Simon McVittie
2018-11-21 17:03:13 UTC
Control: reassign -1 systemd-shim
Control: severity -1 important
Control: retitle -1 systemd-shim: prevents calling GetDynamicUsers() and other recent APIs on systemd Manager
/etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf
/usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf
/usr/share/dbus-1/system.conf
Aha. Yes, in its current form, org.freedesktop.systemd-shim.conf is going
to break access to every systemd API that is meant to be public and was
added since systemd-shim forked it from systemd, because files in /etc
take precedence over files in /usr.
Workaround: purge the systemd-shim package (removing it is not enough,
because this is a conffile).
redundant with the implicit default-deny in system.conf, and is going to
break the file installed by the real systemd.
systemd should perhaps mitigate this bug for buster by moving its bus
configuration from /usr/share/dbus-1 back into /etc/dbus-1, and choosing
a filename that is higher precedence than systemd-shim's. (Sorry, I don't
immediately know whether that means earlier or later in ASCII order.)
smcv
Control: severity -1 important
Control: retitle -1 systemd-shim: prevents calling GetDynamicUsers() and other recent APIs on systemd Manager
... so perhaps you have a <deny> rule in /usr/share/dbus-1/system.d/*.conf
or in /etc/dbus-1/system.d/*.conf, with higher precedence,
that is interfering with those messages? If you search for
org.freedesktop.systemd1 or GetDynamicUsers in those files, what do
you get?
fgrep -i -l org.freedesktop.systemd1 /etc/dbus-1/system.d/*.conf /usr/share/dbus-1/system.d/*.conf /usr/share/dbus-1/system.confor in /etc/dbus-1/system.d/*.conf, with higher precedence,
that is interfering with those messages? If you search for
org.freedesktop.systemd1 or GetDynamicUsers in those files, what do
you get?
/etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf
/usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf
/usr/share/dbus-1/system.conf
to break access to every systemd API that is meant to be public and was
added since systemd-shim forked it from systemd, because files in /etc
take precedence over files in /usr.
Workaround: purge the systemd-shim package (removing it is not enough,
because this is a conffile).
===File /etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf===
...<busconfig>
...<policy context="default">
<deny send_destination="org.freedesktop.systemd1"/>
org.freedesktop.systemd-shim.conf should not have this Deny line. It's<deny send_destination="org.freedesktop.systemd1"/>
redundant with the implicit default-deny in system.conf, and is going to
break the file installed by the real systemd.
systemd should perhaps mitigate this bug for buster by moving its bus
configuration from /usr/share/dbus-1 back into /etc/dbus-1, and choosing
a filename that is higher precedence than systemd-shim's. (Sorry, I don't
immediately know whether that means earlier or later in ASCII order.)
smcv