inotify and gnome authorization

[darrell pfeifer]

Over the last few months I've had problems with the gnome
authorization dialog failing, sometimes intermittently and sometimes
consistently for long periods of time. The dialog I'm referring to is
the one that pops up when root access is needed to run an application
or control panel. Examples are System/Preferences/Authorizations,
running the virtual machine manager, running lots of control panels
from System/Administration/*

It turns out that eventually polkit-gnome-manager is called. It uses
inotify to put a watch on /etc/PolicyKit/PolicyKit.conf. In my case,
placing the watch was failing, which meant no authorization.

A workaround is to bump up the 8192 limit to something higher

echo 16384 > /proc/sys/fs/inotify/max_user_watches

I'm still a bit mystified as to what is using all the watches. Before
and after the echo lsof only reports less than 32 watches on my
system. Other than lsof there don't appear to be an tools to show who
is consuming the watches. If nobody has an suggestions, I may try
systemtap.

I'm not sure at this point that it makes sense to bump up the kernel
default without knowing the current culprit.

The bottom line: with policykit being used more heavily in rawhide, if
you're getting strange intermittent permissions failures, try the
workaround.

darrell