[Avocado-devel] RFC: ABRT integration

Jakub Filak jfilak at redhat.com
Tue Nov 15 07:37:57 UTC 2016 

Hi Cleber

On 11/11/2016 03:16 PM, Cleber Rosa wrote:
> On 11/11/2016 07:20 AM, Jakub Filak wrote:
> 
>> Some technical details:
>> - the implementation will capture only problems of a current user
> 
> This is not a big deal since our current implementation for catching
> coredumps is pretty much limited to super users.
> 
> Still, let me get this straight: if a test exercises and crashes a
> running daemon (running as a different user) ABRT won't be able to
> capture the daemon's problems, right?
> 
> But, if the user is running the test as root, then ABRT will be able to
> capture all the system's problems?
> 

ABRT will capture the daemon's problems, but the user (it not privileged)
won't have access to the problems (by default).

IOW, if the users is not root, the ProblemsWatcher will collect problems
that occurred in processes that were running with the users' UID.

The system's problems include problems of all users.

>> - a proper configuration of PolicyKit can allow any user to read all system
>>   problems
> 
> Right.  For our purposes, it's fine to ship an example policy as a
> contrib file.

The configuration could look like the following:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.problems.getall" &&
        subject.active == true &&
        subject.local == true &&
        subject.isInGroup("avocado")) {
            return polkit.Result.YES;
    }
});

And should be saved in a file in the "/usr/share/polkit-1/rules.d" directory.

With this configuration the members of the avocado group will be able to get
their problems + system problems without the need to authorize themselves
via PolicyKit.


> 
>> - there can be several simultaneous connections to ABRT D-Bus connection
>>
>>
> 
> If PolicyKit is configured to allow all system problems to be read, and
> there are multiple connections to ABRT, will all of those receive all
> problem notifications? Or is it a single queue and whomever reads first
> removes it from the queue?
> 

ABRT problems are persistent until someone removes them. Thus all
connections to ABRT will see the same set of problems (unless intentionally
changed by another connection).



Jakub

More information about the Avocado-devel mailing list