Bug 7445

Summary: locations page takes a long time to load on RHEL 8
Product: ThinLinc Reporter: Pierre Ossman <ossman>
Component: Web AdministrationAssignee: Pierre Ossman <ossman>
Status: CLOSED FIXED    
Severity: Normal CC: aleta, nikle, samuel
Priority: P2 Keywords: relnotes, samuel_tester
Version: trunk   
Target Milestone: 4.11.0   
Hardware: PC   
OS: Unknown   
Acceptance Criteria:

Description Pierre Ossman cendio 2019-11-25 11:01:09 CET
Opening the locations page (https://tl.example.com:1010/locations/locations) results in a long load time when the server is running RHEL 8. It works fine once loaded though.

The issue is that "lpstat -a" takes forever to complete, and this is caused by a failure to communicate with Avahi:

> type=USER_AVC msg=audit(1574675560.964:362): pid=1017 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.409 spid=1009 tpid=12179 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:system_r:thinlinc_webadm_t:s0 tclass=dbus permissive=0  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus"

We had a similar issue in bug 7277, so we probably need to update things here as well.
Comment 1 Pierre Ossman cendio 2019-11-28 13:46:48 CET
It's a bit odd that every page is slow, not just the ones listing printers. So it seems we're calling lpstat even when not needed.
Comment 2 Pierre Ossman cendio 2019-11-28 13:47:36 CET
We could not find any decent interfaces for this in the reference policy, so it seems we'll have to explicitly allow communication with Avahi. This is also what the reference policy has for cupsd.
Comment 5 Alex Tanskanen cendio 2019-11-29 10:12:36 CET
Tested with nightly build (6309) on RHEL 8: 
 * tlwebadm locations loads as it should
 * "Add printers" under the locations tab shows the printers 

This works fine.

Also verified that this fix didn't break the above on older systems such as RHEL 6 and RHEL 7.
Comment 6 Niko Lehto cendio 2019-12-03 10:42:21 CET
Verified using nightly build (6312) on RHEL 8 and Fedora 31.
Fix works fine. No noticeable issues loading in the other tlwebadm pages either.
Comment 7 Samuel Mannehed cendio 2019-12-05 11:40:38 CET
Also verified to work well on RHEL7.