have never had to troubleshoot DBUS calls before, so I'm quite confused as is.)
What's weird is I can change the firewall zone of the network configuration using nm-connection-editor. So is this bug in how firewall-config and NetworkManager communicate?
Any advice on which permissions to check would be greatly appreciated.
Offline