Bug#914285: dbus: system bus logs repeated denials for session buses calling GetDynamicUsers() on systemd Manager lines

Simon McVittie smcv at debian.org
Wed Nov 21 17:03:13 GMT 2018


Control: reassign -1 systemd-shim
Control: severity -1 important
Control: retitle -1 systemd-shim: prevents calling GetDynamicUsers() and other recent APIs on systemd Manager

On Wed, 21 Nov 2018 at 17:24:41 +0100, Francesco Potortì wrote:
> >... so perhaps you have a <deny> rule in /usr/share/dbus-1/system.d/*.conf
> >or in /etc/dbus-1/system.d/*.conf, with higher precedence,
> >that is interfering with those messages? If you search for
> >org.freedesktop.systemd1 or GetDynamicUsers in those files, what do
> >you get?
> 
> fgrep -i -l org.freedesktop.systemd1 /etc/dbus-1/system.d/*.conf  /usr/share/dbus-1/system.d/*.conf  /usr/share/dbus-1/system.conf
> /etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf
> /usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf
> /usr/share/dbus-1/system.conf

Aha. Yes, in its current form, org.freedesktop.systemd-shim.conf is going
to break access to every systemd API that is meant to be public and was
added since systemd-shim forked it from systemd, because files in /etc
take precedence over files in /usr.

Workaround: purge the systemd-shim package (removing it is not enough,
because this is a conffile).

Real solution:

> ===File /etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf===
...
> <busconfig>
...
>         <policy context="default">
>                 <deny send_destination="org.freedesktop.systemd1"/>

org.freedesktop.systemd-shim.conf should not have this Deny line. It's
redundant with the implicit default-deny in system.conf, and is going to
break the file installed by the real systemd.

systemd should perhaps mitigate this bug for buster by moving its bus
configuration from /usr/share/dbus-1 back into /etc/dbus-1, and choosing
a filename that is higher precedence than systemd-shim's. (Sorry, I don't
immediately know whether that means earlier or later in ASCII order.)

    smcv



More information about the Pkg-systemd-maintainers mailing list