Bug#846377: [systemd] /lib/systemd/systemd --user starts dbus-daemon without AFS token

Michael Biebl biebl at debian.org
Wed Nov 30 20:11:58 GMT 2016 

Am 30.11.2016 um 20:01 schrieb Dirk Heinrichs:
> Package: systemd
> Version: 232-6
> Severity: important
> 
> --- Please enter the report below this line. ---
> I'm running systems with user home directories located in an OpenAFS
> network filesystem. This used to work fine for years. However, since
> some time now, some desktop environments/applications (KDE, Evolution,
> etc.) have trouble writing their config files, while writing to the
> same file from within a shell worked fine.
> 
> I did some investigation and found out that dbus-daemon is not started
> be the pam-authenticated user session anymore, but
> via /lib/systemd/systemd --user.
> 
> This in itself wouldn't be a problem, but /lib/systemd/systemd --user
> has been started by PID 1 and thus doesn't run with an AFS token, which
> means that all processes spawned from it don't have one either:
> 
> testuser     2013     1  0 18:54 ?        00:00:00 /lib/systemd/systemd
> --user
> testuser     2015  2013  0 18:54 ?        00:00:00 (sd-pam)
> testuser     7783  2013  0 19:29 ?        00:00:01 /usr/bin/dbus-daemon
> --session --address=systemd: --nofork --nopidfile --systemd-activation
> 
> This means that any application that wants to access files through dbus
> fails to do so, for example:

Afaics, this will affect any service which was started as a systemd
--user service. dbus is just one of them.

This was mentiond on IRC:

> <grawity> afaik, AFS tokens are stored as special keys in the
> keyring, nowadays... so it might work if afs was patched to look in
> the 'user' keyring, or if regular logins somehow joined systemd's
> session keyring instead of creating a new one
> <grawity> (CIFS has the same problem)

So this looks like something the openafs maintainers have to look into,
I've CCed their maintainers for their input.

Should we assign this to openafs? Is there something which needs to be
done on the systemd side, and if so, further information and help would
be welcome.

Regards,
Michael



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20161130/a108b3de/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list