Bug#1111711: systemd: Inconsistent override with the fix D-Bus policy for locale1 blocking

Grégory Marigot gmarigot at teicee.com
Thu Aug 21 12:05:11 BST 2025 

Package: systemd
Version: 257.7-1
Severity: normal
X-Debbugs-Cc: gmarigot at teicee.com

The context: since Trixie, it is no longer possible to use `localectl` to make changes.
For reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108144

The problem is that I was still able to use the command on some systems...
This means that restrictions are sometimes randomly ignored!

I guess this is due to misuse of the D-Bus configuration overrides :
- the "deny" policies are added in the folder `/usr/share/dbus-1/system.d/`
- this folder also contains the default "allow" policies
- but D-Bus configuration inclusions are not with a deterministic order
- so randomly we can have systems where "deny" are loaded before "allow" policies

While debugging, I found that renaming the file `systemd-localed-read-only.conf`
can change the behavior... But again, randomly (alphabetical order doesn't matter).

According to the D-Bus documentation https://dbus.freedesktop.org/doc/dbus-daemon.1.html :
> <includedir> Include all files. Files in the directory are included in undefined order.

Therefore I think there are two solutions to obtain consistent a override :
- add the "deny" policies into the same file that contains the "allow" policies
  (this involves modifying/patching the existing `org.freedesktop.locale1.conf`)
- or use another include directory, specially designed for the overrides
  (but other locations defined in `/etc/dbus-1/` are for administrators, not packages)

In conclusion, the problem is not blocking because it's just a new restriction
that isn't always enforced. But randomness can be very disturbing!

Thanks for your work ;)


-- Package-specific info:

-- System Information:
Debian Release: 13.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.41+deb13-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR:fr:en:C
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  libacl1            2.3.2-2+b1
ii  libapparmor1       4.1.0-1
ii  libc6              2.41-12
ii  libmount1          2.41-5
ii  libpam0g           1.7.0-5
ii  libseccomp2        2.6.0-2
ii  libselinux1        3.8.1-1
ii  libssl3t64         3.5.1-1
ii  libsystemd-shared  257.7-1
ii  libsystemd0        257.7-1
ii  mount              2.41-5

Versions of packages systemd recommends:
ii  chrony [time-daemon]            4.6.1-3
ii  dbus [default-dbus-system-bus]  1.16.2-2
ii  linux-sysctl-defaults           4.12
pn  systemd-cryptsetup              <none>

Versions of packages systemd suggests:
pn  libtss2-tcti-device0  <none>
pn  polkitd               <none>
pn  systemd-boot          <none>
pn  systemd-container     <none>
pn  systemd-homed         <none>
pn  systemd-repart        <none>
pn  systemd-resolved      <none>
pn  systemd-userdbd       <none>

Versions of packages systemd is related to:
ii  dbus-user-session  1.16.2-2
pn  dracut             <none>
ii  initramfs-tools    0.148.3
pn  libnss-systemd     <none>
ii  libpam-systemd     257.7-1
ii  udev               257.7-1

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list