Bug#914285: dbus: system bus logs repeated denials for session buses calling GetDynamicUsers() on systemd Manager lines

Simon McVittie smcv at debian.org
Wed Nov 21 15:20:53 GMT 2018 

Control: retitle -1 dbus: system bus logs repeated denials for session buses calling GetDynamicUsers() on systemd Manager

On Wed, 21 Nov 2018 at 15:29:37 +0100, Francesco Potortì wrote:
> dbus generates over 100 lines a day like this in auth.log:
> 
> Nov 21 13:20:39 tucano dbus-daemon[3507]: [system] Rejected send message, 4 matched rules; type="method_call", sender=":1.383314" (uid=1000 pid=2330 comm="/usr/bin/dbus-daemon --syslog --fork --print-pid 5") interface="org.freedesktop.systemd1.Manager" member="GetDynamicUsers" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/lib/systemd/systemd --system --deserialize 538 ")
> 
> This happens while I work at the console, but not when I work remotely.
> 
> Using the atop logs, I can tell that process 2330 was a dbus-daemon starting and ending at 13:20:39.

Code in the session dbus-daemon doesn't explicitly connect to the system
dbus-daemon and comunicate with pid 1, so I think this must be something
in a shared library that it uses, most likely libsystemd or a PAM module?

systemd installs a policy with

                <allow send_destination="org.freedesktop.systemd1"
                       send_interface="org.freedesktop.systemd1.Manager"
                       send_member="GetDynamicUsers"/>

so this is meant to be allowed.

"4 matched rules" is consistent with the matched rules being:

* <deny send_type="method_call"/> in /usr/share/dbus-1/system.conf
* <deny send_destination="org.freedesktop.systemd1"/>
  in /usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf
* the rule above in /usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf
* some other rule

... so perhaps you have a <deny> rule in /usr/share/dbus-1/system.d/*.conf
or in /etc/dbus-1/system.d/*.conf, with higher precedence,
that is interfering with those messages? If you search for
org.freedesktop.systemd1 or GetDynamicUsers in those files, what do
you get?

    smcv

More information about the Pkg-systemd-maintainers mailing list