Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Daemon state should not change when loading a user session json file #833

Closed
tparchambault opened this issue Mar 22, 2023 · 5 comments · Fixed by #914
Closed

Daemon state should not change when loading a user session json file #833

tparchambault opened this issue Mar 22, 2023 · 5 comments · Fixed by #914
Assignees
@tparchambault
Milestone
v1.2

Comments

@tparchambault
Copy link
Contributor

On RHEL86, V1.0.0, installed from EPEL-testing, with the fapolicyd stopped, after successfully loading (but not deploying) a saved session file, fapolicyd was started without any explicit user action, i.e. automagically started the daemon.

Use of our tool should not introduce side-effects.
@tparchambault
Copy link
Contributor Author

There's an error in a log statement at line 144 in session.py which caused a python stack trace and I thought the thrown exception might have caused some fapolicd control logic to be bypassed. Fixing it did not address, or change the symptom of this issue.

Line 144 should be changed to:

logging.debug(f"Loaded dict = {data}")

The debug log messages generated when duplicating this issue (after fixing line 144)
:

DEBUG:root:Callback entered: MainWindow::on_openMenu_activate()
INFO:root:Entered SessionManager::open_edit_session(/root/test_session.json)
DEBUG:root:Loaded dict = [{'/root/anaconda-ks.cfg': 'Add'}]
DEBUG:root:SessionManager::open_edit_session():[<fapolicy_analyzer.ui.changeset_wrapper.TrustChangeset object at 0x7fbf29953e80>]
DEBUG:root:dispatch( RESTORE_SYSTEM_CHECKPOINT )
DEBUG:fapolicy_daemon.svc:waiting on fapolicyd to be Inactive...
DEBUG:fapolicy_daemon.svc:fapolicyd is now Inactive
DEBUG:fapolicy_pyo3.system:deploy_only
DEBUG:fapolicy_daemon.svc:waiting on fapolicyd to be Active...
DEBUG:root:_status(ServiceStatus.TRUE updated
DEBUG:root:monitor_daemon:Dispatch update request
DEBUG:root:on_update_daemon_status(ServiceStatus.TRUE)
DEBUG:fapolicy_daemon.svc:fapolicyd is now Active
DEBUG:root:dispatch( CLEAR_CHANGESET )
DEBUG:root:dispatch( APPLY_CHANGESETS )
DEBUG:fapolicy_pyo3.system:apply_changeset
INFO:root:SessionManager::autosave_edit_session()
DEBUG:root: Session autosave is disabled/bypassed
DEBUG:root:dispatch( REQUEST_ANCILLARY_TRUST )
DEBUG:fapolicy_pyo3.check:BatchConf: recs: 2, tc:1, tl:1, bc:1, bl:2
DEBUG:root:_update_fapd_status(ServiceStatus.TRUE)

@tparchambault tparchambault self-assigned this Apr 2, 2023
@jw3 jw3 changed the title On RHEL86, V1.0.0, fapolicyd state is not maintained when loading a user session json file. Daemon state should not change when loading a user session json file Jul 5, 2023
@jw3 jw3 added this to the v1.2 milestone Jul 5, 2023
@tparchambault
Copy link
Contributor Author

Will verify that this is still an issue.

@tparchambault
Copy link
Contributor Author

Verified on the FC38 platform that loading a session json file will start the fapd daemon if stopped initially.

@tparchambault
Copy link
Contributor Author

tparchambault commented Sep 15, 2023
edited
Loading

Captured stacktrace from redux land (using traceback.print_stack()) as I'm currently reverse engineering things to determine iF the dispatch(RESTORE_SYSTEM_CHECKPOINT) really needs to invoke rollback_fapolicyd() [system_feature.py:274] after restoring the system object, and of course, what other user workflows ultimately call this same code and absolutely do need rollback_fapolicyd() to return fapd to a known state. TBD.

I expect that I'll have to provide some new functionality to only rollback the system object, i.e. add a new function _restore_system_checkpoint() with associated redux events/callbacks.

@jw3
Copy link
Member

jw3 commented Sep 18, 2023

determine iF the dispatch(RESTORE_SYSTEM_CHECKPOINT) really needs to invoke rollback_fapolicyd()

It does when it is used in __display_deploy_revert_dialog

For the session restore it does not.

The quickest fix appears to be adding a boolean flag to the action to allow the callsite to specify whether to rollback or not.

@jw3 jw3 mentioned this issue Sep 26, 2023
Merged
@jw3 jw3 closed this as completed in #914 Sep 26, 2023
jw3 pushed a commit that referenced this issue Sep 26, 2023
@tparchambault
Daemon state preserved on session load (#914)
3679fb0 
Modified code so that json session file operations are only applied to
the current system object's state. No rollbacks or clearing of either
the current system object maintained in the UI layer nor fapolicyd's
state occur.

Closes #833
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tparchambault tparchambault

Labels
None yet
Projects
None yet
Milestone
v1.2
Development

Successfully merging a pull request may close this issue.

Daemon state preserved on session load tparchambault/fapolicy-analyzer
2 participants
@jw3 @tparchambault